IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Legislative Analyst Scrutinizes Community Colleges’ Cybersecurity

In a new Budget and Policy Post, the Legislative Analyst’s Office examines how to maximize the reach of proposed funding for “Cybersecurity at the California Community Colleges.”

SHUTTERSTOCK_CALIFORNIA_CAPITOL_DUSK
A state office that provides fiscal and policy advice to lawmakers is recommending the Legislature take, generally, a measured approach to an area of Gov. Gavin Newsom’s proposed budget that could enable community colleges to beef up cybersecurity.

In a recent Budget and Policy Post, the Legislative Analyst’s Office (LAO) scrutinizes “Cybersecurity at the California Community Colleges,” an area covered in Newsom’s budget under “California Community Colleges Technology Modernization and Sensitive Data Protection.” If approved as-is, the budget would provide an “increase of $100 million Proposition 98 General Fund, of which $75 million is one-time, to address modernization of CCC technology infrastructure, including sensitive data protection efforts at the community colleges.” Of that funding, the LAO notes, $92 million would go to colleges, and the Chancellor’s Office would, per the LAO, “award the remaining $8 million via contracts with certain districts to provide specified systemwide services and oversight.” Examined another way, the $75 million in one-time funding is, the LAO said in its post, “primarily for security network upgrades, general security software and anti‑fraud technology.” The $25 million ongoing is “primarily for college cybersecurity staffing.”

“The main goal of this package of proposals is to enhance colleges’ information security to protect against enrollment scams and hacking. A secondary goal is to improve the user experience for students applying to CCC,” the office writes. Here’s how the LAO recommends handling the proposed funds:

  • Cybersecurity staff: The LAO calls on the Legislature to approve $23 million in “ongoing funding for district cybersecurity staff,” adding: “We think the state has an interest in making sure every district has at least one staff person dedicated to cybersecurity. Multi‑college districts, however, may warrant more funding.” It also recommends the Chancellor’s Office create a method of allocating these funds that ensures a minimum funding level for each district, noting those that already have cybersecurity staff could be allowed to use their allocations to hire more staff or “improve their cybersecurity preparedness in other ways.”
  • Clarity ahead of funding: The office recommends the Legislature “postpone consideration of the $1.8 million in ongoing funding for the proposed state‑level cybersecurity structure ($1.5 million Proposition 98 General Fund and $314,000 non‑Proposition 98 General Fund) pending receipt of better information.” Specifically, the LAO suggests lawmakers request the Newsom administration and the Chancellor’s Office clarify the role and functions of staff at the Information Security Center, “proposed statewide cybersecurity teams,” a proposed oversight body at system level, and two more cybersecurity positions proposed for the Chancellor’s Office.” The Chancellor’s Office, the LAO writes, “should clarify how the statewide cybersecurity teams would prioritize their work and how much workload they are expected to accomplish annually given the proposed funding.”
  • Change how funds would be allocated: The LAO recommends the Legislature “appropriate the $69 million in one-time funding” for community colleges – but direct the Chancellor’s Office to allocate it with an eye not just for enrollment but need as well. This, the office said in the post, could deliver more funding to less prepared colleges – and enable colleges to use their portions for “independent security assessments, network upgrades, software licenses and related technology costs.” An inventory of the colleges’ cybersecurity preparedness by the Chancellor’s Office could inform the allocations, the LAO said.
  • Let Chancellor’s Office data guide funding: The LAO recommends requiring the office to provide documentation on the basic “requirements” for colleges to reach a “minimum level of security”; estimates of one-time and ongoing costs associated with this; and a formula for distributing the one-time funding according to college size, needs and costs. The LAO suggests Oct. 15 as a deadline for the Chancellor’s Office to provide the documentation to administration and Legislature “with the findings informing release of the one‑time funds as well as potential (Fiscal Year) 2023‑24 budget decisions.” Better information, the LAO writes, could narrow down how much one-time funding is needed – and the amount of state funding needed annually to cover the colleges’ ongoing cybersecurity costs, adding: “Ideally, over the next few years, the Chancellor’s Office and colleges will learn more about the main risk factors underlying cyber attacks and enrollment fraud, such that the Legislature can align funding increases with those risk factors and potential cost drivers.”
  • Get more information on CCCApply costs: The LAO recommends that the Legislature direct the Newsom administration to deliver “full justification for the remaining $2.6 million one-time funding it proposes” for CCCApply, the the California Community Colleges’ online application center, and for the $500,000 in proposed ongoing costs. To date, the office notes, the administration has provided “workload justification for only $3.4 million in costs.” The LAO suggests the May revision of Newsom’s budget as a deadline to provide the information, which could then be used to determine how much funding to provide in the 2022-2023 Fiscal Year budget.
Theo Douglas is Assistant Managing Editor of Industry Insider — California.