Multi-year Cybersecurity Roadmap to Protect Californians’ Privacy and Security

Late last year, Governor Gavin Newsom’s Administration released Cal-Secure, the State of California’s first multi-year cybersecurity roadmap.

Built on industry-leading best practices and frameworks, Cal-Secure addresses critical gaps in the state’s information and cybersecurity programs while enabling the state to effectively manage existing and future threats. Cal-Secure defines a path for state entities to strengthen cybersecurity and prioritize resources to manage any significant risks and safeguard services for Californians who depend on them.

“Hackers steal our time, money and peace of mind. Protecting our data is among the most important things we can do to prevent disruption to our daily lives and our economy,” said Governor Newsom. “We have to do more to safeguard the state’s critical infrastructure, intellectual property and our status as one of the world’s leading economies.”

Cal-Secure’s roadmap outlines actionable steps to ensure California’s executive branch has a world-class cybersecurity workforce, an empowered and rightsized federated cybersecurity oversight governance structure and effective cybersecurity defenses to all technology, including critical infrastructure.

The roadmap contains three categories − people, process and technology − each with strategic priorities to address critical shortfalls. These include developing California’s diverse, innovative cybersecurity workforce to safeguard public service data and systems; providing oversight supported by a flexible governance; and investing in technology and services to enhance the state’s cybersecurity capabilities.

Cal-Secure is designed to improve cyber defenses statewide, regardless of the existing capabilities of state agencies. This plan builds on the California Homeland Security Strategy (HSS), which created goals to strengthen security and preparedness across cyberspace by enhancing safety among state, federal, local, tribal and private sector stakeholders.

The Newsom administration has advanced $260 million in recent investments at the Department of Technology and other state entities to bolster the state’s ability to prevent and respond to cyberattacks. The state budget also includes $11.3 million one-time and $38.8 million ongoing to mature the state’s overall security posture, improve statewide information security initiatives, analyze cyber threat intelligence and mitigate potential threats.

Cal-Secure was created through a collaborative process with the California Cybersecurity Integration Center (Cal-CSIC) and its four critical partners: California Department of Technology (CDT), the California Governor’s Office of Emergency Services (Cal OES), California Highway Patrol (CHP), and the California Military Department (CMD) and state government security community.