State-Level Cybersecurity Preparedness Needed to Protect Critical CA Infrastructure

During testimony to the California State Senate, cyber-security expert Dr. Tony Coulson outlined the concerns that California must contend with in order to protect its critical infrastructure sectors.

“California needs the ability to coordinate effectively for cyber-attack responses. A cyber-attack is not just a possibility, but a probability, stated Dr. Coulson, outlining why the state needs to enhance it cyber-attack preparedness.

After input from security experts, I am carrying Senate bill SB 265, which directs the California Office of Emergency Services (Cal-OES) and the California Cybersecurity Integration Center (Cal-CSIC) to prepare a multi-year outreach plan to assist critical infrastructure sectors specifically in efforts to improve cybersecurity.

Despite the advanced age of some critical infrastructure components in California, there is remote accessibility that allows an intentionally wide spaced system like the State Water Project (SWP) to operate in a manner efficient for the unique environmental circumstances of each particular component. It is what allows Shasta Dam to maximize rainwater capture while Oroville focuses on snowmelt, all part of the same water management network. This same accessibility also makes these systems vulnerable to a cyberattack, and it is why California must prepare for the inevitable.

Infrastructure modernization is needed across the board ranging from our state’s highway system to the water conveyance systems that make California the nation’s agricultural leader. A key component of this effort will be the integration of advanced technology into pre-existing structures. However, as operational technologies converge with information technologies to bring California’s infrastructure into the 21st century, our exposure to cyber-attacks increases as previously inaccessible systems go online or are subject to remote commands.

Modernization Needed to Protect Against Attacks

A cyber-attack on a public institution is a disruptive event with the potential to affect thousands. When hackers targeted LA Unified School District over Labor Day weekend in 2022, the attack was described as a significant disruption to the district’s systems infrastructure. The security climate that presaged this attack may be analogous at the state level according to a recent report by the State Auditor’s office, which noted that the California Department of Technology has yet to identify the systems statewide that are outdated or obsolete and require modernization to protect against cyber-attacks, outage or failure.

Without an expansive, state-level security review and comprehensive preparedness plan, the next cyber-attack could take a critical system offline and leave investigators uncertain whether sensitive information was stolen, an experience San Bernardino law enforcement contended with during a ransomware attack costing the county and insurers $1.1 million in ransom money.

A state-level approach to cybersecurity will enable California to balance infrastructure modernization efforts with security concerns requiring proactive preparedness. The security-needs landscape is evolving, and to protect critical infrastructure, California’s security must evolve at an even faster pace to stay a step ahead of the next cyber-attack.

About the Writer

Senator Melissa Hurtado represents the 16th Senate District in the California Legislature, which includes portions of Fresno, Tulare, Kings and Kern Counties. Hurtado is Chair of the Senate Committee on Agriculture, and a member of the Environmental Quality, Health, Human Services, and Natural Resources and Water Committee, and Joint Legislative Committee on Climate Change Policies.

Make Your Voice Heard

GV Wire encourages vigorous debate from people and organizations on local, state, and national issues. Submit your op-ed to rreed@gvwire.com for consideration.