Bill Text: CA SB265 | 2023-2024 | Regular Session | Amended

NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Cybersecurity preparedness: critical infrastructure sectors.

Spectrum: Partisan Bill (Democrat 5-0)

Status: (Engrossed) 2023-07-11 - From committee: Do pass and re-refer to Com. on APPR. with recommendation: To consent calendar. (Ayes 6. Noes 0.) (July 10). Re-referred to Com. on APPR. [SB265 Detail]

Download: California-2023-SB265-Amended.html

Amended  IN  Senate  May 18, 2023

CALIFORNIA LEGISLATURE— 2023–2024 REGULAR SESSION

Senate Bill
No. 265

Introduced by Senator Hurtado
(Coauthor: Senator Umberg)(Coauthors: Senators Archuleta, Min, Rubio, and Umberg)

January 31, 2023

An act to add Section 8592.60 to amend Section 8592.50 of the Government Code, relating to emergency services.


LEGISLATIVE COUNSEL'S DIGEST


SB 265, as amended, Hurtado. Cybersecurity preparedness: critical infrastructure sectors.
Existing law, the California Emergency Services Act, among other things, creates the Office of Emergency Services (Cal OES), which is responsible for the state’s emergency and disaster response services, as specified. Existing law requires Cal OES to establish the California Cybersecurity Integration Center (Cal-CSIC) with the primary mission of reducing the likelihood and severity of cyber incidents that could damage California’s economy, its critical infrastructure, or public and private sector computer networks in the state. Existing law requires Cal-CSIC to provide warnings of cyberattacks to government agencies and nongovernmental partners, coordinate information sharing among these entities, assess risks to critical infrastructure information networks, enable cross-sector coordination and sharing of best practices and security measures, and support certain cybersecurity assessments, audits, and accountability programs. Existing law also requires Cal-CSIC to develop a statewide cybersecurity strategy to improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers, and to strengthen cyber emergency preparedness and response and expand cybersecurity awareness and public education. Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2024, a strategic, multiyear outreach plan to assist the food and agriculture sector and wastewater sector in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, those sectors in their efforts to improve security preparedness.
This bill would require Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2025, a strategic, multiyear outreach plan to assist critical infrastructure sectors, as defined, in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, that sector in their efforts to improve cybersecurity preparedness. The bill would make related findings and declarations.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: YES   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 The Legislature finds and declares all of the following:
(a) Cybersecurity preparedness is a crucial element in the prevention and mitigation of cyberattacks.
(b) The frequency of cyberattacks against critical infrastructure sectors continues to increase.
(c) A more concerted focus on cybersecurity will help ensure the safety of California’s critical infrastructure sectors.
(d) Those operating within these sectors can help the State of California by reporting when a significant and verified cyber threat is identified or an attack is underway.
(e) The potential damage from a cyberattack on a critical infrastructure sector could affect the livelihood of Californians.
(f) Better outreach regarding cybersecurity preparedness can increase awareness regarding the importance of cybersecurity.
SEC. 2.Section 8592.60 is added to the Government Code, to read:
8592.60.

(a)For purposes of this section, “critical infrastructure sectors” means the critical infrastructure sectors as defined by the United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials and waste sector, transportation systems sector, and water and wastewater systems sector.

(b)(1)The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of California’s critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:

(A)A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.

(B)The goal of the outreach plan.

(C)Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.

(D)An estimate of the funding needed to execute the outreach plan.

(E)Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.

(F)A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.

(2)The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2029, pursuant to Section 10231.5.

(c)(1)The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:

(A)A summary of the evaluation performed by the California Cybersecurity Integration Center.

(B)The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:

(i)Current overall funding level.

(ii)Potential funding sources.

(C)Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.

(2)The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2029, pursuant to Section 10231.5.

SEC. 2.

 Section 8592.50 of the Government Code is amended to read:

8592.50.
 (a) (1)The For purposes of this section, “critical infrastructure sectors” means the critical infrastructure sectors as defined by the United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials, and waste sector, transportation systems sector, and water and wastewater systems sector.
(b) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:
(A) A description of the need for greater cybersecurity outreach and assistance to the food and agriculture sector and the water and wastewater sector.
(B) The goal of the outreach plan.
(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for the food and agricultural sector and the water and wastewater sector.
(D) An estimate of the funding needed to execute the outreach plan.
(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.
(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.
(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2024. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2028, pursuant to Section 10231.5.

(b)

(c) (1) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in the food and agriculture sector or the water and wastewater sector with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2024, that includes, but is not limited to, all of the following:
(A) A summary of the evaluation performed by the California Cybersecurity Integration Center.
(B) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:
(i) Current overall funding level.
(ii) Potential funding sources.
(C) Potential voluntary actions that do not require funding and assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity preparedness.
(2) The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2028, pursuant to Section 10231.5.
(d) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of California’s critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:
(A) A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.
(B) The goal of the outreach plan.
(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.
(D) An estimate of the funding needed to execute the outreach plan.
(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.
(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.
(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025.
(e) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:
(1) A summary of the evaluation performed by the California Cybersecurity Integration Center.
(2) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:
(A) Current overall funding level.
(B) Potential funding sources.
(3) Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.
(f) The requirements for submitting the reports described in paragraph (2) of subdivision (c) and subdivision (d) are inoperative on January 1, 2029, pursuant to Section 10231.5.

LegiScan Search

View Top 50 Searches

Select area of search.
Find an exact bill number.
Search bill text and data. [help]
Reset

LegiScan Trends

View Top 50 National

LA SB420 Creates the crime of election fraud or forgery. (8/1/24) (EG SEE FISC NOTE...
IL HB3886 IDPH-PUBLIC HEALTH EMERGENCIES
AL SB186 Prohibit the use of any ranked-choice voting method in elections except...
CA AB637 Zero-emission vehicles: fleet owners: rental vehicles.
CT SB00143 An Act Concerning Evictions For Cause.
CA AB1896 Secure youth treatment facilities.
MS HB1079 Clean claim; clarify requirements for.
CA ACA14 University of California: basic state labor standards.
NY S09142 Provides for the licensure of dietitians and nutritionists; defines the...
CA SB1037 Planning and zoning: housing element: enforcement.
feedback