Instead, they cut to the heart of the challenge: a rapidly shifting threatscape that simply can’t be ignored, and what needs to be done to adapt the state to this reality.
“The threats are real, they are evolving and they are relentless,” CIO Liana Bailey-Crimmins told attendees.
The CIO likened the state’s cybersecurity philosophy to a seatbelt, which only works if it’s been put on before a crash. This means setting baselines, prioritizing critical gaps, building trust between the California Department of Technology (CDT) and stakeholders, and aligning around common cybersecurity goals.
“You do what you practice and what you prepare for,” Bailey-Crimmins said.
The common theme running throughout the morning remarks was a call for better alignment and measurement across all of state government, guided by living documents such as Envision 2026 and the Cal-Secure Strategic Plan.
While Bailey-Crimmins drove home the concerning national metrics about scams targeting Californians and large-scale attack efforts by nation-state actors, she also underscored the improvements being made across state government.
More than 80 percent of departments have exceeded the baseline standards outlined in Cal-Secure, and while the progress is substantial, Bailey-Crimmins said letting up is not an option.
“We all have a target on our back,” she said of the state’s 40 million residents.
CAL-SECURE 2.0 AND A CALL TO INDUSTRY
The effort to align cybersecurity practices across the state’s 150 or so departments, boards and commissions is getting an overhaul. Cal-Secure 2.0 is in the works and state cybersecurity officials are keen to get industry input.
Chief Information Security Officer Vitaliy Panych said during his morning remarks that the state doesn’t just want industry input on the newest iteration of the document, it needs it.
Panych pointed to measurement and assessment, establishing baselines and mission recovery as key areas where private-sector expertise could help shape the document.
A primary focus for Panych and Deputy CISO Doug Novak is creating a collaborative and open dialogue between siloed departments and cybersecurity teams, the pair said.
“We have the people, we have the tech, but how are we working together?” Novak said.
The Office of Information Security, Panych said, is pivoting away from its oversight roots and growing its focus on becoming a collaborative partner for other departments.
