BILL ANALYSIS Ó AB 1172 Page 1 ASSEMBLY THIRD READING AB 1172 (Chau) As Introduced February 27, 2015 Majority vote ------------------------------------------------------------------- |Committee |Votes |Ayes |Noes | | | | | | | | | | | |----------------+------+--------------------+----------------------| |Privacy |11-0 |Gatto, Wilk, Baker, | | | | |Calderon, Chang, | | | | |Chau, Cooper, | | | | |Dababneh, Dahle, | | | | |Gordon, Low | | | | | | | |----------------+------+--------------------+----------------------| |Appropriations |17-0 |Gomez, Bigelow, | | | | |Bonta, Calderon, | | | | |Chang, Daly, | | | | |Eggman, Gallagher, | | | | | | | | | | | | | | |Eduardo Garcia, | | | | |Gordon, Holden, | | | | |Jones, Quirk, | | | | |Rendon, Wagner, | | | | |Weber, Wood | | | | | | | | | | | | ------------------------------------------------------------------- AB 1172 Page 2 SUMMARY: Creates a California Cyber Security Task Force (Task Force) within the Governor's Office of Emergency Services (OES) to act in an advisory capacity and make policy recommendations on cyber security for the State of California. Specifically, this bill: 1)Codifies the existence of the Task Force within OES. 2)Specifies the nine members of the Task Force. 3)Authorizes the Task Force to convene public and private stakeholders to act in an advisory capacity and compile policy recommendations on cyber security for the State of California. 4)Requires the Task Force to complete and issue a report of policy recommendations to the Governor's office and the Legislature on an annual basis, as specified. 5)Requires the Task Force to meet quarterly, or more often as necessitated by emergency circumstances, to ensure that the policy recommendations from the report are implemented and any necessary modifications that may arise are addressed in a timely manner. 6)Authorizes OES and California Institute of Technology (CalTech) to conduct the strategic direction of risk assessments performed by the Military Department's Computer Network Defense Team. 7)Creates within OES the position of a State Director of Cyber Security. AB 1172 Page 3 8)Requires the Task Force to perform certain functions, as specified. 1)Requires the Task Force to take all necessary steps to protect personal information and privacy, public and private sector data, and the constitutional rights and liberties of individuals, when implementing its duties. 2)Authorizes the Task Force to issue reports to the Governor's office and the Legislature detailing the Task Force's activities. 9)Authorizes the Task Force to engage or accept the services of agency or department personnel, accept the services of stakeholder organizations, and accept federal, private, or other non-state funding, to operate, manage, or conduct the business of the Task Force. 3)Requires each state department and agency to cooperate with the Task Force and furnish it with information and assistance that is necessary or useful. 10)Declares the provisions enacted by this bill to be inoperative and repealed as of January 1, 2020. FISCAL EFFECT: According to the Assembly Appropriations Committee, given the numerous functions and responsibilities of the task force, there would be need for two analysts, in addition to the executive director, at an ongoing General Fund cost of around $500,000. AB 1172 Page 4 To the extent the result of the task force's work minimizes the state's exposure from cyber attacks and related technology security issues, the state will avoid the costs of such disruptions, which could otherwise be significant. COMMENTS: 1)Purpose of this bill. This bill is intended to set forth in statute a formal structure and responsibilities for the Task Force, which is currently functioning as an ad hoc advisory body under OES. This bill is author-sponsored. 2)The work of the existing Task Force. OES and CalTech, acting at the direction of Governor Brown, created the Task Force to be "a statewide partnership comprised of key stakeholders, subject matter experts, [federal agencies], and cyber security professionals from California's public sector, private industry, academia, and law enforcement. The Task Force serves as an advisory body to the State of California Senior Administration Officials in matters related to Cybersecurity." The Task Force holds public meetings once per quarter. Its express mission is to "enhance the security of California digital infrastructure and to create a culture of cybersecurity through collaboration, information sharing, and education and awareness." The Task Force operates as an advisory body only - it has no formal authority, it takes no votes, it has no budget, and its membership is open and voluntary. It is currently comprised of seven subcommittees: risk mitigation; information sharing; workforce development and education; economic development; emergency preparedness; legislation and funding; and high tech and digital forensics. AB 1172 Page 5 Analysis Prepared by: Hank Dempsey / P. & C.P. / (916) 319-2200 FN: 0000629