State Officials Heard Testimony from Agency Representatives to Establish Implementation and Accountability Standards for Recently Enacted State and Federal Cybersecurity Policies
SACRAMENTO – The Assembly Committee on Privacy and Consumer Protection and the Assembly Select Committee on Cybersecurity held a Joint-Oversight Hearing today to review recent developments in cybersecurity and the State’s strategy to address the issue. In a year filled with high-profile security breaches in both the private and public sector, there was also significant legislation and Executive Orders at both the State and Federal level. The hearing considered the impact of these new policies on California state government and what steps can be taken to improve the State’s security posture.
“We want to identify issues with the State’s governance structure for cybersecurity, including risk assessment and management, incident response planning, and budgeting,” said Assemblymember Jacqui Irwin (D-Thousand Oaks), Chair of the Select Committee on Cybersecurity. “The steps that are being taken now should be questioned -- this is important approach because many of the cybersecurity issues we face today are a result of poor decisions made 10 or 20 years ago.” Assemblymember Irwin was recently appointed Co-Chair of the National Conference of State Legislatures (NCSL) Cybersecurity Task Force.
The hearing was highlighted by State Auditor Elaine Howle presenting the findings of the High Risk State Information Assets report and the Attorney General’s office presenting the annual Data Breach Report. These reports demonstrated the poor compliance with security standards within state entities and the increasing frequency and sophistication of breaches in the private sector. California CISO Michele Robinson discussed the steps being taken to address the weaknesses in security practices throughout state government and discussed areas of need to improve accountability.
“With so much at risk, it is imperative that the State do all it can to make sure that our networks are secure, resilient and competently overseen,” said Assemblymember Ed Chau (D-Monterey Park), Chair of the Committee on Privacy and Consumer Protection. “An honest and forthright discussion with the Administration, like the one we had today, is a necessary first step to ensure that our state networks remain safe and secure for the benefit of all Californians. But there’s a lot to do, and the matter is urgent, so it’s imperative that we get to work.”
Major General Matt Beevers provided testimony regarding the unique cybersecurity capabilities of the National Guard and the mission to provide security support and services to state government networks. Lastly, Office of Emergency Services Director Mark Ghilarducci spoke about California’s cybersecurity strategy, the need for centralized leadership on the issue, and the goals of the Governor’s August 2015 Executive Order. The lack of a comprehensive strategy to address cybersecurity threats was identified as an area of concern and committee members and Department officials discussed convening a working group with the Legislature to share sensitive security information that can better inform oversight and the budget process.
Assemblymember Irwin at today’s Cybersecurity hearing.
Assemblymember Irwin says California is not doing enough to reduce the risk of cyber security hacks and attacks.
Assemblymember Irwin says there is a long list of cyber security shortcomings the state must address.
Assemblymember Irwin says the risk to everyday Californians is real.
Assemblymember Irwin says legislation may be needed to address cybersecurity issues.
CONTACT: Asm. Irwin: Morgan Culbertson, (805) 822-9694
Asm. Chau: Edmundo Cuevas, (916) 319-2049