SB 949, as introduced, Jackson. Emergency services: critical infrastructure information.
The California Emergency Services Act requires the Governor to coordinate the State Emergency Plan and any programs necessary for the mitigation of the effects of an emergency in this state, as specified. The act also establishes, within the office of the Governor, the Office of Emergency Services and requires it to perform various duties with respect to specified emergency preparedness, mitigation, and response activities in the state.
This bill would authorize the Governor to require owners and operators of critical infrastructure to submit critical infrastructure information, as those terms are defined, to the Office of Emergency Services, or any other designee, for the purposes of gathering, analyzing, communicating, or disclosing critical infrastructure information, as provided.
The California Public Records Act requires state and local agencies to make their records available for public inspection, unless an exemption from disclosure applies. The act exempts from these disclosure requirements, among other documents, critical infrastructure information, as defined, that is voluntarily submitted to the Office of Emergency Services for use by that office.
This bill would provide that critical infrastructure information obtained pursuant to its provisions would be confidential and not subject to disclosure under the California Public Records Act, subpoena, or discovery, or admissible as evidence in any private civil action.
Existing constitutional provisions require that a statute that limits the right of access to the meetings of public bodies or the writings of public officials and agencies be adopted with findings demonstrating the interest protected by the limitation and the need for protecting that interest.
This bill would make legislative findings to that effect.
Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no.
The people of the State of California do enact as follows:
Section 8573.1 is added to the Government Code,
2to read:
(a) As used in this section, the following definitions
4shall apply:
5(1) “Critical infrastructure” means systems and assets so vital
6to the state that the incapacity or destruction of those systems or
7assets would have a debilitating impact on security, economic
8security, public health and safety, or any combination of those
9matters.
10(2) “Critical infrastructure information” means information not
11customarily in the public domain pertaining to any of the following:
12(A) Actual, potential, or threatened interference, or an attack
13on, compromise of, or incapacitation of critical infrastructure by
14either physical or
computer-based attack or other similar conduct,
15including the misuse of, or unauthorized access to, all types of
16communications and data transmission systems, that violates
17federal, state, or local law, harms economic security, or threatens
18public health or safety.
19(B) The ability of critical infrastructure to resist any interference,
20compromise, or incapacitation, including any planned or past
21assessment or estimate of the vulnerability of critical infrastructure,
22including security testing, risk evaluation, risk management
23planning, or risk audits.
24(C) Any planned or past operational problem or solution
25regarding critical infrastructure, including repair, recovery,
26reconstruction, insurance, or continuity, to the extent it is related
P3 1to interference, compromise, or incapacitation of critical
2infrastructure.
3(b) The
Governor may require owners and operators of critical
4infrastructure to submit critical infrastructure information to the
5Office of Emergency Services, or any other designee, for the
6following purposes:
7(1) To gather and analyze critical infrastructure information in
8order to better understand security problems and interdependencies
9related to critical infrastructure, so as to ensure the availability,
10integrity, and reliability of that critical infrastructure.
11(2) To communicate or disclose critical infrastructure
12information to help prevent, detect, mitigate, or recover from the
13effects of an interference, compromise, or incapacitation problem
14related to critical infrastructure.
15(c) Critical infrastructure information obtained pursuant to this
16section shall be confidential and privileged, and shall not be subject
17to
disclosure pursuant to the California Public Records Act
18(Chapter 3.5 (commencing with Section 6250) of Division 1 of
19Title 1), subpoena, or discovery, or admissible as evidence in any
20private civil action.
The Legislature finds and declares that Section 1 of
22this act, which adds Section 8573.1 to the Government Code,
23imposes a limitation on the public’s right of access to the meetings
24of public bodies or the writings of public officials and agencies
25within the meaning of Section 3 of Article I of the California
26Constitution. Pursuant to that constitutional provision, the
27Legislature makes the following findings to demonstrate the interest
28protected by this limitation and the need for protecting that interest:
29In order to promote effective emergency planning and to ensure
30that information about the state’s critical infrastructure, including
31information about threats to and vulnerabilities in that infrastructure
32and measures taken to protect it,
remains secure, it is necessary to
33limit the public’s right of access to this information.
O
99