BILL ANALYSIS �Ó
AB 1841
Page 1
ASSEMBLY THIRD READING
AB
1841 (Irwin)
As Amended April 14, 2016
Majority vote
------------------------------------------------------------------
|Committee |Votes|Ayes |Noes |
| | | | |
| | | | |
| | | | |
|----------------+-----+----------------------+--------------------|
|Privacy |11-0 |Chau, Wilk, Baker, | |
| | |Calderon, Chang, | |
| | |Cooper, Dababneh, | |
| | |Gatto, Gordon, Low, | |
| | |Olsen | |
| | | | |
|----------------+-----+----------------------+--------------------|
|Governmental |21-0 |Gray, Bigelow, Alejo, | |
|Organization | |Bonta, Campos, | |
| | |Cooley, Cooper, Daly, | |
| | |Gallagher, Cristina | |
| | |Garcia, Eduardo | |
| | |Garcia, Gipson, | |
| | | | |
| | | | |
| | |Roger Hernández, | |
| | | | |
| | | | |
| | |Jones-Sawyer, Levine, | |
| | |Linder, Maienschein, | |
�
AB 1841
Page 2
| | |Salas, Steinorth, | |
| | |Waldron, Wilk | |
| | | | |
|----------------+-----+----------------------+--------------------|
|Appropriations |20-0 |Gonzalez, Bigelow, | |
| | |Bloom, Bonilla, | |
| | |Bonta, Calderon, | |
| | |Chang, Daly, Eggman, | |
| | |Gallagher, Eduardo | |
| | |Garcia, Roger | |
| | |Hernández, Holden, | |
| | |Jones, Obernolte, | |
| | |Quirk, Santiago, | |
| | |Wagner, Weber, Wood | |
| | | | |
| | | | |
------------------------------------------------------------------
SUMMARY: Requires the state Office of Emergency Services (OES),
in conjunction with the California Department of Technology
(CDT), to develop a cybersecurity incident response plan for
cybersecurity attacks against critical infrastructure, and
further requires OES to jointly develop cybersecurity incident
response standards by January 1, 2018, with which all state
agencies must report compliance by January 1, 2019.
Specifically, this bill:
1)Requires, on or before July 1, 2017, OES, in conjunction with
CDT, to transmit to the Legislature the Cyber Security Annex
to the State Emergency Plan (SEP), a cybersecurity incident
response plan also known as Emergency Function 18 (or EF 18)
that includes, but is not limited to, all of the following:
a) Methods for providing emergency services;
�
AB 1841
Page 3
b) Command structure for statewide coordinated
emergency services;
c) Emergency service roles of appropriate state
agencies;
d) Identification of resources to be mobilized;
e) Public information plans; and,
f) Continuity of government services.
1)Requires, on or before January 1, 2018, OES, in conjunction
with CDT, to develop cybersecurity incident response standards
for state agencies to prepare for cybersecurity interference
with, or compromise or incapacitation of, critical
infrastructure and the development of critical infrastructure
information, and to transmit critical infrastructure
information to OES.
2)Requires the standards developed by OES to consider all of the
following factors:
a) Costs to implement the standards;
b) Security of critical infrastructure information;
c) Centralized management of risk; and,
d) National private industry best practices.
3)Requires each state agency to report to OES on its compliance
�
AB 1841
Page 4
with the OES cybersecurity standards, no later than January 1,
2019.
4)Requires OES, in conjunction with CDT, to provide suggestions
for a state agency to improve its compliance with the OES
cybersecurity standards, if any, to specified public
officials.
5)Declares that a cybersecurity compliance report, and any
related communication records, are confidential and may not be
disclosed pursuant to the California Public Records Act.
6)Defines the terms "critical infrastructure," "critical
infrastructure information," "secretary," and "state agency."
7)Makes findings and declarations relative to the importance of
cybersecurity of state networks.
FISCAL EFFECT: According to the Assembly Appropriations
Committee:
1)Unknown costs to OES to complete EF 18. This final piece of
the emergency services response plan has been pending
completion since 2011, and efforts are underway to complete
it. Some additional resources may be required to support
necessary hardware, software, and development of a secure
database.
2)Ongoing costs to OES of approximately $1 million General Fund
(GF) for data base management and Information Technology (IT)
Services Division and Critical Infrastructure Protection Unit
functions, once the project is complete.
�
AB 1841
Page 5
COMMENTS: This bill is intended to speed the creation of a
statewide cybersecurity incident response plan, also known as EF
18, and related incident response standards for state agencies,
by imposing statutory deadlines for the plan, standards, and
compliance reporting. This bill is author-sponsored.
Analysis Prepared by: Hank Dempsey / P. &
C.P. / (916) 319-2200 FN: 0003233