Techwire
Seeking to further bolster California against cyberattacks, lawmakers on Tuesday approved legislation that would require state agencies and departments to inventory their critical infrastructure controls.
The inventory would be an added requirement of the Technology Recovery Plans that lawmakers last year asked state entities to complete by July 2018 and submit to the California Department of Technology.
“This inventory would allow the chief information security officer a strategic overview of the critical infrastructure within the state’s network,” Jacqui Irwin, D-Thousand Oaks, told the Assembly Privacy and Consumer Protection Committee, which approved her bill by a 10-0 vote.
With such detailed information, the CISO could provide better guidance to agencies and departments, review project and budget requests more thoroughly, and alert agencies and departments to known threats and vulnerabilities to their specific control systems, Irwin added.
Currently, the Department of Technology has no way of knowing about all of the critical infrastructure assets at each state agency or department — or what controls are being used to maintain the security and operability of those assets, according to the committee analysis of the bill.
Lawmakers have approved several bills in recent years in an effort to bolster California’s defenses against a cyberattack, noting that the state’s networks, systems and assets are vital to public health, safety and economic security.
Gov. Jerry Brown last year signed into law AB 1841, also by Irwin, that requires agencies and departments to explain how they plan to restore functionality to their critical systems and applications should there be a compromising breach. Irwin’s inventory bill builds upon that law.