California 2017-2018 Regular Session

California Assembly Bill AB1306 Compare Versions

Version 1 (Old)

Version 2 (New)

Old	New		Differences
1		-	~~Enrolled September 15, 2017 Passed IN Senate September 14, 2017 Passed IN Assembly September 14, 2017~~ Amended IN Senate September 08, 2017 Amended IN Senate September 01, 2017 Amended IN Senate July 18, 2017 Amended IN Assembly April 06, 2017 CALIFORNIA LEGISLATURE 20172018 REGULAR SESSION Assembly Bill No. 1306Introduced by Assembly Member ObernolteFebruary 17, 2017An act to add Section 8586.5 to the Government Code, relating to emergency services.LEGISLATIVE COUNSEL'S DIGESTAB 1306, Obernolte. California Cybersecurity Integration Center.~~Existing~~ law authorizes the Governor to make, amend, and rescind orders and regulations to implement the California Emergency Services Act. The act requires the Governor to coordinate the State Emergency Plan and those programs necessary for the mitigation of the effects of an emergency in this state. The act creates within the office of the Governor the Office of Emergency Services, which is responsible for the states emergency and disaster response services, as specified.By Executive order in 2015, the Governor directed the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center (Cal-CSIC), with its primary mission to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state.The Executive order, among other things, required that the Cal-CSIC be comprised of representatives from various entities, and that it develop a statewide cybersecurity strategy informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices.This bill would establish in statute the Cal-CSIC within the Office of Emergency Services to develop a statewide cybersecurity strategy for California in coordination with the Cybersecurity Task Force. The bill would provide that Cal-CSIC would have the same primary mission as Cal-CSIC as created by Executive order. The bill would require Cal-CSIC to include, but not be limited to, representatives from the Office of Emergency Services, the Office of Information Security in the Department of Technology, the State Threat Assessment Center, the Department of the California Highway Patrol, the Military Department, the Office of the Attorney General, the California Health and Human Services Agency, and others. The bill would incorporate language of the Executive order to, among other things, require Cal-CSIC to coordinate with the California State Threat Assessment System and the United States Department of Homeland Security, establish a cyber incident response team, and safeguard the privacy of individuals sensitive information. The bill would also direct all state departments and agencies to ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the Cal-CSIC. The bill would authorize the Governor to suspend the operations of the Cal-CSIC if federal funding for its continued operation is unavailable. The bill would prohibit the Cal-CSIC from requiring private sector companies to share information but would permit voluntary sharing.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO Bill TextThe people of the State of California do enact as follows:SECTION 1. Section 8586.5 is added to the Government Code, to read:8586.5. (a) There is established within the Governors Office of Emergency Services the California Cybersecurity Integration Center, which shall develop a statewide cybersecurity strategy for California as set forth in subdivision (e).(b) The primary mission of the California Cybersecurity Integration Center shall be to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state.(c) The California Governors Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from all of the following organizations:(1) Governors Office of Emergency Services.(2) Department of Technology, Office of Information Security.(3) State Threat Assessment Center.(4) Department of the California Highway Patrol.(5) Military Department.(6) Office of the Attorney General.(7) California Health and Human Services Agency.(8) California Utilities Emergency Association.(9) California State University.(10) University of California.(11) California Community Colleges.(12) United States Department of Homeland Security.(13) United States Federal Bureau of Investigation.(14) United States Secret Service.(15) United States Coast Guard.(16) Other members as designated by the Director of the Governors Office of Emergency Services.(d) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall do all of the following:(1) Provide warnings of cyber attacks to government agencies and nongovernmental partners and coordinate information sharing among these entities.(2) Assess risks to critical infrastructure and information technology networks.(3) Prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks.(4) Enable cross-sector coordination and sharing of recommended best practices and security measures.(5) Support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(e) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy is also intended to strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(f) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also provide assistance to law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and to agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented on the California Cybersecurity Integration Center.(g) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals; safeguards sensitive information; preserves business confidentiality; and enables public officials to detect, investigate, respond to, and prevent cyber attacks that threaten public health and safety, economic stability, and national security.(h) All state departments and agencies shall ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the California Cybersecurity Integration Center.(i) The Governor may, by executive order, suspend the operations of the California Cybersecurity Integration Center if federal funds for its continued operation are not available. The suspension shall remain in effect only until federal funds for the operation of the California Cybersecurity Integration Center become available.(j) In carrying out its mission, the California Cybersecurity Integration Center shall not do any of the following:(1) Duplicate the efforts of other governmental agencies.(2) Require involuntary information sharing by private sector entities.
	1	+	Amended IN Senate September 08, 2017 Amended IN Senate September 01, 2017 Amended IN Senate July 18, 2017 Amended IN Assembly April 06, 2017 CALIFORNIA LEGISLATURE 20172018 REGULAR SESSION Assembly Bill No. 1306Introduced by Assembly Member ObernolteFebruary 17, 2017An act to add Section 8586.5 to the Government Code, relating to emergency services.LEGISLATIVE COUNSEL'S DIGESTAB 1306, as amended, Obernolte. California Cybersecurity Integration Center.(1)ExistingExisting law authorizes the Governor to make, amend, and rescind orders and regulations to implement the California Emergency Services Act. The act requires the Governor to coordinate the State Emergency Plan and those programs necessary for the mitigation of the effects of an emergency in this state. The act creates within the office of the Governor the Office of Emergency Services, which is responsible for the states emergency and disaster response services, as specified.By Executive order in 2015, the Governor directed the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center (Cal-CSIC), with its primary mission to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state.The Executive order, among other things, required that the Cal-CSIC be comprised of representatives from various entities, and that it develop a statewide cybersecurity strategy informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices.This bill would establish in statute the Cal-CSIC within the Office of Emergency Services to develop a statewide cybersecurity strategy for California in coordination with the Cybersecurity Task Force. The bill would provide that Cal-CSIC would have the same primary mission as Cal-CSIC as created by Executive order. The bill would require Cal-CSIC to include, but not be limited to, representatives from the Office of Emergency Services, the Office of Information Security in the Department of Technology, the State Threat Assessment Center, the Department of the California Highway Patrol, the Military Department, the Office of the Attorney General, the California Health and Human Services Agency, and others. The bill would incorporate language of the Executive order to, among other things, require Cal-CSIC to coordinate with the California State Threat Assessment System and the United States Department of Homeland Security, establish a cyber incident response team, and safeguard the privacy of individuals sensitive information. The bill would also direct all state departments and agencies to ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the Cal-CSIC. The bill would authorize the Governor to suspend the operations of the Cal-CSIC if federal funding for its continued operation is unavailable. The bill would prohibit the Cal-CSIC from requiring private sector companies to share information but would permit voluntary sharing.(2)Existing law, the California Public Records Act, requires state and local agencies to make their records available for public inspection, unless an exemption from disclosure applies.This bill would prohibit the Cal-CSIC from sharing or disclosing information voluntarily obtained from private sector companies.(3)Existing constitutional provisions require that a statute that limits the right of access to the meetings of public bodies or the writings of public officials and agencies be adopted with findings demonstrating the interest protected by the limitation and the need for protecting that interest.This bill would make legislative findings to that effect.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO Bill TextThe people of the State of California do enact as follows:SECTION 1. Section 8586.5 is added to the Government Code, to read:8586.5. (a) There is established within the Governors Office of Emergency Services the California Cybersecurity Integration Center, which shall develop a statewide cybersecurity strategy for California as set forth in subdivision (e).(b) The primary mission of the California Cybersecurity Integration Center shall be to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state.(c) The California Governors Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from all of the following organizations:(1) Governors Office of Emergency Services.(2) Department of Technology, Office of Information Security.(3) State Threat Assessment Center.(4) Department of the California Highway Patrol.(5) Military Department.(6) Office of the Attorney General.(7) California Health and Human Services Agency.(8) California Utilities Emergency Association.(9) California State University.(10) University of California.(11) California Community Colleges.(12) United States Department of Homeland Security.(13) United States Federal Bureau of Investigation.(14) United States Secret Service.(15) United States Coast Guard.(16) Other members as designated by the Director of the Governors Office of Emergency Services.(d) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall do all of the following:(1) Provide warnings of cyber attacks to government agencies and nongovernmental partners and coordinate information sharing among these entities.(2) Assess risks to critical infrastructure and information technology networks.(3) Prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks.(4) Enable cross-sector coordination and sharing of recommended best practices and security measures.(5) Support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(e) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy is also intended to strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(f) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also provide assistance to law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and to agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented on the California Cybersecurity Integration Center.(g) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals; safeguards sensitive information; preserves business confidentiality; and enables public officials to detect, investigate, respond to, and prevent cyber attacks that threaten public health and safety, economic stability, and national security.(h) All state departments and agencies shall ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the California Cybersecurity Integration Center.(i) The Governor may, by executive order, suspend the operations of the California Cybersecurity Integration Center if federal funds for its continued operation are not available. The suspension shall remain in effect only until federal funds for the operation of the California Cybersecurity Integration Center become available.(j) In carrying out its mission, the California Cybersecurity Integration Center shall not do any of the following:(1) Duplicate the efforts of other governmental agencies.(2) Require involuntary information sharing by private sector entities.(3)Release to the public any information that is voluntarily provided by private sector entities.SEC. 2.The Legislature finds and declares that Section 1 of this act, which adds Section 8586.5 to the Government Code, imposes a limitation on the publics right of access to the meetings of public bodies or the writings of public officials and agencies within the meaning of Section 3 of Article I of the California Constitution. Pursuant to that constitutional provision, the Legislature makes the following findings to demonstrate the interest protected by this limitation and the need for protecting that interest:In order to promote voluntary information sharing by private sector entities, that may contain proprietary or sensitive information that is vital to the effective operation of the California Cybersecurity Integration Center, and to protect that information once it is received, it is necessary that public disclosure of the private sector information be prohibited.
2	2
3		-	~~Enrolled September 15, 2017 Passed IN Senate September 14, 2017 Passed IN Assembly September 14, 2017~~ Amended IN Senate September 08, 2017 Amended IN Senate September 01, 2017 Amended IN Senate July 18, 2017 Amended IN Assembly April 06, 2017 CALIFORNIA LEGISLATURE 20172018 REGULAR SESSION Assembly Bill No. 1306Introduced by Assembly Member ObernolteFebruary 17, 2017An act to add Section 8586.5 to the Government Code, relating to emergency services.LEGISLATIVE COUNSEL'S DIGESTAB 1306, Obernolte. California Cybersecurity Integration Center.~~Existing~~ law authorizes the Governor to make, amend, and rescind orders and regulations to implement the California Emergency Services Act. The act requires the Governor to coordinate the State Emergency Plan and those programs necessary for the mitigation of the effects of an emergency in this state. The act creates within the office of the Governor the Office of Emergency Services, which is responsible for the states emergency and disaster response services, as specified.By Executive order in 2015, the Governor directed the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center (Cal-CSIC), with its primary mission to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state.The Executive order, among other things, required that the Cal-CSIC be comprised of representatives from various entities, and that it develop a statewide cybersecurity strategy informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices.This bill would establish in statute the Cal-CSIC within the Office of Emergency Services to develop a statewide cybersecurity strategy for California in coordination with the Cybersecurity Task Force. The bill would provide that Cal-CSIC would have the same primary mission as Cal-CSIC as created by Executive order. The bill would require Cal-CSIC to include, but not be limited to, representatives from the Office of Emergency Services, the Office of Information Security in the Department of Technology, the State Threat Assessment Center, the Department of the California Highway Patrol, the Military Department, the Office of the Attorney General, the California Health and Human Services Agency, and others. The bill would incorporate language of the Executive order to, among other things, require Cal-CSIC to coordinate with the California State Threat Assessment System and the United States Department of Homeland Security, establish a cyber incident response team, and safeguard the privacy of individuals sensitive information. The bill would also direct all state departments and agencies to ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the Cal-CSIC. The bill would authorize the Governor to suspend the operations of the Cal-CSIC if federal funding for its continued operation is unavailable. The bill would prohibit the Cal-CSIC from requiring private sector companies to share information but would permit voluntary sharing.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO
	3	+	Amended IN Senate September 08, 2017 Amended IN Senate September 01, 2017 Amended IN Senate July 18, 2017 Amended IN Assembly April 06, 2017 CALIFORNIA LEGISLATURE 20172018 REGULAR SESSION Assembly Bill No. 1306Introduced by Assembly Member ObernolteFebruary 17, 2017An act to add Section 8586.5 to the Government Code, relating to emergency services.LEGISLATIVE COUNSEL'S DIGESTAB 1306, as amended, Obernolte. California Cybersecurity Integration Center.(1)ExistingExisting law authorizes the Governor to make, amend, and rescind orders and regulations to implement the California Emergency Services Act. The act requires the Governor to coordinate the State Emergency Plan and those programs necessary for the mitigation of the effects of an emergency in this state. The act creates within the office of the Governor the Office of Emergency Services, which is responsible for the states emergency and disaster response services, as specified.By Executive order in 2015, the Governor directed the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center (Cal-CSIC), with its primary mission to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state.The Executive order, among other things, required that the Cal-CSIC be comprised of representatives from various entities, and that it develop a statewide cybersecurity strategy informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices.This bill would establish in statute the Cal-CSIC within the Office of Emergency Services to develop a statewide cybersecurity strategy for California in coordination with the Cybersecurity Task Force. The bill would provide that Cal-CSIC would have the same primary mission as Cal-CSIC as created by Executive order. The bill would require Cal-CSIC to include, but not be limited to, representatives from the Office of Emergency Services, the Office of Information Security in the Department of Technology, the State Threat Assessment Center, the Department of the California Highway Patrol, the Military Department, the Office of the Attorney General, the California Health and Human Services Agency, and others. The bill would incorporate language of the Executive order to, among other things, require Cal-CSIC to coordinate with the California State Threat Assessment System and the United States Department of Homeland Security, establish a cyber incident response team, and safeguard the privacy of individuals sensitive information. The bill would also direct all state departments and agencies to ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the Cal-CSIC. The bill would authorize the Governor to suspend the operations of the Cal-CSIC if federal funding for its continued operation is unavailable. The bill would prohibit the Cal-CSIC from requiring private sector companies to share information but would permit voluntary sharing.(2)Existing law, the California Public Records Act, requires state and local agencies to make their records available for public inspection, unless an exemption from disclosure applies.This bill would prohibit the Cal-CSIC from sharing or disclosing information voluntarily obtained from private sector companies.(3)Existing constitutional provisions require that a statute that limits the right of access to the meetings of public bodies or the writings of public officials and agencies be adopted with findings demonstrating the interest protected by the limitation and the need for protecting that interest.This bill would make legislative findings to that effect.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO
4	4
5		-	~~Enrolled September 15, 2017 Passed IN Senate September 14, 2017 Passed IN Assembly September 14, 2017~~ Amended IN Senate September 08, 2017 Amended IN Senate September 01, 2017 Amended IN Senate July 18, 2017 Amended IN Assembly April 06, 2017
	5	+	Amended IN Senate September 08, 2017 Amended IN Senate September 01, 2017 Amended IN Senate July 18, 2017 Amended IN Assembly April 06, 2017
6	6
7		-	Enrolled September 15, 2017
8		-	Passed IN Senate September 14, 2017
9		-	Passed IN Assembly September 14, 2017
10	7		Amended IN Senate September 08, 2017
11	8		Amended IN Senate September 01, 2017
12	9		Amended IN Senate July 18, 2017
13	10		Amended IN Assembly April 06, 2017
14	11
15	12		CALIFORNIA LEGISLATURE 20172018 REGULAR SESSION
16	13
17	14		Assembly Bill No. 1306
18	15
19	16		Introduced by Assembly Member ObernolteFebruary 17, 2017
20	17
21	18		Introduced by Assembly Member Obernolte
22	19		February 17, 2017
23	20
24	21		An act to add Section 8586.5 to the Government Code, relating to emergency services.
25	22
26	23		LEGISLATIVE COUNSEL'S DIGEST
27	24
28	25		## LEGISLATIVE COUNSEL'S DIGEST
29	26
30		-	AB 1306, Obernolte. California Cybersecurity Integration Center.
	27	+	AB 1306, as amended, Obernolte. California Cybersecurity Integration Center.
31	28
32		-	Existing law authorizes the Governor to make, amend, and rescind orders and regulations to implement the California Emergency Services Act. The act requires the Governor to coordinate the State Emergency Plan and those programs necessary for the mitigation of the effects of an emergency in this state. The act creates within the office of the Governor the Office of Emergency Services, which is responsible for the states emergency and disaster response services, as specified.By Executive order in 2015, the Governor directed the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center (Cal-CSIC), with its primary mission to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state.The Executive order, among other things, required that the Cal-CSIC be comprised of representatives from various entities, and that it develop a statewide cybersecurity strategy informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices.This bill would establish in statute the Cal-CSIC within the Office of Emergency Services to develop a statewide cybersecurity strategy for California in coordination with the Cybersecurity Task Force. The bill would provide that Cal-CSIC would have the same primary mission as Cal-CSIC as created by Executive order. The bill would require Cal-CSIC to include, but not be limited to, representatives from the Office of Emergency Services, the Office of Information Security in the Department of Technology, the State Threat Assessment Center, the Department of the California Highway Patrol, the Military Department, the Office of the Attorney General, the California Health and Human Services Agency, and others. The bill would incorporate language of the Executive order to, among other things, require Cal-CSIC to coordinate with the California State Threat Assessment System and the United States Department of Homeland Security, establish a cyber incident response team, and safeguard the privacy of individuals sensitive information. The bill would also direct all state departments and agencies to ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the Cal-CSIC. The bill would authorize the Governor to suspend the operations of the Cal-CSIC if federal funding for its continued operation is unavailable. The bill would prohibit the Cal-CSIC from requiring private sector companies to share information but would permit voluntary sharing.
	29	+	(1)ExistingExisting law authorizes the Governor to make, amend, and rescind orders and regulations to implement the California Emergency Services Act. The act requires the Governor to coordinate the State Emergency Plan and those programs necessary for the mitigation of the effects of an emergency in this state. The act creates within the office of the Governor the Office of Emergency Services, which is responsible for the states emergency and disaster response services, as specified.By Executive order in 2015, the Governor directed the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center (Cal-CSIC), with its primary mission to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state.The Executive order, among other things, required that the Cal-CSIC be comprised of representatives from various entities, and that it develop a statewide cybersecurity strategy informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices.This bill would establish in statute the Cal-CSIC within the Office of Emergency Services to develop a statewide cybersecurity strategy for California in coordination with the Cybersecurity Task Force. The bill would provide that Cal-CSIC would have the same primary mission as Cal-CSIC as created by Executive order. The bill would require Cal-CSIC to include, but not be limited to, representatives from the Office of Emergency Services, the Office of Information Security in the Department of Technology, the State Threat Assessment Center, the Department of the California Highway Patrol, the Military Department, the Office of the Attorney General, the California Health and Human Services Agency, and others. The bill would incorporate language of the Executive order to, among other things, require Cal-CSIC to coordinate with the California State Threat Assessment System and the United States Department of Homeland Security, establish a cyber incident response team, and safeguard the privacy of individuals sensitive information. The bill would also direct all state departments and agencies to ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the Cal-CSIC. The bill would authorize the Governor to suspend the operations of the Cal-CSIC if federal funding for its continued operation is unavailable. The bill would prohibit the Cal-CSIC from requiring private sector companies to share information but would permit voluntary sharing.(2)Existing law, the California Public Records Act, requires state and local agencies to make their records available for public inspection, unless an exemption from disclosure applies.This bill would prohibit the Cal-CSIC from sharing or disclosing information voluntarily obtained from private sector companies.(3)Existing constitutional provisions require that a statute that limits the right of access to the meetings of public bodies or the writings of public officials and agencies be adopted with findings demonstrating the interest protected by the limitation and the need for protecting that interest.This bill would make legislative findings to that effect.
	30	+
	31	+	(1)Existing
	32	+
	33	+
33	34
34	35		Existing law authorizes the Governor to make, amend, and rescind orders and regulations to implement the California Emergency Services Act. The act requires the Governor to coordinate the State Emergency Plan and those programs necessary for the mitigation of the effects of an emergency in this state. The act creates within the office of the Governor the Office of Emergency Services, which is responsible for the states emergency and disaster response services, as specified.
35	36
36	37		By Executive order in 2015, the Governor directed the Office of Emergency Services to establish and lead the California Cybersecurity Integration Center (Cal-CSIC), with its primary mission to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state.
37	38
38	39		The Executive order, among other things, required that the Cal-CSIC be comprised of representatives from various entities, and that it develop a statewide cybersecurity strategy informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices.
39	40
40	41		This bill would establish in statute the Cal-CSIC within the Office of Emergency Services to develop a statewide cybersecurity strategy for California in coordination with the Cybersecurity Task Force. The bill would provide that Cal-CSIC would have the same primary mission as Cal-CSIC as created by Executive order. The bill would require Cal-CSIC to include, but not be limited to, representatives from the Office of Emergency Services, the Office of Information Security in the Department of Technology, the State Threat Assessment Center, the Department of the California Highway Patrol, the Military Department, the Office of the Attorney General, the California Health and Human Services Agency, and others.
41	42
42	43		The bill would incorporate language of the Executive order to, among other things, require Cal-CSIC to coordinate with the California State Threat Assessment System and the United States Department of Homeland Security, establish a cyber incident response team, and safeguard the privacy of individuals sensitive information. The bill would also direct all state departments and agencies to ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the Cal-CSIC.
43	44
44	45		The bill would authorize the Governor to suspend the operations of the Cal-CSIC if federal funding for its continued operation is unavailable. The bill would prohibit the Cal-CSIC from requiring private sector companies to share information but would permit voluntary sharing.
45	46
	47	+	(2)Existing law, the California Public Records Act, requires state and local agencies to make their records available for public inspection, unless an exemption from disclosure applies.
	48	+
	49	+
	50	+
	51	+	This bill would prohibit the Cal-CSIC from sharing or disclosing information voluntarily obtained from private sector companies.
	52	+
	53	+
	54	+
	55	+	(3)Existing constitutional provisions require that a statute that limits the right of access to the meetings of public bodies or the writings of public officials and agencies be adopted with findings demonstrating the interest protected by the limitation and the need for protecting that interest.
	56	+
	57	+
	58	+
	59	+	This bill would make legislative findings to that effect.
	60	+
	61	+
	62	+
46	63		## Digest Key
47	64
48	65		## Bill Text
49	66
50		-	The people of the State of California do enact as follows:SECTION 1. Section 8586.5 is added to the Government Code, to read:8586.5. (a) There is established within the Governors Office of Emergency Services the California Cybersecurity Integration Center, which shall develop a statewide cybersecurity strategy for California as set forth in subdivision (e).(b) The primary mission of the California Cybersecurity Integration Center shall be to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state.(c) The California Governors Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from all of the following organizations:(1) Governors Office of Emergency Services.(2) Department of Technology, Office of Information Security.(3) State Threat Assessment Center.(4) Department of the California Highway Patrol.(5) Military Department.(6) Office of the Attorney General.(7) California Health and Human Services Agency.(8) California Utilities Emergency Association.(9) California State University.(10) University of California.(11) California Community Colleges.(12) United States Department of Homeland Security.(13) United States Federal Bureau of Investigation.(14) United States Secret Service.(15) United States Coast Guard.(16) Other members as designated by the Director of the Governors Office of Emergency Services.(d) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall do all of the following:(1) Provide warnings of cyber attacks to government agencies and nongovernmental partners and coordinate information sharing among these entities.(2) Assess risks to critical infrastructure and information technology networks.(3) Prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks.(4) Enable cross-sector coordination and sharing of recommended best practices and security measures.(5) Support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(e) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy is also intended to strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(f) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also provide assistance to law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and to agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented on the California Cybersecurity Integration Center.(g) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals; safeguards sensitive information; preserves business confidentiality; and enables public officials to detect, investigate, respond to, and prevent cyber attacks that threaten public health and safety, economic stability, and national security.(h) All state departments and agencies shall ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the California Cybersecurity Integration Center.(i) The Governor may, by executive order, suspend the operations of the California Cybersecurity Integration Center if federal funds for its continued operation are not available. The suspension shall remain in effect only until federal funds for the operation of the California Cybersecurity Integration Center become available.(j) In carrying out its mission, the California Cybersecurity Integration Center shall not do any of the following:(1) Duplicate the efforts of other governmental agencies.(2) Require involuntary information sharing by private sector entities.
	67	+	The people of the State of California do enact as follows:SECTION 1. Section 8586.5 is added to the Government Code, to read:8586.5. (a) There is established within the Governors Office of Emergency Services the California Cybersecurity Integration Center, which shall develop a statewide cybersecurity strategy for California as set forth in subdivision (e).(b) The primary mission of the California Cybersecurity Integration Center shall be to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state.(c) The California Governors Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from all of the following organizations:(1) Governors Office of Emergency Services.(2) Department of Technology, Office of Information Security.(3) State Threat Assessment Center.(4) Department of the California Highway Patrol.(5) Military Department.(6) Office of the Attorney General.(7) California Health and Human Services Agency.(8) California Utilities Emergency Association.(9) California State University.(10) University of California.(11) California Community Colleges.(12) United States Department of Homeland Security.(13) United States Federal Bureau of Investigation.(14) United States Secret Service.(15) United States Coast Guard.(16) Other members as designated by the Director of the Governors Office of Emergency Services.(d) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall do all of the following:(1) Provide warnings of cyber attacks to government agencies and nongovernmental partners and coordinate information sharing among these entities.(2) Assess risks to critical infrastructure and information technology networks.(3) Prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks.(4) Enable cross-sector coordination and sharing of recommended best practices and security measures.(5) Support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(e) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy is also intended to strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(f) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also provide assistance to law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and to agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented on the California Cybersecurity Integration Center.(g) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals; safeguards sensitive information; preserves business confidentiality; and enables public officials to detect, investigate, respond to, and prevent cyber attacks that threaten public health and safety, economic stability, and national security.(h) All state departments and agencies shall ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the California Cybersecurity Integration Center.(i) The Governor may, by executive order, suspend the operations of the California Cybersecurity Integration Center if federal funds for its continued operation are not available. The suspension shall remain in effect only until federal funds for the operation of the California Cybersecurity Integration Center become available.(j) In carrying out its mission, the California Cybersecurity Integration Center shall not do any of the following:(1) Duplicate the efforts of other governmental agencies.(2) Require involuntary information sharing by private sector entities.(3)Release to the public any information that is voluntarily provided by private sector entities.SEC. 2.The Legislature finds and declares that Section 1 of this act, which adds Section 8586.5 to the Government Code, imposes a limitation on the publics right of access to the meetings of public bodies or the writings of public officials and agencies within the meaning of Section 3 of Article I of the California Constitution. Pursuant to that constitutional provision, the Legislature makes the following findings to demonstrate the interest protected by this limitation and the need for protecting that interest:In order to promote voluntary information sharing by private sector entities, that may contain proprietary or sensitive information that is vital to the effective operation of the California Cybersecurity Integration Center, and to protect that information once it is received, it is necessary that public disclosure of the private sector information be prohibited.
51	68
52	69		The people of the State of California do enact as follows:
53	70
54	71		## The people of the State of California do enact as follows:
55	72
56		-	SECTION 1. Section 8586.5 is added to the Government Code, to read:8586.5. (a) There is established within the Governors Office of Emergency Services the California Cybersecurity Integration Center, which shall develop a statewide cybersecurity strategy for California as set forth in subdivision (e).(b) The primary mission of the California Cybersecurity Integration Center shall be to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state.(c) The California Governors Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from all of the following organizations:(1) Governors Office of Emergency Services.(2) Department of Technology, Office of Information Security.(3) State Threat Assessment Center.(4) Department of the California Highway Patrol.(5) Military Department.(6) Office of the Attorney General.(7) California Health and Human Services Agency.(8) California Utilities Emergency Association.(9) California State University.(10) University of California.(11) California Community Colleges.(12) United States Department of Homeland Security.(13) United States Federal Bureau of Investigation.(14) United States Secret Service.(15) United States Coast Guard.(16) Other members as designated by the Director of the Governors Office of Emergency Services.(d) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall do all of the following:(1) Provide warnings of cyber attacks to government agencies and nongovernmental partners and coordinate information sharing among these entities.(2) Assess risks to critical infrastructure and information technology networks.(3) Prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks.(4) Enable cross-sector coordination and sharing of recommended best practices and security measures.(5) Support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(e) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy is also intended to strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(f) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also provide assistance to law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and to agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented on the California Cybersecurity Integration Center.(g) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals; safeguards sensitive information; preserves business confidentiality; and enables public officials to detect, investigate, respond to, and prevent cyber attacks that threaten public health and safety, economic stability, and national security.(h) All state departments and agencies shall ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the California Cybersecurity Integration Center.(i) The Governor may, by executive order, suspend the operations of the California Cybersecurity Integration Center if federal funds for its continued operation are not available. The suspension shall remain in effect only until federal funds for the operation of the California Cybersecurity Integration Center become available.(j) In carrying out its mission, the California Cybersecurity Integration Center shall not do any of the following:(1) Duplicate the efforts of other governmental agencies.(2) Require involuntary information sharing by private sector entities.
	73	+	SECTION 1. Section 8586.5 is added to the Government Code, to read:8586.5. (a) There is established within the Governors Office of Emergency Services the California Cybersecurity Integration Center, which shall develop a statewide cybersecurity strategy for California as set forth in subdivision (e).(b) The primary mission of the California Cybersecurity Integration Center shall be to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state.(c) The California Governors Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from all of the following organizations:(1) Governors Office of Emergency Services.(2) Department of Technology, Office of Information Security.(3) State Threat Assessment Center.(4) Department of the California Highway Patrol.(5) Military Department.(6) Office of the Attorney General.(7) California Health and Human Services Agency.(8) California Utilities Emergency Association.(9) California State University.(10) University of California.(11) California Community Colleges.(12) United States Department of Homeland Security.(13) United States Federal Bureau of Investigation.(14) United States Secret Service.(15) United States Coast Guard.(16) Other members as designated by the Director of the Governors Office of Emergency Services.(d) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall do all of the following:(1) Provide warnings of cyber attacks to government agencies and nongovernmental partners and coordinate information sharing among these entities.(2) Assess risks to critical infrastructure and information technology networks.(3) Prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks.(4) Enable cross-sector coordination and sharing of recommended best practices and security measures.(5) Support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(e) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy is also intended to strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(f) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also provide assistance to law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and to agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented on the California Cybersecurity Integration Center.(g) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals; safeguards sensitive information; preserves business confidentiality; and enables public officials to detect, investigate, respond to, and prevent cyber attacks that threaten public health and safety, economic stability, and national security.(h) All state departments and agencies shall ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the California Cybersecurity Integration Center.(i) The Governor may, by executive order, suspend the operations of the California Cybersecurity Integration Center if federal funds for its continued operation are not available. The suspension shall remain in effect only until federal funds for the operation of the California Cybersecurity Integration Center become available.(j) In carrying out its mission, the California Cybersecurity Integration Center shall not do any of the following:(1) Duplicate the efforts of other governmental agencies.(2) Require involuntary information sharing by private sector entities.(3)Release to the public any information that is voluntarily provided by private sector entities.
57	74
58	75		SECTION 1. Section 8586.5 is added to the Government Code, to read:
59	76
60	77		### SECTION 1.
61	78
62		-	8586.5. (a) There is established within the Governors Office of Emergency Services the California Cybersecurity Integration Center, which shall develop a statewide cybersecurity strategy for California as set forth in subdivision (e).(b) The primary mission of the California Cybersecurity Integration Center shall be to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state.(c) The California Governors Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from all of the following organizations:(1) Governors Office of Emergency Services.(2) Department of Technology, Office of Information Security.(3) State Threat Assessment Center.(4) Department of the California Highway Patrol.(5) Military Department.(6) Office of the Attorney General.(7) California Health and Human Services Agency.(8) California Utilities Emergency Association.(9) California State University.(10) University of California.(11) California Community Colleges.(12) United States Department of Homeland Security.(13) United States Federal Bureau of Investigation.(14) United States Secret Service.(15) United States Coast Guard.(16) Other members as designated by the Director of the Governors Office of Emergency Services.(d) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall do all of the following:(1) Provide warnings of cyber attacks to government agencies and nongovernmental partners and coordinate information sharing among these entities.(2) Assess risks to critical infrastructure and information technology networks.(3) Prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks.(4) Enable cross-sector coordination and sharing of recommended best practices and security measures.(5) Support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(e) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy is also intended to strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(f) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also provide assistance to law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and to agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented on the California Cybersecurity Integration Center.(g) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals; safeguards sensitive information; preserves business confidentiality; and enables public officials to detect, investigate, respond to, and prevent cyber attacks that threaten public health and safety, economic stability, and national security.(h) All state departments and agencies shall ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the California Cybersecurity Integration Center.(i) The Governor may, by executive order, suspend the operations of the California Cybersecurity Integration Center if federal funds for its continued operation are not available. The suspension shall remain in effect only until federal funds for the operation of the California Cybersecurity Integration Center become available.(j) In carrying out its mission, the California Cybersecurity Integration Center shall not do any of the following:(1) Duplicate the efforts of other governmental agencies.(2) Require involuntary information sharing by private sector entities.
	79	+	8586.5. (a) There is established within the Governors Office of Emergency Services the California Cybersecurity Integration Center, which shall develop a statewide cybersecurity strategy for California as set forth in subdivision (e).(b) The primary mission of the California Cybersecurity Integration Center shall be to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state.(c) The California Governors Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from all of the following organizations:(1) Governors Office of Emergency Services.(2) Department of Technology, Office of Information Security.(3) State Threat Assessment Center.(4) Department of the California Highway Patrol.(5) Military Department.(6) Office of the Attorney General.(7) California Health and Human Services Agency.(8) California Utilities Emergency Association.(9) California State University.(10) University of California.(11) California Community Colleges.(12) United States Department of Homeland Security.(13) United States Federal Bureau of Investigation.(14) United States Secret Service.(15) United States Coast Guard.(16) Other members as designated by the Director of the Governors Office of Emergency Services.(d) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall do all of the following:(1) Provide warnings of cyber attacks to government agencies and nongovernmental partners and coordinate information sharing among these entities.(2) Assess risks to critical infrastructure and information technology networks.(3) Prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks.(4) Enable cross-sector coordination and sharing of recommended best practices and security measures.(5) Support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(e) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy is also intended to strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(f) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also provide assistance to law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and to agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented on the California Cybersecurity Integration Center.(g) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals; safeguards sensitive information; preserves business confidentiality; and enables public officials to detect, investigate, respond to, and prevent cyber attacks that threaten public health and safety, economic stability, and national security.(h) All state departments and agencies shall ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the California Cybersecurity Integration Center.(i) The Governor may, by executive order, suspend the operations of the California Cybersecurity Integration Center if federal funds for its continued operation are not available. The suspension shall remain in effect only until federal funds for the operation of the California Cybersecurity Integration Center become available.(j) In carrying out its mission, the California Cybersecurity Integration Center shall not do any of the following:(1) Duplicate the efforts of other governmental agencies.(2) Require involuntary information sharing by private sector entities.(3)Release to the public any information that is voluntarily provided by private sector entities.
63	80
64		-	8586.5. (a) There is established within the Governors Office of Emergency Services the California Cybersecurity Integration Center, which shall develop a statewide cybersecurity strategy for California as set forth in subdivision (e).(b) The primary mission of the California Cybersecurity Integration Center shall be to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state.(c) The California Governors Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from all of the following organizations:(1) Governors Office of Emergency Services.(2) Department of Technology, Office of Information Security.(3) State Threat Assessment Center.(4) Department of the California Highway Patrol.(5) Military Department.(6) Office of the Attorney General.(7) California Health and Human Services Agency.(8) California Utilities Emergency Association.(9) California State University.(10) University of California.(11) California Community Colleges.(12) United States Department of Homeland Security.(13) United States Federal Bureau of Investigation.(14) United States Secret Service.(15) United States Coast Guard.(16) Other members as designated by the Director of the Governors Office of Emergency Services.(d) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall do all of the following:(1) Provide warnings of cyber attacks to government agencies and nongovernmental partners and coordinate information sharing among these entities.(2) Assess risks to critical infrastructure and information technology networks.(3) Prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks.(4) Enable cross-sector coordination and sharing of recommended best practices and security measures.(5) Support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(e) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy is also intended to strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(f) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also provide assistance to law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and to agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented on the California Cybersecurity Integration Center.(g) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals; safeguards sensitive information; preserves business confidentiality; and enables public officials to detect, investigate, respond to, and prevent cyber attacks that threaten public health and safety, economic stability, and national security.(h) All state departments and agencies shall ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the California Cybersecurity Integration Center.(i) The Governor may, by executive order, suspend the operations of the California Cybersecurity Integration Center if federal funds for its continued operation are not available. The suspension shall remain in effect only until federal funds for the operation of the California Cybersecurity Integration Center become available.(j) In carrying out its mission, the California Cybersecurity Integration Center shall not do any of the following:(1) Duplicate the efforts of other governmental agencies.(2) Require involuntary information sharing by private sector entities.
	81	+	8586.5. (a) There is established within the Governors Office of Emergency Services the California Cybersecurity Integration Center, which shall develop a statewide cybersecurity strategy for California as set forth in subdivision (e).(b) The primary mission of the California Cybersecurity Integration Center shall be to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state.(c) The California Governors Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from all of the following organizations:(1) Governors Office of Emergency Services.(2) Department of Technology, Office of Information Security.(3) State Threat Assessment Center.(4) Department of the California Highway Patrol.(5) Military Department.(6) Office of the Attorney General.(7) California Health and Human Services Agency.(8) California Utilities Emergency Association.(9) California State University.(10) University of California.(11) California Community Colleges.(12) United States Department of Homeland Security.(13) United States Federal Bureau of Investigation.(14) United States Secret Service.(15) United States Coast Guard.(16) Other members as designated by the Director of the Governors Office of Emergency Services.(d) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall do all of the following:(1) Provide warnings of cyber attacks to government agencies and nongovernmental partners and coordinate information sharing among these entities.(2) Assess risks to critical infrastructure and information technology networks.(3) Prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks.(4) Enable cross-sector coordination and sharing of recommended best practices and security measures.(5) Support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(e) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy is also intended to strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(f) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also provide assistance to law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and to agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented on the California Cybersecurity Integration Center.(g) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals; safeguards sensitive information; preserves business confidentiality; and enables public officials to detect, investigate, respond to, and prevent cyber attacks that threaten public health and safety, economic stability, and national security.(h) All state departments and agencies shall ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the California Cybersecurity Integration Center.(i) The Governor may, by executive order, suspend the operations of the California Cybersecurity Integration Center if federal funds for its continued operation are not available. The suspension shall remain in effect only until federal funds for the operation of the California Cybersecurity Integration Center become available.(j) In carrying out its mission, the California Cybersecurity Integration Center shall not do any of the following:(1) Duplicate the efforts of other governmental agencies.(2) Require involuntary information sharing by private sector entities.(3)Release to the public any information that is voluntarily provided by private sector entities.
65	82
66		-	8586.5. (a) There is established within the Governors Office of Emergency Services the California Cybersecurity Integration Center, which shall develop a statewide cybersecurity strategy for California as set forth in subdivision (e).(b) The primary mission of the California Cybersecurity Integration Center shall be to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state.(c) The California Governors Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from all of the following organizations:(1) Governors Office of Emergency Services.(2) Department of Technology, Office of Information Security.(3) State Threat Assessment Center.(4) Department of the California Highway Patrol.(5) Military Department.(6) Office of the Attorney General.(7) California Health and Human Services Agency.(8) California Utilities Emergency Association.(9) California State University.(10) University of California.(11) California Community Colleges.(12) United States Department of Homeland Security.(13) United States Federal Bureau of Investigation.(14) United States Secret Service.(15) United States Coast Guard.(16) Other members as designated by the Director of the Governors Office of Emergency Services.(d) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall do all of the following:(1) Provide warnings of cyber attacks to government agencies and nongovernmental partners and coordinate information sharing among these entities.(2) Assess risks to critical infrastructure and information technology networks.(3) Prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks.(4) Enable cross-sector coordination and sharing of recommended best practices and security measures.(5) Support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(e) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy is also intended to strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(f) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also provide assistance to law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and to agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented on the California Cybersecurity Integration Center.(g) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals; safeguards sensitive information; preserves business confidentiality; and enables public officials to detect, investigate, respond to, and prevent cyber attacks that threaten public health and safety, economic stability, and national security.(h) All state departments and agencies shall ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the California Cybersecurity Integration Center.(i) The Governor may, by executive order, suspend the operations of the California Cybersecurity Integration Center if federal funds for its continued operation are not available. The suspension shall remain in effect only until federal funds for the operation of the California Cybersecurity Integration Center become available.(j) In carrying out its mission, the California Cybersecurity Integration Center shall not do any of the following:(1) Duplicate the efforts of other governmental agencies.(2) Require involuntary information sharing by private sector entities.
	83	+	8586.5. (a) There is established within the Governors Office of Emergency Services the California Cybersecurity Integration Center, which shall develop a statewide cybersecurity strategy for California as set forth in subdivision (e).(b) The primary mission of the California Cybersecurity Integration Center shall be to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state.(c) The California Governors Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from all of the following organizations:(1) Governors Office of Emergency Services.(2) Department of Technology, Office of Information Security.(3) State Threat Assessment Center.(4) Department of the California Highway Patrol.(5) Military Department.(6) Office of the Attorney General.(7) California Health and Human Services Agency.(8) California Utilities Emergency Association.(9) California State University.(10) University of California.(11) California Community Colleges.(12) United States Department of Homeland Security.(13) United States Federal Bureau of Investigation.(14) United States Secret Service.(15) United States Coast Guard.(16) Other members as designated by the Director of the Governors Office of Emergency Services.(d) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall do all of the following:(1) Provide warnings of cyber attacks to government agencies and nongovernmental partners and coordinate information sharing among these entities.(2) Assess risks to critical infrastructure and information technology networks.(3) Prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks.(4) Enable cross-sector coordination and sharing of recommended best practices and security measures.(5) Support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.(e) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy is also intended to strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.(f) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also provide assistance to law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and to agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented on the California Cybersecurity Integration Center.(g) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals; safeguards sensitive information; preserves business confidentiality; and enables public officials to detect, investigate, respond to, and prevent cyber attacks that threaten public health and safety, economic stability, and national security.(h) All state departments and agencies shall ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the California Cybersecurity Integration Center.(i) The Governor may, by executive order, suspend the operations of the California Cybersecurity Integration Center if federal funds for its continued operation are not available. The suspension shall remain in effect only until federal funds for the operation of the California Cybersecurity Integration Center become available.(j) In carrying out its mission, the California Cybersecurity Integration Center shall not do any of the following:(1) Duplicate the efforts of other governmental agencies.(2) Require involuntary information sharing by private sector entities.(3)Release to the public any information that is voluntarily provided by private sector entities.
67	84
68	85
69	86
70	87		8586.5. (a) There is established within the Governors Office of Emergency Services the California Cybersecurity Integration Center, which shall develop a statewide cybersecurity strategy for California as set forth in subdivision (e).
71	88
72	89		(b) The primary mission of the California Cybersecurity Integration Center shall be to reduce the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in our state.
73	90
74	91		(c) The California Governors Office of Emergency Services shall establish and lead the California Cybersecurity Integration Center. The California Cybersecurity Integration Center shall serve as the central organizing hub of state governments cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations. The California Cybersecurity Integration Center shall be comprised of representatives from all of the following organizations:
75	92
76	93		(1) Governors Office of Emergency Services.
77	94
78	95		(2) Department of Technology, Office of Information Security.
79	96
80	97		(3) State Threat Assessment Center.
81	98
82	99		(4) Department of the California Highway Patrol.
83	100
84	101		(5) Military Department.
85	102
86	103		(6) Office of the Attorney General.
87	104
88	105		(7) California Health and Human Services Agency.
89	106
90	107		(8) California Utilities Emergency Association.
91	108
92	109		(9) California State University.
93	110
94	111		(10) University of California.
95	112
96	113		(11) California Community Colleges.
97	114
98	115		(12) United States Department of Homeland Security.
99	116
100	117		(13) United States Federal Bureau of Investigation.
101	118
102	119		(14) United States Secret Service.
103	120
104	121		(15) United States Coast Guard.
105	122
106	123		(16) Other members as designated by the Director of the Governors Office of Emergency Services.
107	124
108	125		(d) The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources. The California Cybersecurity Integration Center shall do all of the following:
109	126
110	127		(1) Provide warnings of cyber attacks to government agencies and nongovernmental partners and coordinate information sharing among these entities.
111	128
112	129		(2) Assess risks to critical infrastructure and information technology networks.
113	130
114	131		(3) Prioritize cyber threats and support public and private sector partners in protecting their vulnerable infrastructure and information technology networks.
115	132
116	133		(4) Enable cross-sector coordination and sharing of recommended best practices and security measures.
117	134
118	135		(5) Support cybersecurity assessments, audits, and accountability programs that are required by state law to protect the information technology networks of Californias agencies and departments.
119	136
120	137		(e) The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers. The strategy is also intended to strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among Californias workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.
121	138
122	139		(f) The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as Californias primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state. This team shall also provide assistance to law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and to agencies responsible for advancing information security within state government. This team shall be comprised of personnel from agencies, departments, and organizations represented on the California Cybersecurity Integration Center.
123	140
124	141		(g) Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals; safeguards sensitive information; preserves business confidentiality; and enables public officials to detect, investigate, respond to, and prevent cyber attacks that threaten public health and safety, economic stability, and national security.
125	142
126	143		(h) All state departments and agencies shall ensure compliance with existing information security and privacy policies, promote awareness of information security standards with their workforce, and assist the California Governors Office of Emergency Services and the California Cybersecurity Integration Center.
127	144
128	145		(i) The Governor may, by executive order, suspend the operations of the California Cybersecurity Integration Center if federal funds for its continued operation are not available. The suspension shall remain in effect only until federal funds for the operation of the California Cybersecurity Integration Center become available.
129	146
130	147		(j) In carrying out its mission, the California Cybersecurity Integration Center shall not do any of the following:
131	148
132	149		(1) Duplicate the efforts of other governmental agencies.
133	150
134	151		(2) Require involuntary information sharing by private sector entities.
	152	+
	153	+	(3)Release to the public any information that is voluntarily provided by private sector entities.
	154	+
	155	+
	156	+
	157	+
	158	+
	159	+	The Legislature finds and declares that Section 1 of this act, which adds Section 8586.5 to the Government Code, imposes a limitation on the publics right of access to the meetings of public bodies or the writings of public officials and agencies within the meaning of Section 3 of Article I of the California Constitution. Pursuant to that constitutional provision, the Legislature makes the following findings to demonstrate the interest protected by this limitation and the need for protecting that interest:
	160	+
	161	+
	162	+
	163	+	In order to promote voluntary information sharing by private sector entities, that may contain proprietary or sensitive information that is vital to the effective operation of the California Cybersecurity Integration Center, and to protect that information once it is received, it is necessary that public disclosure of the private sector information be prohibited.