AB 1667

Bill Subjects

Abstract

Existing law, the California Emergency Services Act, among other things, creates the Office of Emergency Services, which is responsible for the state's emergency and disaster response services, as specified. Existing law requires the office to establish the California Cybersecurity Integration Center with the primary mission of reducing the likelihood and severity of cyber incidents that could damage California's economy, its critical infrastructure, or public and private sector computer networks in the state. Existing law establishes the Department of Technology within the Government Operations Agency, supervised by the Director of Technology, whose duties include advising the Governor on the strategic management and direction of the state's information technology resources. Existing law establishes the Office of Information Security within the Department of Technology, with the purpose of ensuring the confidentiality, integrity, and availability of state systems and applications, and promoting and protecting privacy as part of the development and operations of state systems and applications to ensure the trust of the residents of the state. This bill would establish the California Cybersecurity Awareness and Education Council within the Department of Technology. The bill would require the council to be composed of 15 members, to be appointed by February 1, 2024, as specified. The bill would require the council to research ways to increase cybersecurity awareness and education of students, families, and other adults, with the goal of helping people learn and use healthy cybersecurity practices, and ways to create a larger and more diverse cybersecurity-trained workforce, and would require the council to propose a strategy to engage Californians in the effort to improve cybersecurity practices and strengthen cyber infrastructure, as specified. This bill would require the council to submit a report by July 1, 2024, that includes, among other things, approaches the state can take to raise awareness of and increase education regarding cybersecurity, including in K–12 schools, institutions of higher education, and workplaces, and ways to effectively utilize social media, marketing campaigns, and the news media to increase awareness of and distribute materials about cybersecurity, as specified. This bill would make these provisions inoperative on February 1, 2025, and would repeal them as of January 1, 2026.