AB 2595,
as amended, Linder. begin deleteLocal government: disaster preparedness: test exercises. end deletebegin insertCalifornia Cybersecurity Integration Center.end insert
Existing law authorizes the Governor to make, amend, and rescind orders and regulations to implement the California Emergency Services Act. The act requires the Governor to coordinate the State Emergency Plan and those programs necessary for the mitigation of the effects of an emergency in this state. The act creates within the office of the Governor the Office of Emergency Services, which is responsible for the state’s emergency and disaster response services, as specified.
end insertbegin insertBy Executive order in 2015, the Governor directed the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center, with its primary mission to reduce the likelihood and severity of cyber incidents that could damage California’s economy, its critical infrastructure, or public and private sector computer networks in the state.
end insertbegin insertThe Executive order, among other things, required that the California Cybersecurity Integration Center be comprised of representatives from various entities, and that it develop a statewide cybersecurity strategy informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices.
end insertbegin insertThis bill would establish in statute the California Cybersecurity Integration Center (Cal-CSIC) within the Office of Emergency Services to develop a cybersecurity strategy for California in coordination with the Cybersecurity Task Force. The bill would provide that Cal-CSIC would have the same primary mission as Cal-CSIC as created by Executive order. The bill would require Cal-CSIC to include, but not be limited to, representatives from the Office of Emergency Services, the Office of Information Security in the Department of Technology, the State Threat Assessment Center, the Department of the California Highway Patrol, the California Military Department, the Office of the Attorney General, the Health and Human Services Agency, and others.
end insertbegin insertThe bill would authorize the Director of Emergency Services, as specified, to administer, authorize, and allocate federal homeland security grant funding and would require the director to prioritize grant funding for prevention measures undertaken by the Office of Information Security in the Department of Technology in furtherance of a specified provision of the Governor’s Executive order. The bill also would specify the authority of the Director of Emergency Services to administer the grant programs to respond to statewide emergencies requiring immediate attention.
end insertExisting law, the California Emergency Services Act, authorizes any city or county to create by ordinance a disaster council for developing plans for meeting any condition constituting a local emergency or state of emergency. Existing law also authorizes any city or county to provide for the calling of test exercises, either singularly or jointly, whenever, in the opinion of those political subdivisions, those test exercises are needed.
end deleteThis bill would instead require cities and counties to provide for the calling of those test exercises at least twice per year and whenever needed. By requiring these actions by a local agency, this bill would impose a state-mandated local program.
end deleteThe California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
end deleteThis bill would provide that, if the Commission on State Mandates determines that the bill contains costs mandated by the state, reimbursement for those costs shall be made pursuant to these statutory provisions.
end deleteVote: majority.
Appropriation: no.
Fiscal committee: yes.
State-mandated local program: begin deleteyes end deletebegin insertnoend insert.
The people of the State of California do enact as follows:
begin insertSection 8586.5 is added to the end insertbegin insertGovernment Codeend insertbegin insert,
2to read:end insert
(a) There is established within the Governor’s Office
4of Emergency Services the California Cybersecurity Integration
5Center (Cal-CSIC), which shall develop a cybersecurity strategy
6for California in coordination with the Cybersecurity Task Force.
7That strategy shall be developed in accordance with state and
8federal requirements, consistent with applicable standards and
9best practices.
10
(b) The primary mission of the California Cybersecurity
11Integration Center is to reduce the likelihood and severity of cyber
12incidents that could damage California’s economy, its critical
13infrastructure, or public and private sector computer networks in
14our state.
15
(c) The California Cybersecurity
Integration Center shall
16include, but not be limited to, representatives from all of the
17following organizations:
18
(1) Governor’s Office of Emergency Services.
19
(2) Department of Technology, Office of Information Security.
20
(3) State Threat Assessment Center.
21
(4) California Highway Patrol.
22
(5) California Military Department.
23
(6) Office of the Attorney General.
24
(7) Health and Human Services Agency.
25
(8) California Utilities Emergency Association.
26
(9) California State University.
27
(10) University of California.
28
(11) California Community Colleges.
29
(d) (1) The Director of Emergency Services, in consultation
30with the Office of Information Security of the Department of
31Technology or the Cybersecurity Task Force, or both, may
P4 1administer, authorize, and allocate federal homeland security
2grant funding in accordance with federal grant guidelines and
3shall prioritize grant funding for prevention measures undertaken
4by the Office of Information Security of the Department of
5Technology in furtherance of the provision in the Governor’s
6Executive order B-34-15 (Aug. 31, 2015) that directs state
7departments and agencies to “ensure compliance with existing
8information security and privacy
policies, promote awareness of
9information security standards with their workforce.”
10
(2) Nothing shall preclude the Director of Emergency Services
11from administering the grant programs to respond to statewide
12emergencies requiring immediate attention.
13
(3) For purposes of this subdivision:
14
(A) “Prevention measures” include, but are not limited to, risk
15assessments as prescribed in Section 11549.3 of the Government
16Code and compliance with the guidelines in Section 5300 and
17following of the State Administrative Manual and with the
18Statewide Information Management Manual guidelines.
19
(B) “Federal homeland security grant funding” refers to the
20federal Homeland Security Grant Program as authorized by the
21Federal Emergency Management Agency and the United
States
22Department of Homeland Security.
Section 8611 of the Government Code is amended
24to read:
Counties, cities and counties, and cities shall provide for
26the calling of test exercises, either singularly or jointly, whenever,
27in the opinion of those political subdivisions, those test exercises
28are
needed, but at least twice per year; provided, however, that
29with respect to any such test exercise no one shall have the power
30to command the assistance of any private citizen, and the failure
31of a citizen to obey any order or regulation pertaining to a test
32exercise shall not constitute a violation of any law.
If the Commission on State Mandates determines that
34this act contains costs mandated by the state, reimbursement to
35local agencies and school districts for those costs shall be made
36pursuant to Part 7 (commencing with Section 17500) of Division
374 of Title 2 of the Government Code.
O
97