Newsom Administration Announces First Multi-year Cybersecurity Roadmap to Protect Californians’ Privacy and Security

SACRAMENTO — Today, Governor Gavin Newsom’s Administration released Cal-Secure, the State of California’s first multi-year cybersecurity roadmap. Built on industry-leading best practices and frameworks, Cal-Secure addresses critical gaps in the state’s information and cybersecurity programs while enabling the state to manage existing and future threats more effectively. Cal-Secure defines a path for state entities to strengthen our cybersecurity measures and prioritize resources to manage the most significant cyber risks and safeguard those services for Californians who depend on them.

“Hackers steal our time, money, and peace of mind. Protecting our data is among the most important things we can do to prevent disruption to our daily lives and our economy.” said Governor Newsom. “We have to do more to safeguard the state’s critical infrastructure, intellectual property and our status as one of the world’s leading economies.”

Cal-Secure’s roadmap outlines actionable steps, with measurable success criteria, to ensure California’s Executive Branch has a world-class cybersecurity workforce, an empowered and right-sized federated cybersecurity oversight governance structure and effective cybersecurity defenses to all technology, including critical infrastructure.

The roadmap is broken into three categories − people, process and technology − each containing strategic priorities to address critical shortfalls or concerns. These priorities include developing and unifying California’s diverse, innovative cybersecurity workforce to safeguard the data and systems used to deliver public services; providing effective oversight supported by a flexible governance model; and investing in technology and services to enhance cybersecurity capabilities at all state entities.

Cal-Secure is designed to improve cyber defenses statewide, regardless of the existing baseline capabilities of state government agencies and entities. This plan builds on the key objectives of the California Homeland Security Strategy (HSS), under which California established a goal to strengthen security and preparedness across cyberspace by enhancing safety and preparedness with state, federal, local, tribal, and private sector stakeholders.

The Newsom Administration has advanced $260 million in recent investments at the Department of Technology and other state entities to bolster the state’s ability to prevent and respond to cyberattacks. The state budget also includes $11.3 million one-time and $38.8 million ongoing to mature the state’s overall security posture, improve statewide information security initiatives, analyze cyber threat intelligence and mitigate potential threats.

Cal-Secure was created through a collaborative process with the California Cybersecurity Integration Center (Cal-CSIC) and its four critical partners: California Department of Technology (CDT), the California Governor’s Office of Emergency Services (Cal OES), California Highway Patrol (CHP), and California Military Department (CMD) and the state government security community.