California’s new strategy for prioritizing cyber defense
With its first multiyear cybersecurity roadmap, California is addressing critical gaps in the state’s information and cybersecurity programs, allowing it to better manage existing and future threats.
Cal-Secure lays out a path for state departments to strengthen their cybersecurity and prioritize resources to improve cyber defenses statewide.
Developed by the California Department of Technology (CDT) and its Office of Information Security, Cal-Secure outlines actionable steps for developing effective cybersecurity defenses for all technology, including critical infrastructure, building a world-class cybersecurity workforce and right-sizing federated cybersecurity oversight.
The roadmap defines a baseline set of cybersecurity capabilities and phased implementation priorities. California already offers agencies a number of networking, services and integration capabilities. Five priority categories run from anti-malware and multifactor authentication in phase one to disaster recovery and mobile device management in phase four and identity lifecycle management and enterprise encryption in phase five. Cybersecurity services can be deployed by individual agencies, as a shared service or from a third party, according to the roadmap.
IT modernization efforts will ensure cybersecurity is built in by leveraging user analytics as well as secure hosting environments and application development.
CDT will be the primary security operations center, and the state will create a constellation of SOCs that all state entities must be part of by the end of 2023, enabling a collaborative network for tackling cybersecurity.
An enhanced cybersecurity workforce, built through increased opportunities and training will help the state safeguard the data and systems used to deliver public services. To improve oversight, an empowered agency-level, flexible governance structure will be developed for conducting security assessments and helping agencies develop their own cybersecurity strategies.
According to Cal-Secure, within five years the state expects to gather and link together threat data from executive branch agencies, create a portfolio of cybersecurity as a service offerings, implement a unified integrated risk management platform and eliminate the use of unsecured technology.
“We have to do more to safeguard the state’s critical infrastructure, intellectual property and our status as one of the world’s leading economies,” said Gov. Gavin Newsom. “Protecting our data is among the most important things we can do to prevent disruption to our daily lives and our economy.”
According to the Oct. 22 announcement, the Newsom administration has recently invested $260 million to bolster the state’s ability to prevent and respond to cyberattacks. California’s budget also includes a $11.3 million one-time investment and $38.8 million in ongoing funding to mature the state’s overall security posture, improve statewide information security initiatives, analyze cyber threat intelligence and mitigate potential threats, officials said.
Cal-Secure was created through a collaborative process with the California Cybersecurity Integration Center, CDT, the California Governor’s Office of Emergency Services, California Highway Patrol, the California Military Department and the state government security community.
Connect with the GCN staff on Twitter @GCNtech.