Lawmakers from the Colorado Desert to the wine country have brought forth legislation aiming to make government websites and email addresses more secure and standardized, to plan ahead on cybersecurity across multiple sectors, to tighten oversight on social media apps, and to learn how effective state-sponsored cybersecurity education programs have been. Among the takeaways:
- Senate Bill 265 on cybersecurity preparedness would build on the California Emergency Services Act, which created the California Office of Emergency Services (Cal OES) and on existing law that required the office to establish the California Cybersecurity Integration Center (Cal-SCIC). The bill from state Sen. Melissa Hurtado, a Sanger Democrat, would have Cal OES order Cal-CSIC to prepare a “strategic, multiyear outreach plan to assist critical infrastructure sectors ... in their efforts to improve cybersecurity” and to evaluate options for funding to improve cybersecurity preparedness. The plan would be due to the Legislature by Jan. 1, 2025. The IT sector is among the “critical infrastructure sectors,” per the bill. The plan should include a “description of the need for greater cybersecurity outreach and assistance to the food and agriculture sector and the water and wastewater sector”; ways to work with other state and federal agencies, organizations and associations that provide cybersecurity services for the food and agricultural sector and the water and wastewater sector; an estimate of the necessary funding; and of possible sources for the funding Cal-CSIC would need for the plan. The bill has reached the state Assembly and on June 8 was referred to the Assembly Committee on Emergency Management; no hearing date has been set.
- Assembly Bill 1637 would apply to all cities including charter cities and build on requirements in the California Public Records Act. The bill, from Assemblymember Jacqui Irwin, D-Thousand Oaks, would require local agencies with public websites to make sure those websites use “a ‘.gov’ top-level domain or a ‘.ca.gov’ second-level domain” and, for local agencies that don’t already have that in place, would require them to “redirect that Internet website to a domain name that does utilize a ‘.gov’ or ‘.ca.gov’ domain.” This would be mandatory by Jan. 1, 2027 and would also apply to local government email addresses, requiring the agencies that provide these to employees also use a “.gov” or a “.ca.gov” domain name. Local agencies in California qualify for a free “.gov” domain, according to the bill. The suffix is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security and available only to “United States-based government organizations and publicly controlled entities” like local agencies. The “.ca.gov” domain is overseen by the California Government Operations Agency; the California Department of Technology (CDT) manages registrations, changes and renewals. The bill has been referred to the state Senate Committee on Governance and Finance; no hearing has been set.
- SB 74, from Sen. Bill Dodd, D-Napa, doesn’t mention the highly popular and controversial TikTok app by name. But it would prohibit social media apps from being downloaded or installed on state-owned or -issued devices if an “entity of concern or a country of concern directly or indirectly owns, directly or indirectly controls, or holds 10 percent or more” of the owner company’s voting shares. The bill is an urgency statute and would take effect immediately if passed and signed by Gov. Gavin Newsom. The bill doesn’t list actual countries of concern. The bill is now being considered by the state Assembly and has been referred to its committees on Accountability and Administrative Review and Privacy and Consumer Protection. Hearings have not been set.
- AB 569, from Assemblymember Eduardo Garcia, D-Coachella, would further refine the California State University’s Cybersecurity Regional Alliances and Multistakeholder Partnerships Pilot Program, created to bridge the cybersecurity workforce gap with “regional pipeline programs in cybersecurity.” The programs are already required to set goals and metrics and report, and the CSU chancellor already reports annually on each campus pilot. But lawmakers want to gain a more global understanding of the performance of the program as a whole. This bill would give the chancellor’s office until July 1, 2028, to deliver a “comprehensive report” to the Legislature on the pilot program, with recommendations for improving it, data on enrollment and on how many different groups of people it has served, data on veterans who have taken part, and recommendations on boosting those numbers. The bill has been referred to the state Senate Committee on Education, where it will be heard at 9 a.m. June 28. (AB 183, a higher education trailer bill, established the program last June.)
