AB 2813: California Cybersecurity Integration Center.

Existing law authorizes the Governor to make, amend, and rescind orders and regulations to implement the California Emergency Services Act. The act requires the Governor to coordinate the State Emergency Plan and those programs necessary for the mitigation of the effects of an emergency in this state. The act creates within the office of the Governor the Office of Emergency Services, which is responsible for the states emergency and disaster response services, as specified.

By Executive order in 2015, the Governor directed the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center (Cal-CSIC), with its primary mission to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state.

The Executive order, among other things, required that the Cal-CSIC be comprised of representatives from various entities, and that it develop a statewide cybersecurity strategy informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices.

This bill would establish in statute the Cal-CSIC within the Office of Emergency Services, the primary mission of which is the same as Cal-CSIC as created by Executive order. The bill would require Cal-CSIC to include representatives from the Office of Emergency Services, the Office of Information Security in the Department of Technology, the State Threat Assessment Center, the Department of the California Highway Patrol, the Military Department, the Office of the Attorney General, the California Health and Human Services Agency, and others.

The bill would incorporate language of the Executive order to, among other things, require Cal-CSIC to coordinate with the California State Threat Assessment System and the United States Department of Homeland Security, establish a cyber incident response team, and safeguard the privacy of individuals sensitive information.