BILL NUMBER: AB 2595	AMENDED
	BILL TEXT

	AMENDED IN ASSEMBLY  MARCH 30, 2016
	AMENDED IN ASSEMBLY  MARCH 17, 2016

INTRODUCED BY   Assembly Member Linder

                        FEBRUARY 19, 2016

    An act to amend Section 8611 of the Government Code,
relating to disaster preparedness.   An act to add
Section 8586.5 to the Government Code, relating to emergency service
  s. 



	LEGISLATIVE COUNSEL'S DIGEST


   AB 2595, as amended, Linder.  Local government: disaster
preparedness: test exercises.   California Cybersecurity
Integration Center.  
   Existing law authorizes the Governor to make, amend, and rescind
orders and regulations to implement the California Emergency Services
Act. The act requires the Governor to coordinate the State Emergency
Plan and those programs necessary for the mitigation of the effects
of an emergency in this state. The act creates within the office of
the Governor the Office of Emergency Services, which is responsible
for the state's emergency and disaster response services, as
specified.  
   By Executive order in 2015, the Governor directed the Office of
Emergency Services to establish and lead the California Cybersecurity
Integration Center, with its primary mission to reduce the
likelihood and severity of cyber incidents that could damage
California's economy, its critical infrastructure, or public and
private sector computer networks in the state.  
   The Executive order, among other things, required that the
California Cybersecurity Integration Center be comprised of
representatives from various entities, and that it develop a
statewide cybersecurity strategy informed by recommendations from the
California Task Force on Cybersecurity and in accordance with state
and federal requirements, standards, and best practices.  
   This bill would establish in statute the California Cybersecurity
Integration Center (Cal-CSIC) within the Office of Emergency Services
to develop a cybersecurity strategy for California in coordination
with the Cybersecurity Task Force. The bill would provide that
Cal-CSIC would have the same primary mission as Cal-CSIC as created
by Executive order. The bill would require Cal-CSIC to include, but
not be limited to, representatives from the Office of Emergency
Services, the Office of Information Security in the Department of
Technology, the State Threat Assessment Center, the Department of the
California Highway Patrol, the California Military Department, the
Office of the Attorney General, the Health and Human Services Agency,
and others.  
   The bill would authorize the Director of Emergency Services, as
specified, to administer, authorize, and allocate federal homeland
security grant funding and would require the director to prioritize
grant funding for prevention measures undertaken by the Office of
Information Security in the Department of Technology in furtherance
of a specified provision of the Governor's Executive order. The bill
also would specify the authority of the Director of Emergency
Services to administer the grant programs to respond to statewide
emergencies requiring immediate attention.  
   Existing law, the California Emergency Services Act, authorizes
any city or county to create by ordinance a disaster council for
developing plans for meeting any condition constituting a local
emergency or state of emergency. Existing law also authorizes any
city or county to provide for the calling of test exercises, either
singularly or jointly, whenever, in the opinion of those political
subdivisions, those test exercises are needed.  
   This bill would instead require cities and counties to provide for
the calling of those test exercises at least twice per year and
whenever needed. By requiring these actions by a local agency, this
bill would impose a state-mandated local program.  
   The California Constitution requires the state to reimburse local
agencies and school districts for certain costs mandated by the
state. Statutory provisions establish procedures for making that
reimbursement.  
   This bill would provide that, if the Commission on State Mandates
determines that the bill contains costs mandated by the state,
reimbursement for those costs shall be made pursuant to these
statutory provisions. 
   Vote: majority. Appropriation: no. Fiscal committee: yes.
State-mandated local program:  yes   no  .


THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:

   SECTION 1.    Section 8586.5 is added to the 
 Government Code   , to read:  
   8586.5.  (a) There is established within the Governor's Office of
Emergency Services the California Cybersecurity Integration Center
(Cal-CSIC), which shall develop a cybersecurity strategy for
California in coordination with the Cybersecurity Task Force. That
strategy shall be developed in accordance with state and federal
requirements, consistent with applicable standards and best
practices.
   (b) The primary mission of the California Cybersecurity
Integration Center is to reduce the likelihood and severity of cyber
incidents that could damage California's economy, its critical
infrastructure, or public and private sector computer networks in our
state.
   (c) The California Cybersecurity Integration Center shall include,
but not be limited to, representatives from all of the following
organizations:
   (1) Governor's Office of Emergency Services.
   (2) Department of Technology, Office of Information Security.
   (3) State Threat Assessment Center.
   (4) California Highway Patrol.
   (5) California Military Department.
   (6) Office of the Attorney General.
   (7) Health and Human Services Agency.
   (8) California Utilities Emergency Association.
   (9) California State University.
   (10) University of California.
   (11) California Community Colleges.
   (d) (1) The Director of Emergency Services, in consultation with
the Office of Information Security of the Department of Technology or
the Cybersecurity Task Force, or both, may administer, authorize,
and allocate federal homeland security grant funding in accordance
with federal grant guidelines and shall prioritize grant funding for
prevention measures undertaken by the Office of Information Security
of the Department of Technology in furtherance of the provision in
the Governor's Executive order B-34-15 (Aug. 31, 2015) that directs
state departments and agencies to "ensure compliance with existing
information security and privacy policies, promote awareness of
information security standards with their workforce."
   (2) Nothing shall preclude the Director of Emergency Services from
administering the grant programs to respond to statewide emergencies
requiring immediate attention.
   (3) For purposes of this subdivision:
   (A) "Prevention measures" include, but are not limited to, risk
assessments as prescribed in Section 11549.3 of the Government Code
and compliance with the guidelines in Section 5300 and following of
the State Administrative Manual and with the Statewide Information
Management Manual guidelines.
   (B) "Federal homeland security grant funding" refers to the
federal Homeland Security Grant Program as authorized by the Federal
Emergency Management Agency and the United States Department of
Homeland Security.  
  SECTION 1.    Section 8611 of the Government Code
is amended to read:
   8611.  Counties, cities and counties, and cities shall provide for
the calling of test exercises, either singularly or jointly,
whenever, in the opinion of those political subdivisions, those test
exercises are needed, but at least twice per year; provided, however,
that with respect to any such test exercise no one shall have the
power to command the assistance of any private citizen, and the
failure of a citizen to obey any order or regulation pertaining to a
test exercise shall not constitute a violation of any law. 

  SEC. 2.    If the Commission on State Mandates
determines that this act contains costs mandated by the state,
reimbursement to local agencies and school districts for those costs
shall be made pursuant to Part 7 (commencing with Section 17500) of
Division 4 of Title 2 of the Government Code.