Professional Documents
Culture Documents
97
SB 892 —2—
97
—3— SB 892
line 1 cooperatives in the food and agriculture industry when they identify
line 2 a significant and verified cyber threat or active cyberattack. In
line 3 drafting these reporting requirements, guidelines, the office shall
line 4 consider, but not be limited to, the following:
line 5 (1) A holistic view of the food and agriculture industry, with
line 6 respect to the food production and packing industry.
line 7 (2) A required suggested reporting timeline, including a
line 8 requirement that, upon discovery of a significant and verified cyber
line 9 threat or cyberattack, timeline encouraging the affected actor to
line 10 report the event a significant and verified cyber threat or
line 11 cyberattack within 30 days of discovery.
line 12 (3) A requirement suggested guideline that the affected actor
line 13 send a report of a significant and verified cyber threat or
line 14 cyberattack to all any of, but not limited to, the following:
line 15 (A) The office.
line 16 (B) The California Cybersecurity Integration Center.
line 17 (C) The Department of Technology.
line 18 (D) The Department of Food and Agriculture.
line 19 (E)
line 20 (D) The State Threat Assessment Center.
line 21 (4) Guidelines on the content for a report of a cyber threat or
line 22 cyberattack, including the following information:
line 23 (A) Details on the structure of the cyber threat or cyberattack.
line 24 (B) The origin of the cyber threat or cyberattack.
line 25 (C)
line 26 (B) Any individuals or groups at risk of being affected by the
line 27 cyber threat or cyberattack.
line 28 (D)
line 29 (C) Any actions taken to combat or mitigate the cyber threat or
line 30 cyberattack.
line 31 (E)
line 32 (D) Planned upcoming actions to combat or mitigate the cyber
line 33 threat or cyberattack.
line 34 (b) The office shall develop and enact optional reporting
line 35 requirements guidelines applicable to entities in the water and
line 36 wastewater management systems industry when they identify a
line 37 significant and verified cyber threat or active cyberattack. In
line 38 drafting these reporting requirements, guidelines, the office shall
line 39 consider, but not be limited to, the following:
97
SB 892 —4—
97
—5— SB 892
97
SB 892 —6—
line 1 (e) This section does not require the water and wastewater sector
line 2 to submit vulnerability assessments, emergency response plans,
line 3 or other related documents to the state.
97