Aside from the associated time and implementation costs that could have been associated with these proposed laws, legislators have been transparent about another hurdle they can’t outmaneuver: According to the state Constitution, lawmakers – who only returned to session earlier this month – must approve a state budget by June 15. Considering COVID-19 and a projected $53.4 billion shortfall doesn’t leave them much time for other matters. Among the takeaways:
• State Senate Bill 1058, from Sen. Ben Hueso, D-San Diego, is the so-called “Digital Divide Relief Plan,” and is very much in the mix. Introduced Friday, it would require the California Public Utilities Commission (CPUC) to direct Internet service providers (ISPs) to file annual emergency operations plans documenting how they’ll work with first responders and ensure reliable broadband during a disaster or emergency. The bill would require these plans to also show how ISPs will provide affordable access to people affected by disasters and emergencies – including the pandemic.
“These emergencies underscore the importance of ensuring access to reliable internet and other telecom services. The pandemic may not have created the digital divide, but it has fueled the fire by increasing our reliance on broadband for basic needs,” Hueso said during a press conference last week, as reported by the San Diego Union-Tribune. SB 1058 is an urgency statute and would take effect immediately. It will be considered Tuesday by the State Senate Standing Committee on Energy, Utilities and Communications.
• Assembly Bill 1366, from Assemblymember Tom Daly, D-Anaheim, would authorize the California Governor’s Office of Emergency Services (CalOES) to set requirements for the next-generation 911 emergency communication system, including costs, services, and terms and conditions for any contractor selected. However, it remains in committee, and a staffer told Techwire its future is “yet to be determined.”
• Four other cybersecurity bills are definitely sidelined. AB 2669, from Assemblymember Jacqui Irwin, D-Thousand Oaks, would have required state agencies not already covered by provisions from the California Department of Technology’s Office of Information Security “to adopt and implement information security and privacy policies, standards, and procedures” based on National Institute of Standards and Technology (NIST) and other federal standards; and to certify their compliance annually to the state Assembly. It headed to the Assembly Privacy and Consumer Protections Committee, Irwin told Techwire via email, “which declined to hear the bill at its only scheduled hearing of Assembly measures on May 5th.”
“However, as the Chair of the Select Committee on Cybersecurity, I am committed to this issue and will continue to work to make the security outcomes of this proposal come to fruition,” she said.
• AB 2326 from Assemblymember Rudy Salas, R-Bakersfield, would have required a school board, county board of education or state special school to report cyberattacks to the California Cybersecurity Integration Center (Cal-CSIC); set a cybersecurity coordinator to work with Cal-CSIC and notify parents if a pupil’s records were accessed; and require the center to stand up a database to track those cyberattacks and annually report to the Legislature.
• AB 2507, from Assemblymember Frank Bigelow, R-O’Neals, would have added the state Department of General Services, California’s business manager, as one of the organizations entitled to send a representative to Cal-CSIC. A Bigelow staffer told Techwire via email that the proposed legislation was “facing a reduced number of Committee hearings this year,” so “(our) team prioritized bills dealing with wildfire mitigation and district measures that would help the economy.”
• SB 1218, from Sen. Jerry Hill, D-San Mateo, would have required local, publicly owned electric and gas utilities to operate transmission and distribution systems in a way that would “minimize the cybersecurity risks to those lines and equipment.” The utilities would also have had to create annual cybersecurity plans for review by their governing boards – and the CPUC would have had to address those same risks by adopting standards for operation during emergency and disaster and determine whether companies are meeting those standards.
“California lawmakers are moving forward with much smaller bill portfolios this year in response to COVID-19,” a Hill aide told Techwire via email.
