Bill Text: CA SB265 | 2023-2024 | Regular Session | Amended
Bill Title: Cybersecurity preparedness: critical infrastructure sectors.
Spectrum: Partisan Bill (Democrat 5-0)
Status: (Engrossed) 2024-08-15 - August 15 hearing: Held in committee and under submission. [SB265 Detail]
Download: California-2023-SB265-Amended.html
Amended
IN
Senate
May 18, 2023 |
Introduced by Senator Hurtado |
January 31, 2023 |
LEGISLATIVE COUNSEL'S DIGEST
Digest Key
Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NOBill Text
The people of the State of California do enact as follows:
SECTION 1.
The Legislature finds and declares all of the following:(a)For purposes of this section, “critical infrastructure sectors” means the critical infrastructure sectors as defined by the United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials and waste sector, transportation systems sector, and water and wastewater systems sector.
(b)(1)The office shall direct
the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of California’s critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:
(A)A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.
(B)The goal of the outreach plan.
(C)Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.
(D)An estimate of the funding needed to execute the outreach plan.
(E)Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.
(F)A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.
(2)The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2029, pursuant to Section 10231.5.
(c)(1)The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the
office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:
(A)A summary of the evaluation performed by the California Cybersecurity Integration Center.
(B)The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:
(i)Current overall funding level.
(ii)Potential funding sources.
(C)Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.
(2)The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2029, pursuant to Section 10231.5.
SEC. 2.
Section 8592.50 of the Government Code is amended to read:8592.50.
(a)(b)