Emergency Support Function (ESF) 18
The purpose of this Emergency Support Function (ESF) 18: Cybersecurity Annex is to facilitate, coordinate, and support the following core functions:
- Refining inter-agency and cross-sector information coordination, encouraging information sharing, and performing threat analysis.
- Sharing information in a way that protects privacy, confidentiality, and civil liberties.
- Establishing and maintaining the Incident Response Team (IRT) to detect, report, and respond to cyber incidents.
CA-ESF 18 outlines coordination for cyber critical response including detection, mitigation, and information sharing related to statewide cyber-related events.
Scope
The CA-ESF 18 Annex describes the organizational framework for support and coordination among CA-ESF 18 partners when responding to cyber incidents. The Annex provides base guidance for partners and their operations before, during, and after a cyber incident. In order to respond appropriately and manage resources, CA-ESF 18 partners utilize the cyber incident severity matrix below.
| California Cyber Incident Severity | Description |
|---|---|
| Level 0 - Steady State | Unsubstantiated or inconsequential event. |
| Level 1 - Low | Unlikely to impact public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence. |
| Level 2- Medium | May impact public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence. |
| Level 3 – High | Likely to result in a demonstrable impact on public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence. |
| Level 4 - Severe | Likely to result in a significant impact to public health or safety, national security, economic security, foreign relations, or civil liberties. |
| Level 5 – Emergency | Poses an imminent threat to the provision of wide-scale critical infrastructure services, State government security, or the lives of California citizens. |
Emergency Function Agencies/Departments
The CA-ESF 18 designates four state agencies to partner in response and in support of statewide cyber incident response.
- California Governor’s Office of Emergency Services (Cal OES)
- California Department of Technology (CDT)
- California Highway Patrol (CHP)
- California Military Department (CMD)
The four agencies will coordinate resources and personnel to respond to cyber incidents within the state.
For more information about CA-ESF 18: Please Click Here
