IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

State Publishes ‘Foundational’ Cybersecurity Road Map

“I am hopeful this approach of condensing and aligning these prior efforts into Cal-Secure can succeed in maturing the state’s cybersecurity posture,” said Assemblymember Jacqui Irwin, the Ventura County Democrat who chairs the Assembly’s Select Committee on Cybersecurity.

Cal-Secure image.JPG
This story is limited to Techwire Insider members.
This story is limited to Techwire Insider members. Login below to read this story or learn about membership.
Gov. Gavin Newsom’s office published Cal-Secure on Friday, the state’s “first multiyear cybersecurity road map,” signifying a pivotal change in the state’s security policies and practices.

The state’s chief information security officer (CISO), Vitaliy Panych, summarized Cal-Secure in a LinkedIn post, also Friday: “It’s a foundational doc which outlines where our public sector entities are at, where they’re going, and how they’re going to get there in terms of maturing their cyber security posture,” Panych wrote. “This is the de facto guide on how our agencies are keeping Californians safe, online, and in business.”

The road map is the outgrowth of a cybersecurity overhaul begun under Panych’s predecessor, former state CISO Peter Liebert.

“Hackers steal our time, money and peace of mind,” Newsom said in a statement. “Protecting our data is among the most important things we can do to prevent disruption to our daily lives and our economy. We have to do more to safeguard the state’s critical infrastructure, intellectual property and our status as one of the world’s leading economies.”

“Built on industry-leading best practices and frameworks, Cal-Secure addresses critical gaps in the state’s information and cybersecurity programs while enabling the state to manage existing and future threats more effectively,” Newsom’s office said Friday in a news release. “Cal-Secure defines a path for state entities to strengthen our cybersecurity measures and prioritize resources to manage the most significant cyber risks and safeguard those services for Californians who depend on them.”

The plan has three sections – “people, process and technology” − each of which includes priorities to address “critical shortfalls or concerns.”

“These priorities include developing and unifying California’s diverse, innovative cybersecurity workforce to safeguard the data and systems used to deliver public services; providing effective oversight supported by a flexible governance model; and investing in technology and services to enhance cybersecurity capabilities at all state entities,” the statement said.

Panych wrote in his LinkedIn post: “The Newsom Administration has advanced $260 million in recent investments at the Department of Technology and other state entities to bolster the state’s ability to prevent and respond to cyberattacks. The state budget also includes $11.3 million one-time and $38.8 million ongoing to mature the state’s overall security posture, improve statewide information security initiatives, analyze cyber threat intelligence and mitigate potential threats.”

Friday’s announcement was welcomed by, among others, Assemblymember Jacqui Irwin. The Ventura County Democrat is the chair of the Assembly’s Select Committee on Cybersecurity.

“I applaud the governor and the extensive team of cybersecurity professionals who spent countless hours refining this vision for the state,” Irwin said in a statement Friday afternoon. “The cybersecurity of state networks and capabilities cannot be stressed enough, millions of Californians rely upon state services to be available and accurate to feed their families, access important information, and conduct business that keeps our economy thriving. The executive branch has made significant strides to mature the state’s cybersecurity since I passed legislation to require Independent Security Assessments of state agencies, require cybersecurity incident response standards, require reporting of cybersecurity spending, and make permanent the California Cybersecurity Integration Center (Cal-CSIC).”

Irwin said her select committee has followed the state’s cybersecurity efforts for seven years, “and I am hopeful this approach of condensing and aligning these prior efforts into Cal-Secure can succeed in maturing the state’s cybersecurity posture.”

Irwin said she’s planning an informational hearing of her committee in coming weeks “to give the administration an opportunity to further explain its goals to the Legislature.”

She added that she looks forward to “further developing the accountability metrics mentioned in the Cal-Secure road map, to ensure Californians see the progress envisioned by the governor.”

Newsom’s office noted that Cal-Secure was created “through a collaborative process” with the California Cybersecurity Integration Center and its four partners: the California Department of Technology, the California Governor’s Office of Emergency Services (Cal OES), the California Highway Patrol and the California Military Department.
Dennis Noone is Managing Editor of Techwire. He is a career journalist, having worked as a reporter and editor at small-town newspapers and major metropolitan dailies in California, Nevada, Texas and Virginia, including as an editor with USA Today in Washington, D.C. He lives in the Northern California foothills.