Assemblywoman Pushes for Additions to State Technology Recovery Plans

Seeking to further bolster California against cyberattacks, lawmakers on Tuesday approved legislation that would require state agencies and departments to inventory their critical infrastructure controls.

The inventory would be an added requirement of the Technology Recovery Plans that lawmakers last year asked state entities to complete by July 2018 and submit to the California Department of Technology.

“This inventory would allow the chief information security officer a strategic overview of the critical infrastructure within the state’s network,” Jacqui Irwin, D-Thousand Oaks, told the Assembly Privacy and Consumer Protection Committee, which approved her bill by a 10-0 vote.

With such detailed information, the CISO could provide better guidance to agencies and departments, review project and budget requests more thoroughly, and alert agencies and departments to known threats and vulnerabilities to their specific control systems, Irwin added.

Currently, the Department of Technology has no way of knowing about all of the critical infrastructure assets at each state agency or department — or what controls are being used to maintain the security and operability of those assets, according to the committee analysis of the bill.

Lawmakers have approved several bills in recent years in an effort to bolster California’s defenses against a cyberattack, noting that the state’s networks, systems and assets are vital to public health, safety and economic security.

Gov. Jerry Brown last year signed into law AB 1841, also by Irwin, that requires agencies and departments to explain how they plan to restore functionality to their critical systems and applications should there be a compromising breach. Irwin’s inventory bill builds upon that law.

The privacy committee also approved the following technology-related bills:

• AB 342 would let San Francisco and San Jose test automated technology that tickets speeding drivers as part of a five-year pilot program. The technology is used in more than 140 cities across the country, but it is not allowed under California law. The measure by Assemblyman David Chiu, D-San Francisco, passed by a 6-4 vote.
• AB 434 would require state agencies and entities to submit a report next year to the Department of Technology about their Web accessibility. The bill by Assemblywoman Catharine Baker, R-Dublin, would also require the department to adopt a state Web accessibility standard by Dec. 31, 2018, and report to the Legislature how it would ensure state websites meet that standard. Lawmakers unanimously approved the bill.