LAO Backs Newsom’s $614K Request for State Library Cybersecurity Funds

The Legislative Analyst’s Office, the state’s nonpartisan policy and fiscal adviser, is recommending that the Legislature approve the $614,000 that Gov. Gavin Newsom is requesting for cybersecurity upgrades by the California State Library.

In one of a spate of budget reports, LAO says Newsom’s request is prudent as the State Library’s cyber defense technology nears end of life. The State Library’s existing tools “remove malicious emails, secure data transmitted over the Internet, create encrypted Internet connections, and create firewalls to insulate sections of its network,” LAO’s March 7 report notes.

“The State Library notes, for instance, that as hardware and software become outdated, vendors sometimes discontinue their support services, which can, in turn, amplify security risks,” the report says. “Additionally, it would like to update its cybersecurity tools before its existing ones become obsolete or begin to fail.”

The report acknowledges that procuring new cybersecurity hardware, software and services can be time-consuming, and the Library wants to be proactive in securing solutions.

“If an agency begins the procurement process at the point when its cybersecurity hardware and software have already reached the end of their useful life, then installation and implementation processes could go less smoothly and lead to increased risk exposure,” LAO notes.

Two of the state’s key cybersecurity oversight departments had mixed findings in their security assessments of the State Library. The California Military Department's independent assessment found that the biggest risk to the department is employee behavior — when a staffer might click on a malicious link or download an infected document.

Separately, the California Department of Technology's assessment found that the State Library “lacks certain written risk assessment policies and procedures.”

“Despite these shortcomings,” the LAO report says, “the State Library indicates there have not been any cybersecurity breaches over the past 25 years.”

Specifically, Newsom is proposing giving the State Library $332,000 from the General Fund in 2025-26 and $282,000 in ongoing General Funds beyond that for enhanced cybersecurity — $614,000 in all. The money would go primarily toward replacing outdated networking and security infrastructure.

“The funds would pay for updated hardware and a renewable cloud-based security subscription service,” LAO says. “The State Library indicates that the primary rationale for the new hardware and software subscription service is to ensure that as its current system reaches its end of life, new defense tools are put into place to protect against cybersecurity threats.”

In addition to newer firewalls and a cloud-based security component, the Library would upgrade to Microsoft Office 365, which has more robust security features than the current Microsoft Office suite. The Library would also subscribe to CDT’s Security Operations Center as a Service (SOCaaS), “which performs continuous, year-round, comprehensive monitoring for cybersecurity threats.”

With the State Library’s current CDT subscription, it can take advantage of only some of CDT’s SOCaaS features. Newsom’s proposal would allow for a more expansive subscription, giving the Library access to an upgraded suite of cybersecurity tools.

Acknowledging CDT’s findings of inadequate risk assessment policies and procedures, the Library proposes first upgrading its security tools and services, and then updating the policies and procedures.

“Funding this project now could help prevent cybersecurity breaches and potentially avoid larger expenses in the future if the Library were to experience a cyberattack,” LAO concludes.

The State Library serves as the central library for state government; collects, preserves and publicizes state literature and historical items; and provides custom research services to state agencies. About 67 percent of funding for the State Library comes from the General Fund and 28 percent from federal grants, with the remaining amount coming from the special funds and reimbursements.

The State Library received $74.3 million in Fiscal Year 2024-25, and Newsom’s proposed FY 2025-26 budget seeks to almost double that to $144.3 million, according to a report discussed last week by Assembly Budget Subcommittee No. 3 on Education Finance.

Michael Martinez is the chief information officer for the State Library.