California 2023-2024 Regular Session

California Senate Bill SB265 Compare Versions

Version 1 (Old)

Version 2 (New)

Old	New		Differences
1		-	Amended IN ~~Assembly June 19~~, 2023 ~~Amended IN~~ Senate ~~May 18, 2023 CALIFORNIA LEGISLATURE 20232024 REGULAR SESSION Senate~~ Bill No. 265Introduced by Senator Hurtado(Coauthors: Senators Archuleta, Min, Rubio, and Umberg)January 31, 2023 An act to amend Section 8592.50 of the Government Code, relating to emergency services. LEGISLATIVE COUNSEL'S DIGESTSB 265, as amended, Hurtado. Cybersecurity preparedness: critical infrastructure sectors.Existing law, the California Emergency Services Act, among other things, creates the Office of Emergency Services (Cal OES), which is responsible for the states emergency and disaster response services, as specified. Existing law requires Cal OES to establish the California Cybersecurity Integration Center (Cal-CSIC) with the primary mission of reducing the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state. Existing law requires Cal ~~OES to direct~~ Cal-CSIC to ~~prepare, and Cal OES to submit to the Legislature on or before January 1, 2024,~~ a ~~strategic, multiyear outreach plan to assist the food and agriculture sector and wastewater sector~~ in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, those sectors in their efforts to improve security preparedness~~.This bill would require~~ Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2025, a strategic, multiyear outreach plan to assist critical infrastructure sectors, as defined, in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, that sector in their efforts to improve cybersecurity preparedness. The bill would make related findings and declarations.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO Bill TextThe people of the State of California do enact as follows:SECTION 1. The Legislature finds and declares all of the following:(a) Cybersecurity preparedness is a crucial element in the prevention and mitigation of cyberattacks.(b) The frequency of cyberattacks against critical infrastructure sectors continues to increase.(c) A more concerted focus on cybersecurity will help ensure the safety of Californias critical infrastructure sectors.(d) Those operating within these sectors can help the State of California by reporting when a significant and verified cyber threat is identified or an attack is underway.(e) The potential damage from a cyberattack on a critical infrastructure sector could affect the livelihood of Californians.(f) Better outreach regarding cybersecurity preparedness can increase awareness regarding the importance of cybersecurity.SEC. 2. Section 8592.~~50 of~~ the Government Code ~~is amended~~ to read:8592.~~50.~~ (a) For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials, and waste sector, transportation systems sector, and water and wastewater systems sector.(b) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist ~~the food and agriculture sector and the water and wastewater sector~~ in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to ~~the food and agriculture sector and the water and wastewater sector~~.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for ~~the food and agricultural sector and the water and wastewater sector~~.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, ~~2024~~. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, ~~2028~~, pursuant to Section 10231.5.(c) (1) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in ~~the food and agriculture sector~~ or ~~the water and wastewater sector with grants or~~ alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, ~~2024~~, that includes, but is not limited to, all of the following:(A) A summary of the evaluation performed by the California Cybersecurity Integration Center.(B) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(i) Current overall funding level.(ii) Potential funding sources.(C) Potential voluntary actions that do not require funding and assist ~~the~~ food and agriculture sector ~~and the~~ water and wastewater ~~sector in their efforts to improve cybersecurity preparedness.(2) The requirement for submitting~~ a ~~report imposed by this subdivision is inoperative~~ on ~~January 1, 2028, pursuant to Section 10231.5.(d) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on~~ ways to assist ~~each of Californias critical infrastructure sectors~~ in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to ~~critical infrastructure sectors~~.(B) A ~~description~~ that ~~identifies workforce gaps and suggests methods~~ for ~~outreach to increase cybersecurity workforce~~ in ~~critical infrastructure sectors. (B)(C) The goal of the outreach plan.(C)(D) Methods for coordinating~~ with ~~other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services~~ or ~~resources for critical infrastructure sectors.(D)(E) An estimate of the~~ funding ~~needed to execute the outreach plan.(E)(F) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F)(G)~~ A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(H) An evaluation plan providing insight into, but not limited to, methods for initial scoping, risk identification and risk analysis, and best practices for proper documentation and recordkeeping of previous cyber threats and attacks.(2) The office shall submit the outreach plan prepared pursuant to ~~this subdivision to the Legislature, pursuant to~~ Section 9795, no later than January 1, 2025.(e) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:(1) A summary of the evaluation performed by the California Cybersecurity Integration Center.(2) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(A) Current overall funding level.(B) Potential funding sources.(3) Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.(~~4) Potential benefit~~ in ~~routinely observing Office of the Attorney General data security breaches.(f) The requirements for submitting the reports described in~~ paragraph (2) of subdivision (c) and subdivision (d) are inoperative on January 1, 2029, pursuant to Section 10231.5.
	1	+	Amended IN Senate May 18, 2023 CALIFORNIA LEGISLATURE 20232024 REGULAR SESSION Senate Bill No. 265Introduced by Senator Hurtado(Coauthor: Senator Umberg)(Coauthors: Senators Archuleta, Min, Rubio, and Umberg)January 31, 2023 An act to add Section 8592.60 to amend Section 8592.50 of the Government Code, relating to emergency services. LEGISLATIVE COUNSEL'S DIGESTSB 265, as amended, Hurtado. Cybersecurity preparedness: critical infrastructure sectors.Existing law, the California Emergency Services Act, among other things, creates the Office of Emergency Services (Cal OES), which is responsible for the states emergency and disaster response services, as specified. Existing law requires Cal OES to establish the California Cybersecurity Integration Center (Cal-CSIC) with the primary mission of reducing the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state. Existing law requires Cal-CSIC to provide warnings of cyberattacks to government agencies and nongovernmental partners, coordinate information sharing among these entities, assess risks to critical infrastructure information networks, enable cross-sector coordination and sharing of best practices and security measures, and support certain cybersecurity assessments, audits, and accountability programs. Existing law also requires Cal-CSIC to develop a statewide cybersecurity strategy to improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers, and to strengthen cyber emergency preparedness and response and expand cybersecurity awareness and public education. Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2024, a strategic, multiyear outreach plan to assist the food and agriculture sector and wastewater sector in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, those sectors in their efforts to improve security preparedness.This bill would require Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2025, a strategic, multiyear outreach plan to assist critical infrastructure sectors, as defined, in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, that sector in their efforts to improve cybersecurity preparedness. The bill would make related findings and declarations.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO Bill TextThe people of the State of California do enact as follows:SECTION 1. The Legislature finds and declares all of the following:(a) Cybersecurity preparedness is a crucial element in the prevention and mitigation of cyberattacks.(b) The frequency of cyberattacks against critical infrastructure sectors continues to increase.(c) A more concerted focus on cybersecurity will help ensure the safety of Californias critical infrastructure sectors.(d) Those operating within these sectors can help the State of California by reporting when a significant and verified cyber threat is identified or an attack is underway.(e) The potential damage from a cyberattack on a critical infrastructure sector could affect the livelihood of Californians.(f) Better outreach regarding cybersecurity preparedness can increase awareness regarding the importance of cybersecurity.SEC. 2.Section 8592.60 is added to the Government Code, to read:8592.60.(a)For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials and waste sector, transportation systems sector, and water and wastewater systems sector.(b)(1)The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of Californias critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A)A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.(B)The goal of the outreach plan.(C)Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.(D)An estimate of the funding needed to execute the outreach plan.(E)Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F)A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2)The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2029, pursuant to Section 10231.5.(c)(1)The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:(A)A summary of the evaluation performed by the California Cybersecurity Integration Center.(B)The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(i)Current overall funding level.(ii)Potential funding sources.(C)Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.(2)The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2029, pursuant to Section 10231.5.SEC. 2. Section 8592.50 of the Government Code is amended to read:8592.50. (a) (1)The For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials, and waste sector, transportation systems sector, and water and wastewater systems sector.(b) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to the food and agriculture sector and the water and wastewater sector.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for the food and agricultural sector and the water and wastewater sector.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2024. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2028, pursuant to Section 10231.5.(b)(c) (1) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in the food and agriculture sector or the water and wastewater sector with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2024, that includes, but is not limited to, all of the following:(A) A summary of the evaluation performed by the California Cybersecurity Integration Center.(B) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(i) Current overall funding level.(ii) Potential funding sources.(C) Potential voluntary actions that do not require funding and assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity preparedness.(2) The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2028, pursuant to Section 10231.5.(d) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of Californias critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025.(e) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:(1) A summary of the evaluation performed by the California Cybersecurity Integration Center.(2) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(A) Current overall funding level.(B) Potential funding sources.(3) Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.(f) The requirements for submitting the reports described in paragraph (2) of subdivision (c) and subdivision (d) are inoperative on January 1, 2029, pursuant to Section 10231.5.
2	2
3		-	~~Amended IN Assembly June 19, 2023~~ Amended IN Senate May 18, 2023 CALIFORNIA LEGISLATURE 20232024 REGULAR SESSION Senate Bill No. 265Introduced by Senator Hurtado(Coauthors: Senators Archuleta, Min, Rubio, and Umberg)January 31, 2023 An act to amend Section 8592.50 of the Government Code, relating to emergency services. LEGISLATIVE COUNSEL'S DIGESTSB 265, as amended, Hurtado. Cybersecurity preparedness: critical infrastructure sectors.Existing law, the California Emergency Services Act, among other things, creates the Office of Emergency Services (Cal OES), which is responsible for the states emergency and disaster response services, as specified. Existing law requires Cal OES to establish the California Cybersecurity Integration Center (Cal-CSIC) with the primary mission of reducing the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state. Existing law requires Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2024, a strategic, multiyear outreach plan to assist the food and agriculture sector and wastewater sector in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, those sectors in their efforts to improve security preparedness.This bill would require Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2025, a strategic, multiyear outreach plan to assist critical infrastructure sectors, as defined, in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, that sector in their efforts to improve cybersecurity preparedness. The bill would make related findings and declarations.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO
	3	+	Amended IN Senate May 18, 2023 CALIFORNIA LEGISLATURE 20232024 REGULAR SESSION Senate Bill No. 265Introduced by Senator Hurtado(Coauthor: Senator Umberg)(Coauthors: Senators Archuleta, Min, Rubio, and Umberg)January 31, 2023 An act to add Section 8592.60 to amend Section 8592.50 of the Government Code, relating to emergency services. LEGISLATIVE COUNSEL'S DIGESTSB 265, as amended, Hurtado. Cybersecurity preparedness: critical infrastructure sectors.Existing law, the California Emergency Services Act, among other things, creates the Office of Emergency Services (Cal OES), which is responsible for the states emergency and disaster response services, as specified. Existing law requires Cal OES to establish the California Cybersecurity Integration Center (Cal-CSIC) with the primary mission of reducing the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state. Existing law requires Cal-CSIC to provide warnings of cyberattacks to government agencies and nongovernmental partners, coordinate information sharing among these entities, assess risks to critical infrastructure information networks, enable cross-sector coordination and sharing of best practices and security measures, and support certain cybersecurity assessments, audits, and accountability programs. Existing law also requires Cal-CSIC to develop a statewide cybersecurity strategy to improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers, and to strengthen cyber emergency preparedness and response and expand cybersecurity awareness and public education. Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2024, a strategic, multiyear outreach plan to assist the food and agriculture sector and wastewater sector in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, those sectors in their efforts to improve security preparedness.This bill would require Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2025, a strategic, multiyear outreach plan to assist critical infrastructure sectors, as defined, in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, that sector in their efforts to improve cybersecurity preparedness. The bill would make related findings and declarations.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO
4	4
5		-	~~Amended IN Assembly June 19, 2023~~ Amended IN Senate May 18, 2023
	5	+	Amended IN Senate May 18, 2023
6	6
7		-	Amended IN Assembly June 19, 2023
8	7		Amended IN Senate May 18, 2023
9	8
10	9		CALIFORNIA LEGISLATURE 20232024 REGULAR SESSION
11	10
12	11		Senate Bill
13	12
14	13		No. 265
15	14
16		-	Introduced by Senator Hurtado(Coauthors: Senators Archuleta, Min, Rubio, and Umberg)January 31, 2023
	15	+	Introduced by Senator Hurtado(Coauthor: Senator Umberg)(Coauthors: Senators Archuleta, Min, Rubio, and Umberg)January 31, 2023
17	16
18		-	Introduced by Senator Hurtado(Coauthors: Senators Archuleta, Min, Rubio, and Umberg)
	17	+	Introduced by Senator Hurtado(Coauthor: Senator Umberg)(Coauthors: Senators Archuleta, Min, Rubio, and Umberg)
19	18		January 31, 2023
20	19
21		-	An act to amend Section 8592.50 of the Government Code, relating to emergency services.
	20	+	An act to add Section 8592.60 to amend Section 8592.50 of the Government Code, relating to emergency services.
22	21
23	22		LEGISLATIVE COUNSEL'S DIGEST
24	23
25	24		## LEGISLATIVE COUNSEL'S DIGEST
26	25
27	26		SB 265, as amended, Hurtado. Cybersecurity preparedness: critical infrastructure sectors.
28	27
29		-	Existing law, the California Emergency Services Act, among other things, creates the Office of Emergency Services (Cal OES), which is responsible for the states emergency and disaster response services, as specified. Existing law requires Cal OES to establish the California Cybersecurity Integration Center (Cal-CSIC) with the primary mission of reducing the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state. Existing law requires Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2024, a strategic, multiyear outreach plan to assist the food and agriculture sector and wastewater sector in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, those sectors in their efforts to improve security preparedness.This bill would require Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2025, a strategic, multiyear outreach plan to assist critical infrastructure sectors, as defined, in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, that sector in their efforts to improve cybersecurity preparedness. The bill would make related findings and declarations.
	28	+	Existing law, the California Emergency Services Act, among other things, creates the Office of Emergency Services (Cal OES), which is responsible for the states emergency and disaster response services, as specified. Existing law requires Cal OES to establish the California Cybersecurity Integration Center (Cal-CSIC) with the primary mission of reducing the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state. Existing law requires Cal-CSIC to provide warnings of cyberattacks to government agencies and nongovernmental partners, coordinate information sharing among these entities, assess risks to critical infrastructure information networks, enable cross-sector coordination and sharing of best practices and security measures, and support certain cybersecurity assessments, audits, and accountability programs. Existing law also requires Cal-CSIC to develop a statewide cybersecurity strategy to improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers, and to strengthen cyber emergency preparedness and response and expand cybersecurity awareness and public education. Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2024, a strategic, multiyear outreach plan to assist the food and agriculture sector and wastewater sector in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, those sectors in their efforts to improve security preparedness.This bill would require Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2025, a strategic, multiyear outreach plan to assist critical infrastructure sectors, as defined, in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, that sector in their efforts to improve cybersecurity preparedness. The bill would make related findings and declarations.
30	29
31		-	Existing law, the California Emergency Services Act, among other things, creates the Office of Emergency Services (Cal OES), which is responsible for the states emergency and disaster response services, as specified. Existing law requires Cal OES to establish the California Cybersecurity Integration Center (Cal-CSIC) with the primary mission of reducing the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state. Existing law requires Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2024, a strategic, multiyear outreach plan to assist the food and agriculture sector and wastewater sector in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, those sectors in their efforts to improve security preparedness.
	30	+	Existing law, the California Emergency Services Act, among other things, creates the Office of Emergency Services (Cal OES), which is responsible for the states emergency and disaster response services, as specified. Existing law requires Cal OES to establish the California Cybersecurity Integration Center (Cal-CSIC) with the primary mission of reducing the likelihood and severity of cyber incidents that could damage Californias economy, its critical infrastructure, or public and private sector computer networks in the state. Existing law requires Cal-CSIC to provide warnings of cyberattacks to government agencies and nongovernmental partners, coordinate information sharing among these entities, assess risks to critical infrastructure information networks, enable cross-sector coordination and sharing of best practices and security measures, and support certain cybersecurity assessments, audits, and accountability programs. Existing law also requires Cal-CSIC to develop a statewide cybersecurity strategy to improve how cyber threats are identified, understood, and shared in order to reduce threats to California government, businesses, and consumers, and to strengthen cyber emergency preparedness and response and expand cybersecurity awareness and public education. Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2024, a strategic, multiyear outreach plan to assist the food and agriculture sector and wastewater sector in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, those sectors in their efforts to improve security preparedness.
32	31
33	32		This bill would require Cal OES to direct Cal-CSIC to prepare, and Cal OES to submit to the Legislature on or before January 1, 2025, a strategic, multiyear outreach plan to assist critical infrastructure sectors, as defined, in their efforts to improve cybersecurity and an evaluation of options for providing grants or alternative forms of funding to, and potential voluntary actions that do not require funding and that assist, that sector in their efforts to improve cybersecurity preparedness. The bill would make related findings and declarations.
34	33
35	34		## Digest Key
36	35
37	36		## Bill Text
38	37
39		-	The people of the State of California do enact as follows:SECTION 1. The Legislature finds and declares all of the following:(a) Cybersecurity preparedness is a crucial element in the prevention and mitigation of cyberattacks.(b) The frequency of cyberattacks against critical infrastructure sectors continues to increase.(c) A more concerted focus on cybersecurity will help ensure the safety of Californias critical infrastructure sectors.(d) Those operating within these sectors can help the State of California by reporting when a significant and verified cyber threat is identified or an attack is underway.(e) The potential damage from a cyberattack on a critical infrastructure sector could affect the livelihood of Californians.(f) Better outreach regarding cybersecurity preparedness can increase awareness regarding the importance of cybersecurity.SEC. 2. Section 8592.~~50 of~~ the Government Code ~~is amended~~ to read:8592.~~50. (a)~~ For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials, and waste sector, transportation systems sector, and water and wastewater systems sector.(b) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist ~~the food and agriculture sector and the water and wastewater sector~~ in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to ~~the food and agriculture sector and the water and wastewater sector~~.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for ~~the food and agricultural sector and the water and wastewater sector~~.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, ~~2024~~. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, ~~2028~~, pursuant to Section 10231.5.(c) (1) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in ~~the food and agriculture sector~~ or ~~the water and wastewater sector with grants or~~ alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, ~~2024~~, that includes, but is not limited to, all of the following:(A) A summary of the evaluation performed by the California Cybersecurity Integration Center.(B) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(i) Current overall funding level.(ii) Potential funding sources.(C) Potential voluntary actions that do not require funding and assist ~~the~~ food and agriculture sector ~~and the~~ water and wastewater ~~sector in their efforts to improve cybersecurity preparedness.(2) The requirement for submitting a report imposed by this subdivision is inoperative~~ on ~~January 1, 2028, pursuant to Section 10231.5.(d) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on~~ ways to assist ~~each of Californias critical infrastructure sectors~~ in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to ~~critical infrastructure sectors~~.(B) ~~A description~~ that ~~identifies workforce gaps and suggests methods~~ for outreach ~~to increase cybersecurity workforce~~ in ~~critical infrastructure sectors. (B)(C) The goal of the outreach plan.(C)(D) Methods for coordinating~~ with ~~other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services~~ or ~~resources for critical infrastructure sectors.(D)(E) An estimate of the~~ funding needed to execute the outreach plan.(E)(F) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F)(G) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(H) An evaluation plan providing insight into, but not limited to, methods for initial scoping, risk identification and risk analysis, and best practices for proper documentation and recordkeeping of previous cyber threats and attacks.(2) The office shall submit ~~the outreach plan prepared~~ pursuant to ~~this subdivision to the Legislature, pursuant to~~ Section 9795, no later than January 1, 2025.(e) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:(1) A summary of the evaluation performed by the California Cybersecurity Integration Center.(2) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(A) Current overall funding level.(B) Potential funding sources.(3) Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.(~~4) Potential benefit~~ in ~~routinely observing Office of the Attorney General data security breaches.(f) The requirements for submitting the reports described in~~ paragraph (2) of subdivision (c) and subdivision (d) are inoperative on January 1, 2029, pursuant to Section 10231.5.
	38	+	The people of the State of California do enact as follows:SECTION 1. The Legislature finds and declares all of the following:(a) Cybersecurity preparedness is a crucial element in the prevention and mitigation of cyberattacks.(b) The frequency of cyberattacks against critical infrastructure sectors continues to increase.(c) A more concerted focus on cybersecurity will help ensure the safety of Californias critical infrastructure sectors.(d) Those operating within these sectors can help the State of California by reporting when a significant and verified cyber threat is identified or an attack is underway.(e) The potential damage from a cyberattack on a critical infrastructure sector could affect the livelihood of Californians.(f) Better outreach regarding cybersecurity preparedness can increase awareness regarding the importance of cybersecurity.SEC. 2.Section 8592.60 is added to the Government Code, to read:8592.60.(a)For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials and waste sector, transportation systems sector, and water and wastewater systems sector.(b)(1)The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of Californias critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A)A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.(B)The goal of the outreach plan.(C)Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.(D)An estimate of the funding needed to execute the outreach plan.(E)Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F)A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2)The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2029, pursuant to Section 10231.5.(c)(1)The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:(A)A summary of the evaluation performed by the California Cybersecurity Integration Center.(B)The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(i)Current overall funding level.(ii)Potential funding sources.(C)Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.(2)The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2029, pursuant to Section 10231.5.SEC. 2. Section 8592.50 of the Government Code is amended to read:8592.50. (a) (1)The For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials, and waste sector, transportation systems sector, and water and wastewater systems sector.(b) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to the food and agriculture sector and the water and wastewater sector.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for the food and agricultural sector and the water and wastewater sector.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2024. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2028, pursuant to Section 10231.5.(b)(c) (1) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in the food and agriculture sector or the water and wastewater sector with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2024, that includes, but is not limited to, all of the following:(A) A summary of the evaluation performed by the California Cybersecurity Integration Center.(B) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(i) Current overall funding level.(ii) Potential funding sources.(C) Potential voluntary actions that do not require funding and assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity preparedness.(2) The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2028, pursuant to Section 10231.5.(d) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of Californias critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025.(e) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:(1) A summary of the evaluation performed by the California Cybersecurity Integration Center.(2) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(A) Current overall funding level.(B) Potential funding sources.(3) Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.(f) The requirements for submitting the reports described in paragraph (2) of subdivision (c) and subdivision (d) are inoperative on January 1, 2029, pursuant to Section 10231.5.
40	39
41	40		The people of the State of California do enact as follows:
42	41
43	42		## The people of the State of California do enact as follows:
44	43
45	44		SECTION 1. The Legislature finds and declares all of the following:(a) Cybersecurity preparedness is a crucial element in the prevention and mitigation of cyberattacks.(b) The frequency of cyberattacks against critical infrastructure sectors continues to increase.(c) A more concerted focus on cybersecurity will help ensure the safety of Californias critical infrastructure sectors.(d) Those operating within these sectors can help the State of California by reporting when a significant and verified cyber threat is identified or an attack is underway.(e) The potential damage from a cyberattack on a critical infrastructure sector could affect the livelihood of Californians.(f) Better outreach regarding cybersecurity preparedness can increase awareness regarding the importance of cybersecurity.
46	45
47	46		SECTION 1. The Legislature finds and declares all of the following:(a) Cybersecurity preparedness is a crucial element in the prevention and mitigation of cyberattacks.(b) The frequency of cyberattacks against critical infrastructure sectors continues to increase.(c) A more concerted focus on cybersecurity will help ensure the safety of Californias critical infrastructure sectors.(d) Those operating within these sectors can help the State of California by reporting when a significant and verified cyber threat is identified or an attack is underway.(e) The potential damage from a cyberattack on a critical infrastructure sector could affect the livelihood of Californians.(f) Better outreach regarding cybersecurity preparedness can increase awareness regarding the importance of cybersecurity.
48	47
49	48		SECTION 1. The Legislature finds and declares all of the following:
50	49
51	50		### SECTION 1.
52	51
53	52		(a) Cybersecurity preparedness is a crucial element in the prevention and mitigation of cyberattacks.
54	53
55	54		(b) The frequency of cyberattacks against critical infrastructure sectors continues to increase.
56	55
57	56		(c) A more concerted focus on cybersecurity will help ensure the safety of Californias critical infrastructure sectors.
58	57
59	58		(d) Those operating within these sectors can help the State of California by reporting when a significant and verified cyber threat is identified or an attack is underway.
60	59
61	60		(e) The potential damage from a cyberattack on a critical infrastructure sector could affect the livelihood of Californians.
62	61
63	62		(f) Better outreach regarding cybersecurity preparedness can increase awareness regarding the importance of cybersecurity.
64	63
65		-	SEC. 2. Section 8592.50 of the Government Code is amended to read:8592.50. (a) For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials, and waste sector, transportation systems sector, and water and wastewater systems sector.(b) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to the food and agriculture sector and the water and wastewater sector.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for the food and agricultural sector and the water and wastewater sector.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2024. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2028, pursuant to Section 10231.5.(c) (1) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in the food and agriculture sector or the water and wastewater sector with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2024, that includes, but is not limited to, all of the following:(A) A summary of the evaluation performed by the California Cybersecurity Integration Center.(B) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(i) Current overall funding level.(ii) Potential funding sources.(C) Potential voluntary actions that do not require funding and assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity preparedness.(2) The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2028, pursuant to Section 10231.5.(d) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of Californias critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.(B) A description that identifies workforce gaps and suggests methods for outreach to increase cybersecurity workforce in critical infrastructure sectors. (B)(C) The goal of the outreach plan.(C)(D) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.(D)(E) An estimate of the funding needed to execute the outreach plan.(E)(F) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F)(G) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(H) An evaluation plan providing insight into, but not limited to, methods for initial scoping, risk identification and risk analysis, and best practices for proper documentation and recordkeeping of previous cyber threats and attacks.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025.(e) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:(1) A summary of the evaluation performed by the California Cybersecurity Integration Center.(2) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(A) Current overall funding level.(B) Potential funding sources.(3) Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.(4) Potential benefit in routinely observing Office of the Attorney General data security breaches.(f) The requirements for submitting the reports described in paragraph (2) of subdivision (c) and subdivision (d) are inoperative on January 1, 2029, pursuant to Section 10231.5.
	64	+
	65	+
	66	+
	67	+
	68	+	(a)For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials and waste sector, transportation systems sector, and water and wastewater systems sector.
	69	+
	70	+
	71	+
	72	+	(b)(1)The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of Californias critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:
	73	+
	74	+
	75	+
	76	+	(A)A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.
	77	+
	78	+
	79	+
	80	+	(B)The goal of the outreach plan.
	81	+
	82	+
	83	+
	84	+	(C)Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.
	85	+
	86	+
	87	+
	88	+	(D)An estimate of the funding needed to execute the outreach plan.
	89	+
	90	+
	91	+
	92	+	(E)Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.
	93	+
	94	+
	95	+
	96	+	(F)A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.
	97	+
	98	+
	99	+
	100	+	(2)The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2029, pursuant to Section 10231.5.
	101	+
	102	+
	103	+
	104	+	(c)(1)The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:
	105	+
	106	+
	107	+
	108	+	(A)A summary of the evaluation performed by the California Cybersecurity Integration Center.
	109	+
	110	+
	111	+
	112	+	(B)The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:
	113	+
	114	+
	115	+
	116	+	(i)Current overall funding level.
	117	+
	118	+
	119	+
	120	+	(ii)Potential funding sources.
	121	+
	122	+
	123	+
	124	+	(C)Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.
	125	+
	126	+
	127	+
	128	+	(2)The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2029, pursuant to Section 10231.5.
	129	+
	130	+
	131	+
	132	+	SEC. 2. Section 8592.50 of the Government Code is amended to read:8592.50. (a) (1)The For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials, and waste sector, transportation systems sector, and water and wastewater systems sector.(b) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to the food and agriculture sector and the water and wastewater sector.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for the food and agricultural sector and the water and wastewater sector.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2024. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2028, pursuant to Section 10231.5.(b)(c) (1) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in the food and agriculture sector or the water and wastewater sector with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2024, that includes, but is not limited to, all of the following:(A) A summary of the evaluation performed by the California Cybersecurity Integration Center.(B) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(i) Current overall funding level.(ii) Potential funding sources.(C) Potential voluntary actions that do not require funding and assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity preparedness.(2) The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2028, pursuant to Section 10231.5.(d) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of Californias critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025.(e) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:(1) A summary of the evaluation performed by the California Cybersecurity Integration Center.(2) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(A) Current overall funding level.(B) Potential funding sources.(3) Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.(f) The requirements for submitting the reports described in paragraph (2) of subdivision (c) and subdivision (d) are inoperative on January 1, 2029, pursuant to Section 10231.5.
66	133
67	134		SEC. 2. Section 8592.50 of the Government Code is amended to read:
68	135
69	136		### SEC. 2.
70	137
71		-	8592.50. (a) For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials, and waste sector, transportation systems sector, and water and wastewater systems sector.(b) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to the food and agriculture sector and the water and wastewater sector.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for the food and agricultural sector and the water and wastewater sector.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2024. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2028, pursuant to Section 10231.5.(c) (1) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in the food and agriculture sector or the water and wastewater sector with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2024, that includes, but is not limited to, all of the following:(A) A summary of the evaluation performed by the California Cybersecurity Integration Center.(B) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(i) Current overall funding level.(ii) Potential funding sources.(C) Potential voluntary actions that do not require funding and assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity preparedness.(2) The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2028, pursuant to Section 10231.5.(d) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of Californias critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.(B) ~~A description that identifies workforce gaps and suggests methods for outreach to increase cybersecurity workforce in critical infrastructure sectors. (B)(C)~~ The goal of the outreach plan.(C~~)(D~~) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.(D)~~(E)~~ An estimate of the funding needed to execute the outreach plan.(E~~)(F~~) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F)~~(G)~~ A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(H) An evaluation plan providing insight into, but not limited to, methods for initial scoping, risk identification and risk analysis, and best practices for proper documentation and recordkeeping of previous cyber threats and attacks.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025.(e) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:(1) A summary of the evaluation performed by the California Cybersecurity Integration Center.(2) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(A) Current overall funding level.(B) Potential funding sources.(3) Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.(~~4) Potential benefit in routinely observing Office of the Attorney General data security breaches.(~~f) The requirements for submitting the reports described in paragraph (2) of subdivision (c) and subdivision (d) are inoperative on January 1, 2029, pursuant to Section 10231.5.
	138	+	8592.50. (a) (1)The For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials, and waste sector, transportation systems sector, and water and wastewater systems sector.(b) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to the food and agriculture sector and the water and wastewater sector.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for the food and agricultural sector and the water and wastewater sector.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2024. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2028, pursuant to Section 10231.5.(b)(c) (1) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in the food and agriculture sector or the water and wastewater sector with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2024, that includes, but is not limited to, all of the following:(A) A summary of the evaluation performed by the California Cybersecurity Integration Center.(B) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(i) Current overall funding level.(ii) Potential funding sources.(C) Potential voluntary actions that do not require funding and assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity preparedness.(2) The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2028, pursuant to Section 10231.5.(d) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of Californias critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025.(e) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:(1) A summary of the evaluation performed by the California Cybersecurity Integration Center.(2) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(A) Current overall funding level.(B) Potential funding sources.(3) Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.(f) The requirements for submitting the reports described in paragraph (2) of subdivision (c) and subdivision (d) are inoperative on January 1, 2029, pursuant to Section 10231.5.
72	139
73		-	8592.50. (a) For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials, and waste sector, transportation systems sector, and water and wastewater systems sector.(b) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to the food and agriculture sector and the water and wastewater sector.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for the food and agricultural sector and the water and wastewater sector.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2024. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2028, pursuant to Section 10231.5.(c) (1) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in the food and agriculture sector or the water and wastewater sector with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2024, that includes, but is not limited to, all of the following:(A) A summary of the evaluation performed by the California Cybersecurity Integration Center.(B) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(i) Current overall funding level.(ii) Potential funding sources.(C) Potential voluntary actions that do not require funding and assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity preparedness.(2) The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2028, pursuant to Section 10231.5.(d) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of Californias critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.(B) ~~A description that identifies workforce gaps and suggests methods for outreach to increase cybersecurity workforce in critical infrastructure sectors. (B)(C)~~ The goal of the outreach plan.(C~~)(D~~) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.(D)~~(E)~~ An estimate of the funding needed to execute the outreach plan.(E~~)(F~~) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F)~~(G)~~ A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(H) An evaluation plan providing insight into, but not limited to, methods for initial scoping, risk identification and risk analysis, and best practices for proper documentation and recordkeeping of previous cyber threats and attacks.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025.(e) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:(1) A summary of the evaluation performed by the California Cybersecurity Integration Center.(2) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(A) Current overall funding level.(B) Potential funding sources.(3) Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.(~~4) Potential benefit in routinely observing Office of the Attorney General data security breaches.(~~f) The requirements for submitting the reports described in paragraph (2) of subdivision (c) and subdivision (d) are inoperative on January 1, 2029, pursuant to Section 10231.5.
	140	+	8592.50. (a) (1)The For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials, and waste sector, transportation systems sector, and water and wastewater systems sector.(b) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to the food and agriculture sector and the water and wastewater sector.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for the food and agricultural sector and the water and wastewater sector.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2024. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2028, pursuant to Section 10231.5.(b)(c) (1) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in the food and agriculture sector or the water and wastewater sector with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2024, that includes, but is not limited to, all of the following:(A) A summary of the evaluation performed by the California Cybersecurity Integration Center.(B) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(i) Current overall funding level.(ii) Potential funding sources.(C) Potential voluntary actions that do not require funding and assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity preparedness.(2) The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2028, pursuant to Section 10231.5.(d) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of Californias critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025.(e) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:(1) A summary of the evaluation performed by the California Cybersecurity Integration Center.(2) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(A) Current overall funding level.(B) Potential funding sources.(3) Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.(f) The requirements for submitting the reports described in paragraph (2) of subdivision (c) and subdivision (d) are inoperative on January 1, 2029, pursuant to Section 10231.5.
74	141
75		-	8592.50. (a) For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials, and waste sector, transportation systems sector, and water and wastewater systems sector.(b) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to the food and agriculture sector and the water and wastewater sector.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for the food and agricultural sector and the water and wastewater sector.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2024. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2028, pursuant to Section 10231.5.(c) (1) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in the food and agriculture sector or the water and wastewater sector with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2024, that includes, but is not limited to, all of the following:(A) A summary of the evaluation performed by the California Cybersecurity Integration Center.(B) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(i) Current overall funding level.(ii) Potential funding sources.(C) Potential voluntary actions that do not require funding and assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity preparedness.(2) The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2028, pursuant to Section 10231.5.(d) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of Californias critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.(B) ~~A description that identifies workforce gaps and suggests methods for outreach to increase cybersecurity workforce in critical infrastructure sectors. (B)(C)~~ The goal of the outreach plan.(C~~)(D~~) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.(D)~~(E)~~ An estimate of the funding needed to execute the outreach plan.(E~~)(F~~) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F)~~(G)~~ A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(H) An evaluation plan providing insight into, but not limited to, methods for initial scoping, risk identification and risk analysis, and best practices for proper documentation and recordkeeping of previous cyber threats and attacks.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025.(e) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:(1) A summary of the evaluation performed by the California Cybersecurity Integration Center.(2) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(A) Current overall funding level.(B) Potential funding sources.(3) Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.(~~4) Potential benefit in routinely observing Office of the Attorney General data security breaches.(~~f) The requirements for submitting the reports described in paragraph (2) of subdivision (c) and subdivision (d) are inoperative on January 1, 2029, pursuant to Section 10231.5.
	142	+	8592.50. (a) (1)The For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials, and waste sector, transportation systems sector, and water and wastewater systems sector.(b) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to the food and agriculture sector and the water and wastewater sector.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for the food and agricultural sector and the water and wastewater sector.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2024. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2028, pursuant to Section 10231.5.(b)(c) (1) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in the food and agriculture sector or the water and wastewater sector with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2024, that includes, but is not limited to, all of the following:(A) A summary of the evaluation performed by the California Cybersecurity Integration Center.(B) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(i) Current overall funding level.(ii) Potential funding sources.(C) Potential voluntary actions that do not require funding and assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity preparedness.(2) The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2028, pursuant to Section 10231.5.(d) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of Californias critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:(A) A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.(B) The goal of the outreach plan.(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.(D) An estimate of the funding needed to execute the outreach plan.(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025.(e) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:(1) A summary of the evaluation performed by the California Cybersecurity Integration Center.(2) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:(A) Current overall funding level.(B) Potential funding sources.(3) Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.(f) The requirements for submitting the reports described in paragraph (2) of subdivision (c) and subdivision (d) are inoperative on January 1, 2029, pursuant to Section 10231.5.
76	143
77	144
78	145
79		-	8592.50. (a) For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials, and waste sector, transportation systems sector, and water and wastewater systems sector.
	146	+	8592.50. (a) (1)The For purposes of this section, critical infrastructure sectors means the critical infrastructure sectors as defined by the United States Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency, including the chemical sector, commercial facilities sector, communications sector, critical manufacturing sector, dams sector, defense industrial base sector, emergency services sector, energy sector, financial services sector, food and agriculture sector, government facilities sector, health care and public health sector, information technology sector, nuclear reactors, materials, and waste sector, transportation systems sector, and water and wastewater systems sector.
80	147
81	148		(b) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:
82	149
83	150		(A) A description of the need for greater cybersecurity outreach and assistance to the food and agriculture sector and the water and wastewater sector.
84	151
85	152		(B) The goal of the outreach plan.
86	153
87	154		(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for the food and agricultural sector and the water and wastewater sector.
88	155
89	156		(D) An estimate of the funding needed to execute the outreach plan.
90	157
91	158		(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.
92	159
93	160		(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.
94	161
95	162		(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2024. The requirement for submitting a report imposed by this paragraph is inoperative on January 1, 2028, pursuant to Section 10231.5.
	163	+
	164	+	(b)
	165	+
	166	+
96	167
97	168		(c) (1) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in the food and agriculture sector or the water and wastewater sector with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2024, that includes, but is not limited to, all of the following:
98	169
99	170		(A) A summary of the evaluation performed by the California Cybersecurity Integration Center.
100	171
101	172		(B) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:
102	173
103	174		(i) Current overall funding level.
104	175
105	176		(ii) Potential funding sources.
106	177
107	178		(C) Potential voluntary actions that do not require funding and assist the food and agriculture sector and the water and wastewater sector in their efforts to improve cybersecurity preparedness.
108	179
109	180		(2) The requirement for submitting a report imposed by this subdivision is inoperative on January 1, 2028, pursuant to Section 10231.5.
110	181
111	182		(d) (1) The office shall direct the California Cybersecurity Integration Center to prepare a strategic, multiyear outreach plan that focuses on ways to assist each of Californias critical infrastructure sectors in their efforts to improve cybersecurity and that includes, but is not limited to, all of the following:
112	183
113	184		(A) A description of the need for greater cybersecurity outreach and assistance to critical infrastructure sectors.
114	185
115		-	(B) ~~A description that identifies workforce gaps and suggests methods for~~ outreach ~~to increase cybersecurity workforce in critical infrastructure sectors~~.
	186	+	(B) The goal of the outreach plan.
116	187
117		-	(B)
	188	+	(C) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.
118	189
	190	+	(D) An estimate of the funding needed to execute the outreach plan.
119	191
	192	+	(E) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.
120	193
121		-	(C) The goal of the outreach plan.
122		-
123		-	(C)
124		-
125		-
126		-
127		-	(D) Methods for coordinating with other state and federal agencies, nonprofit organizations, and associations that provide cybersecurity services or resources for critical infrastructure sectors.
128		-
129		-	(D)
130		-
131		-
132		-
133		-	(E) An estimate of the funding needed to execute the outreach plan.
134		-
135		-	(E)
136		-
137		-
138		-
139		-	(F) Potential funding sources for the funding needed by the California Cybersecurity Integration Center for the plan.
140		-
141		-	(F)
142		-
143		-
144		-
145		-	(G) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.
146		-
147		-	(H) An evaluation plan providing insight into, but not limited to, methods for initial scoping, risk identification and risk analysis, and best practices for proper documentation and recordkeeping of previous cyber threats and attacks.
	194	+	(F) A plan to evaluate the success of the outreach plan that includes quantifiable measures of success.
148	195
149	196		(2) The office shall submit the outreach plan prepared pursuant to this subdivision to the Legislature, pursuant to Section 9795, no later than January 1, 2025.
150	197
151	198		(e) The office shall direct the California Cybersecurity Integration Center to evaluate options for providing entities in critical infrastructure sectors with grants or alternative forms of funding to improve cybersecurity preparedness. Upon completion of the evaluation, the office shall submit a report to the Legislature, pursuant to Section 9795, no later than January 1, 2025, that includes, but is not limited to, all of the following:
152	199
153	200		(1) A summary of the evaluation performed by the California Cybersecurity Integration Center.
154	201
155	202		(2) The specific grants and forms of funding for improved cybersecurity preparedness, including, but not limited to, the following:
156	203
157	204		(A) Current overall funding level.
158	205
159	206		(B) Potential funding sources.
160	207
161	208		(3) Potential voluntary actions that do not require funding and assist critical infrastructure sectors in their efforts to improve cybersecurity preparedness.
162	209
163		-	(4) Potential benefit in routinely observing Office of the Attorney General data security breaches.
164		-
165	210		(f) The requirements for submitting the reports described in paragraph (2) of subdivision (c) and subdivision (d) are inoperative on January 1, 2029, pursuant to Section 10231.5.