On 31 August 2015, the Governor of California signed Executive Order B-34-15, creating the California Cybersecurity Integration Center (Cal-CSIC).
On 26 September 2018, the Governor of California approved Assembly Bill 2813, in support of California's statewide cybersecurity strategy.
The passing of AB2813 added
Section 8586.5 to the California Government Code which further defines the structure and the mission of the Cal-CSIC:
The California Cybersecurity Integration Center shall serve as the central organizing hub of state government’s cybersecurity activities and coordinate information sharing with local, state, and federal agencies, tribal governments, utilities and other service providers, academic institutions, and nongovernmental organizations.
The California Cybersecurity Integration Center shall operate in close coordination with the California State Threat Assessment System and the United States Department of Homeland Security — National Cybersecurity and Communications Integration Center, including sharing cyber threat information that is received from utilities, academic institutions, private companies, and other appropriate sources.
The California Cybersecurity Integration Center shall develop a statewide cybersecurity strategy, informed by recommendations from the California Task Force on Cybersecurity and in accordance with state and federal requirements, standards, and best practices. The cybersecurity strategy shall be developed to improve how cyber threats are identified, understood, and shared in order to reduce threats to the California government, businesses, and consumers. The strategy shall also strengthen cyber emergency preparedness and response, standardize implementation of data protection measures, enhance digital forensics and cyber investigative capabilities, deepen expertise among California’s workforce of cybersecurity professionals, and expand cybersecurity awareness and public education.
The Cal-CSIC is made up of four core partners, the California Governor’s Office of Emergency Services, the California Department of Technology, the California Military Department, and the California Highway Patrol.Additional partners include other Federal, State, and private sector partners including the Federal Bureau of Investigation (FBI) and the United States Department of Homeland Security (DHS). Each partner provides experts to the Cal-CSIC, which serves as the central organizing hub of the State’s cybersecurity activities.
The Cal-CSIC is co-located with the California State Threat Assessment Center (STAC), which serves as the State’s primary fusion center with the responsibility to protect the State from terrorist and other physical threats. With its core partners, the Cal-CSIC has established multiple capabilities to accomplish its mission:
Cyber Incident Response Coordination
The California Cybersecurity Integration Center shall establish a Cyber Incident Response Team to serve as California’s primary unit to lead cyber threat detection, reporting, and response in coordination with public and private entities across the state.
This team shall also assist law enforcement agencies with primary jurisdiction for cyber-related criminal investigations and agencies responsible for advancing information security within state government.
This team shall be comprised of personnel from agencies, departments, and organizations represented in the California Cybersecurity Integration Center.
Information sharing by the California Cybersecurity Integration Center shall be conducted in a manner that protects the privacy and civil liberties of individuals, safeguards sensitive information, preserves business confidentiality, and enables public officials to detect, investigate, respond to, and prevent cyber attacks that threaten public health and safety, economic stability, and national security.
Cyber Threat Alerts and Advisories
Enables the Cal-CSIC to serve as a conduit for cybersecurity threat information between Federal, State, Local, and Tribal government entities. Advisories and Alerts are also shared with Private sector partners.
California Automated Indicator Exchange
Provides the exchange of intelligence-driven cyber threat indicators between the Cal-CSIC cyber threat feeds and partner entities at machine speed, resulting in the distribution of relevant and timely cyber threat and trend information.
Phishing Email/Malware AnalysisCal-CSIC Analysts collect and analyze phishing emails to extrapolate relevant information about the attacker and their respective tactics, called Indicators of Compromise. These IOCs are added to the California Automated Indicator Exchange to ensure timely distribution to partner entities.
HOW YOU CAN HELP PROTECT CALIFORNIA
State, local, and tribal governments, non-governmental organizations and the private sector can partner with the Cal-CSIC by registering to receive Alerts and Advisories, sharing IOCs and cyber incident reports, and connecting to the California Automated Indicator Exchange.
Report cyber incidents to the Cal-CSIC at (833) REPORT-1 or firstname.lastname@example.org.