SACRAMENTO – Governor Brown signed Assembly Bill 670 by Assemblymember Jacqui Irwin (D-Thousand Oaks) to mandate that a minimum number of cybersecurity risk assessments are performed on state networks every year.
“Cybersecurity attacks are on the rise and California state government is a priority target because of the value and sheer size of its networks and data,” said Assemblymember Irwin. “The state bears a responsibility in actively defending the information it collects as well as the critical networks that Californians rely on for services. AB 670 will make sure those steps are taken.”
AB 670 requires the Office of Information Security, in consultation with the Office of Emergency Services, to mandate a minimum of 35 network security assessments to be performed each year. The bill authorizes the Department of Technology to require agencies not in compliance to receive and fund an assessment. The bill authorizes the Military Department to perform these risk assessments. Required assessments will be targeted based upon the relative amount of sensitive personal data, including health and financial records, and the level of non-compliance with security provisions.
“This legislation improves cybersecurity preparedness by ensuring that risk assessments are regularly performed on state networks that contain the most sensitive information,” said Assemblymember Irwin. “This bill addresses the problem identified by the recent State Auditor report, that compliance with existing security controls is lacking and there is no enforcement. AB 670 ensures more frequent use of this vital tool to protect public safety and our economy.”
AB 670 received unanimous bipartisan support in the Legislature and was a frequent topic of discussion at California Cybersecurity Task Force meetings. The bill will become law on January 1, 2016.
Assemblymember Jacqui Irwin represents California’s 44th Assembly District and serves as Chair of the Assembly Select Committee on Cybersecurity.
CONTACT: Morgan Culbertson, (805) 822-9694