Streamlining Python Development: A Guide to a Modern Project Setup
California Cyber Security Task Force - Status August 2014
1. CONTINUED
SENATE RULES COMMITTEE
Office of Senate Floor Analyses
1020 N Street, Suite 524
(916) 651-1520 Fax: (916) 327-4478
AB 2200
THIRD READING
Bill No: AB 2200
Author: John A. Pérez (D)
Amended: 8/30/14 in Senate
Vote: 21
SENATE GOVERNMENTAL ORGANIZATION COMMITTEE: 8-1, 6/24/14
AYES: Correa, Cannella, De León, Galgiani, Hernandez, Lieu, Padilla, Torres
NOES: Vidak
NO VOTE RECORDED: Berryhill, Vacancy
SENATE APPROPRIATIONS COMMITTEE: 5-0, 8/14/14
AYES: De León, Hill, Lara, Padilla, Steinberg
NO VOTE RECORDED: Walters, Gaines
ASSEMBLY FLOOR: 74-3, 5/28/14 - See last page for vote
SUBJECT: California Cyber Security Steering Committee
SOURCE: Author
DIGEST: This bill creates a 13-member California Cyber Security Steering
Committee (Committee) in the Governor’s Office of Emergency Services (OES);
continues in existence the California Cyber Security Task Force (Task Force); and
requires the Committee to seek to implement the policy recommendations of the
Task Force based on specified priorities. Sunsets the provisions of this bill on
January 1, 2020.
Senate Floor Amendments of 8/30/14 delete the provision requiring the Task Force
to operate within the current information technology budget of departments and
agencies they serve; and make a clarifying change.
2. AB 2200
Page 2
Senate Floor Amendments of 8/22/14 substitute the creation of a Committee
instead of a California Cyber Security Commission, and continue in existence the
Task Force.
CONTINUED
ANALYSIS:
Existing law:
1. Establishes the Department of Technology (DOT) within the Government
Operations Agency, responsible for establishing and enforcing state
information technology strategic plans, policies, standards, and enterprise
architecture. The Director of DOT is the State Chief Information Officer, and
is responsible for enhancing the security, reliability, and quality of information
technology networks, services, and systems.
2. Requires each state agency to have a chief information officer who is
appointed by the head of the state entity, and is responsible for supervising all
information technology, including information security.
3. Establishes the Office of Information Security (OIS), within DOT, which is
responsible for ensuring the confidentiality, integrity, and availability of state
systems and applications. Requires the OIS to develop an information security
program and establish policies, standards, and procedures directing state
agencies to effectively manage security and risk.
4. Establishes OES to provide critical infrastructure protection and related
emergency response.
This bill:
1. Makes various legislative findings and declarations relative to the state’s
growing dependence on technology which has made it increasingly vulnerable
technically, legally, and financially to both foreign and domestic cybersecurity
attacks and that for the purposes of public safety and protection of public
assets, the state has a role in coordinating and improving its overall security
and response capabilities.
2. Continues in existence the Task Force, created in OES and DOT.
3. Requires OES and DOT to convene stakeholders, both public and private, to
act in an advisory capacity and compile policy recommendations on cyber
3. AB 2200
Page 3
security for the state. Requires the Task Force to complete and issue a report
of policy recommendations to the Governor’s Office and Legislature.
4. Requires the Task Force to meet at least quarterly within existing resources to
ensure the policy recommendations from the report are implemented and any
necessary modifications which may arise are addressed in a timely manner.
5. Requires OES and DOT to collaborate with the Committee to help streamline
implementation of policy recommendations set forth in the Task Force’s
report. Also, requires that this collaboration be guided by specific priorities as
described in this bill.
6. Authorizes OES and DOT to conduct the strategic direction of risk assessments
performed by the Military Department’s Computer Network Defense Team as
budgeted in the Budget Act of 2014.
7. Creates the Committee within OES consisting of 13 members, as specified.
Stipulates that members of the Committee will meet at least quarterly and
serve without compensation, except that members will be entitled to receive
actual and necessary travel expenses while on official business of the
Committee. Provides that representatives appointed by the Governor, Speaker
of the Assembly, or Senate Rules Committee shall serve a two-year term; any
designee shall serve at the pleasure of the official who designated them; and
provides that eight members will constitute a quorum.
8. Requires the Committee to seek to implement the policy recommendation of
CONTINUED
the Task Force based on the following priorities:
A. Developing cyber prevention, defense, and response strategies and
defining a hierarchy of command within the state.
B. Partnering with the United States Department of Homeland Security to
develop an appropriate information sharing system to effectively
disseminate cyber threat and response information and data to relevant
private and public sector entities.
C. Providing recommendations for information technology security
standards.
D. Compiling and integrating the research conducted by academic
institutions, federal laboratories, and other cybersecurity experts.
4. AB 2200
Page 4
E. Expanding the state’s public-private cybersecurity partnership network
CONTINUED
both domestically and internationally.
F. Developing and providing training programs with the state’s higher
education and labor entities to produce a credentialed and qualified
state cybersecurity taskforce.
G. Expanding collaboration with the state’s law enforcement apparatus.
H. Proposing potential operational or functional enhancement, as well as
investment or spending recommendation and guidance.
I. Coordinating the pursuit of fiscal resources to enhance the state’s
cybersecurity, information technology, data privacy, cyber research,
and technology-based emergency response capabilities.
9. Authorizes the Task Force to issue reports to the Governor and the Legislature
detailing the activities of the Task Force, including, but not limited to, progress
on the Task Force’s tasks and actions taken and recommended in response to
an incident, as appropriate.
10. Requires the Task Force to engage or accept (a) the services of agency or
department personnel, (b) the services of stakeholder organizations, and (c)
federal, private, or other nonstate funding, to operate, manage, or conduct the
business of the Task Force.
11. Requires each department and agency to cooperate with the commission and
furnish it with information and assistance necessary or useful to further the
purposes of this bill.
12. Contains a January 1, 2020 sunset provision.
Background
The OIS is the primary state office charged with protecting state information and
ensuring confidentiality, integrity, and availability of state systems and
applications. In short, OIS is responsible, along with other agencies, for ensuring
the state’s cybersecurity. However, various other programs and agencies have
roles related to managing the state’s cybersecurity.
5. AB 2200
Page 5
In May 2013, the Governor’s Office convened the Task Force to assess
departmental technology systems and assemble key stakeholders to discuss
cybersecurity issues. The state has made a number of cybersecurity investments,
including: funding research at Lawrence Livermore Laboratories and augmenting
the cybersecurity unit within the California National Guard. In addition, numerous
academic and private sector organizations are working on the issue of
cybersecurity.
FISCAL EFFECT: Appropriation: No Fiscal Com.: Yes Local: No
CONTINUED
Unknown with latest amendments.
SUPPORT: (Verified 8/25/14)
Bay Area Council
League of California Cities
Risk and Insurance Management Society
San Diego Regional Economic Development Corporation
SMUD
OPPOSITION: (Verified 8/25/14)
Office of the San Diego County District Attorney
ARGUMENTS IN SUPPORT: The League of California Cities writes that this
bill places cybersecurity on more solid footing, with enhanced visibility and
importance within the state policymaking arena. This is an issue of rapidly
increasing importance that not only affects the financial data of businesses and
personal data of private individuals, but has national security implications - as
evidenced by the fact that the U.S. Defense Department has taken a leading role, in
part due to concerns about potential cyber-attacks launched by other nations.
Closer to home, California municipalities, to the degree they are digitizing their
financial and other data and engaging in electronic transactions, are also at risk, so
this is and will remain a critical issue for many of our larger cities.
ARGUMENTS IN OPPOSITION: The Office of the San Diego County
District Attorney writes, “we believe this proposal is misguided and will have a
deleterious effect on the work that is currently being done in this region served by
our Computer and Technology Crime High-Tech Response Team (CATCH). For
the past several years, the legislature has decreased our funding, leading to budget
uncertainty that jeopardized the very existences of these critical teams. The state
6. AB 2200
Page 6
even disbanded the Advanced Training Division (ATC), which provided critical
training for these task forces. Incredibly, despite the state’s damaging actions over
the past several years, our task force has increased investigations and prosecutions.
Now, AB 2200 seeks to deliver what can only be described as life-threatening
blow to the very law enforcement groups who are the most knowledgeable about
one of the fastest growing and economically threatening criminal trends in our
communities.”
ASSEMBLY FLOOR: 74-3, 5/28/14
AYES: Achadjian, Alejo, Allen, Ammiano, Bigelow, Bloom, Bocanegra, Bonilla,
Bonta, Bradford, Brown, Buchanan, Ian Calderon, Campos, Chau, Chesbro,
Conway, Cooley, Dababneh, Dahle, Daly, Dickinson, Eggman, Fong, Fox,
Garcia, Gatto, Gomez, Gonzalez, Gordon, Gorell, Gray, Grove, Hagman, Hall,
Harkey, Roger Hernández, Holden, Jones, Jones-Sawyer, Levine, Linder,
Logue, Lowenthal, Maienschein, Medina, Melendez, Mullin, Muratsuchi,
Nazarian, Nestande, Olsen, Pan, Patterson, Perea, John A. Pérez, V. Manuel
Pérez, Quirk, Quirk-Silva, Rendon, Ridley-Thomas, Rodriguez, Salas, Skinner,
Stone, Ting, Wagner, Waldron, Weber, Wieckowski, Wilk, Williams, Yamada,
Atkins
NOES: Donnelly, Beth Gaines, Mansoor
NO VOTE RECORDED: Chávez, Frazier, Vacancy
MW:d 8/30/14 Senate Floor Analyses
SUPPORT/OPPOSITION: SEE ABOVE
**** END ****