BILL ANALYSIS                                                                                                                                                                                                    ”



                                                                    AB 1841


                                                                    Page  1





          ASSEMBLY THIRD READING


          AB  
          1841 (Irwin)


          As Amended  April 14, 2016


          Majority vote


           ------------------------------------------------------------------ 
          |Committee       |Votes|Ayes                  |Noes                |
          |                |     |                      |                    |
          |                |     |                      |                    |
          |                |     |                      |                    |
          |----------------+-----+----------------------+--------------------|
          |Privacy         |11-0 |Chau, Wilk, Baker,    |                    |
          |                |     |Calderon, Chang,      |                    |
          |                |     |Cooper, Dababneh,     |                    |
          |                |     |Gatto, Gordon, Low,   |                    |
          |                |     |Olsen                 |                    |
          |                |     |                      |                    |
          |----------------+-----+----------------------+--------------------|
          |Governmental    |21-0 |Gray, Bigelow, Alejo, |                    |
          |Organization    |     |Bonta, Campos,        |                    |
          |                |     |Cooley, Cooper, Daly, |                    |
          |                |     |Gallagher, Cristina   |                    |
          |                |     |Garcia, Eduardo       |                    |
          |                |     |Garcia, Gipson,       |                    |
          |                |     |                      |                    |
          |                |     |                      |                    |
          |                |     |Roger HernŠndez,      |                    |
          |                |     |                      |                    |
          |                |     |                      |                    |
          |                |     |Jones-Sawyer, Levine, |                    |
          |                |     |Linder, Maienschein,  |                    |








                                                                    AB 1841


                                                                    Page  2





          |                |     |Salas, Steinorth,     |                    |
          |                |     |Waldron, Wilk         |                    |
          |                |     |                      |                    |
          |----------------+-----+----------------------+--------------------|
          |Appropriations  |20-0 |Gonzalez, Bigelow,    |                    |
          |                |     |Bloom, Bonilla,       |                    |
          |                |     |Bonta, Calderon,      |                    |
          |                |     |Chang, Daly, Eggman,  |                    |
          |                |     |Gallagher, Eduardo    |                    |
          |                |     |Garcia, Roger         |                    |
          |                |     |HernŠndez, Holden,    |                    |
          |                |     |Jones, Obernolte,     |                    |
          |                |     |Quirk, Santiago,      |                    |
          |                |     |Wagner, Weber, Wood   |                    |
          |                |     |                      |                    |
          |                |     |                      |                    |
           ------------------------------------------------------------------ 


          SUMMARY:  Requires the state Office of Emergency Services (OES),  
          in conjunction with the California Department of Technology  
          (CDT), to develop a cybersecurity incident response plan for  
          cybersecurity attacks against critical infrastructure, and  
          further requires OES to jointly develop cybersecurity incident  
          response standards by January 1, 2018, with which all state  
          agencies must report compliance by January 1, 2019.   
          Specifically, this bill:  


          1)Requires, on or before July 1, 2017, OES, in conjunction with  
            CDT, to transmit to the Legislature the Cyber Security Annex  
            to the State Emergency Plan (SEP), a cybersecurity incident  
            response plan also known as Emergency Function 18 (or EF 18)  
            that includes, but is not limited to, all of the following:


               a)     Methods for providing emergency services;










                                                                    AB 1841


                                                                    Page  3





               b)     Command structure for statewide coordinated  
                 emergency services;


               c)     Emergency service roles of appropriate state  
                 agencies;


               d)     Identification of resources to be mobilized;


               e)     Public information plans; and,


               f)     Continuity of government services.


          1)Requires, on or before January 1, 2018, OES, in conjunction  
            with CDT, to develop cybersecurity incident response standards  
            for state agencies to prepare for cybersecurity interference  
            with, or compromise or incapacitation of, critical  
            infrastructure and the development of critical infrastructure  
            information, and to transmit critical infrastructure  
            information to OES.
          2)Requires the standards developed by OES to consider all of the  
            following factors: 


               a)     Costs to implement the standards;
               b)     Security of critical infrastructure information;


               c)     Centralized management of risk; and,


               d)     National private industry best practices.


          3)Requires each state agency to report to OES on its compliance  








                                                                    AB 1841


                                                                    Page  4





            with the OES cybersecurity standards, no later than January 1,  
            2019.
          4)Requires OES, in conjunction with CDT, to provide suggestions  
            for a state agency to improve its compliance with the OES  
            cybersecurity standards, if any, to specified public  
            officials. 


          5)Declares that a cybersecurity compliance report, and any  
            related communication records, are confidential and may not be  
            disclosed pursuant to the California Public Records Act. 


          6)Defines the terms "critical infrastructure," "critical  
            infrastructure information," "secretary," and "state agency."


          7)Makes findings and declarations relative to the importance of  
            cybersecurity of state networks. 


          FISCAL EFFECT:  According to the Assembly Appropriations  
          Committee: 


          1)Unknown costs to OES to complete EF 18.  This final piece of  
            the emergency services response plan has been pending  
            completion since 2011, and efforts are underway to complete  
            it.  Some additional resources may be required to support  
            necessary hardware, software, and development of a secure  
            database.


          2)Ongoing costs to OES of approximately $1 million General Fund  
            (GF) for data base management and Information Technology (IT)  
            Services Division and Critical Infrastructure Protection Unit  
            functions, once the project is complete.










                                                                    AB 1841


                                                                    Page  5





          COMMENTS:  This bill is intended to speed the creation of a  
          statewide cybersecurity incident response plan, also known as EF  
          18, and related incident response standards for state agencies,  
          by imposing statutory deadlines for the plan, standards, and  
          compliance reporting.  This bill is author-sponsored.  


          Analysis Prepared by:                        Hank Dempsey / P. &  
          C.P. / (916) 319-2200                          FN: 0003233