California Cybersecurity Integration Center

Emergency Support Function (ESF) 18

The purpose of this Emergency Support Function (ESF) 18: Cybersecurity Annex is to facilitate, coordinate, and support the following core functions:

  • Refining inter-agency and cross-sector information coordination, encouraging information sharing, and performing threat analysis.
  • Sharing information in a way that protects privacy, confidentiality, and civil liberties.
  • Establishing and maintaining the Incident Response Team (IRT) to detect, report, and respond to cyber incidents.

CA-ESF 18 outlines coordination for cyber critical response including detection, mitigation, and information sharing related to statewide cyber-related events.

Scope

The CA-ESF 18 Annex describes the organizational framework for support and coordination among CA-ESF 18 partners when responding to cyber incidents. The Annex provides base guidance for partners and their operations before, during, and after a cyber incident. In order to respond appropriately and manage resources, CA-ESF 18 partners utilize the cyber incident severity matrix below.

California Cyber Incident SeverityDescription
Level 0 - Steady StateUnsubstantiated or inconsequential event.
Level 1 - LowUnlikely to impact public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.
Level 2- MediumMay impact public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.
Level 3 – HighLikely to result in a demonstrable impact on public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.
Level 4 - SevereLikely to result in a significant impact to public health or safety, national security, economic security, foreign relations, or civil liberties.
Level 5 – Emergency Poses an imminent threat to the provision of wide-scale critical infrastructure services, State government security, or the lives of California citizens.

Emergency Function Agencies/Departments

The CA-ESF 18 designates four state agencies to partner in response and in support of statewide cyber incident response.

  • California Governor’s Office of Emergency Services (Cal OES)
  • California Department of Technology (CDT)
  • California Highway Patrol (CHP)
  • California Military Department (CMD)

The four agencies will coordinate resources and personnel to respond to cyber incidents within the state.

For more information about CA-ESF 18: Please Click Here