Bill Text: CA AB2695 | 2021-2022 | Regular Session | Amended

California Assembly Bill 2695 (Prior Session Legislation)

NOTE: There are more recent revisions of this legislation. Read Latest Draft

Bill Title: California State University: Cybersecurity Regional Alliances and Multistakeholder Partnerships Pilot Program.

Spectrum: Partisan Bill (Democrat 3-0)

Status: (Introduced - Dead) 2022-05-19 - In committee: Held under submission. [AB2695 Detail]

Download: California-2021-AB2695-Amended.html

Amended IN Assembly March 17, 2022

CALIFORNIA LEGISLATURE— 2021–2022 REGULAR SESSION

Assembly Bill

No. 2695

Introduced by Assembly Member Berman

February 18, 2022

An act to amend Section 8586.5 of the Government Code, relating to cybersecurity.

LEGISLATIVE COUNSEL'S DIGEST

AB 2695, as amended, Berman. Cybersecurity ~~workforce.~~ workforce: California Cybersecurity Integration Center: statewide cybersecurity strategy.

Existing law establishes the California Cybersecurity Integration Center within the Office of Emergency Services, the primary mission of which is to reduce the likelihood and severity of cyber incidents that could damage California’s economy, its critical infrastructure, or computer networks in the state. Existing law requires the center to develop a statewide cybersecurity strategy that, among other things, deepens expertise among California’s workforce of cybersecurity professionals.
This bill would also require the statewide cybersecurity strategy to increase opportunities to meet the cybersecurity workforce demand.
Existing law requires a person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, to disclose a breach of the security of the system following discovery or notification of the breach in the security of the data to a resident of California, as prescribed.
~~This bill would state the intent of the Legislature to enact legislation that would relate to increasing opportunities to meet the cybersecurity workforce demand.~~

Vote: MAJORITY Appropriation: NO Fiscal Committee: NOYES Local Program: NO

The people of the State of California do enact as follows:

SECTION 1.

The Legislature finds and declares all of the following:

(a) The demand for cybersecurity workers is growing far faster than the supply, driven by an increasing number of cyberattacks.

(b) California and the country face a cybersecurity workforce shortage with over 63,000 open positions in the state and over 500,000 cybersecurity openings across the country.

(c) There is a need to develop a pipeline of workers to ensure current and future workforce availability in cybersecurity roles.

SEC. 2.
~~It is the intent of the Legislature to enact legislation that would relate to increasing opportunities to meet the cybersecurity workforce demand.~~

SEC. 2.

Section 8586.5 of the Government Code is amended to read:

8586.5.

(a) The Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Center’s primary mission is to reduce the likelihood and severity of cyber incidents that could damage California’s economy, its critical infrastructure, or public and private sector computer networks in our state. The California Cybersecurity Integration Center shall serve as the central organizing hub of state government’s cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from the following organizations:

(1) The Office of Emergency Services.

(2) The Office of Information Security.

(3) The State Threat Assessment Center.

(4) The Department of the California Highway Patrol.

(5) The Military Department.

(6) The Office of the Attorney General.

(7) The California Health and Human Services Agency.

(8) The California Utilities Emergency Association.

(9) The California State University.

(10) The University of California.

(11) The California Community Colleges.

(12) The United States Department of Homeland Security.

(13) The United States Federal Bureau of Investigation.

(14) The United States Secret Service.

(15) The United States Coast Guard.

(16) Other members as designated by the Director of Emergency Services.

(b) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security —– National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall provide warnings of cyberattacks to government agencies and nongovernmental partners, coordinate information sharing among these entities, assess risks to critical infrastructure and information technology networks, prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks, enable cross-sector coordination and sharing of recommended best practices and security measures, and support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of California’s agencies and departments.

(c) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall be developed to improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy shall also strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among California’s workforce of cybersecurity professionals, increase opportunities to meet the cybersecurity workforce demand, and expand cybersecurity awareness and public education.

(d) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as California’s primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also assist law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented in the California Cybersecurity Integration Center.

(e) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals, safeguards sensitive information, preserves business confidentiality, and enables public officials to detect, investigate, respond to, and prevent cyberattacks that threaten public health and safety, economic stability, and national security.