California Gov. Jerry Brown spent considerable time this year forging ties with China — seeking economic partnerships for the state during a weeklong trip there in April, then signing a non-binding climate change pact with the emerging superpower in September.
But agreements on paper only go so far amid the ever-changing dynamics of foreign relations. As Brown was touring China in search of trade opportunities, China’s military likely was continuing what it has reportedly done for years: methodically probing for vulnerabilities in critical computer systems maintained by California government agencies and the state’s biggest companies.
The fact that foreign actors are engaged in sophisticated hacking against California and its businesses certainly isn’t lost on the Brown administration and the governor’s homeland security adviser. “There could be a win-win out of it for the state’s economy, but we also need to understand the threat that exists and put in processes here in California to mitigate,” said Mark Ghilarducci, director of the Governor’s Office of Emergency Services.
The state is taking action. Ghilarducci’s office is partnering with the California Department of Technology and state CIO Carlos Ramos to convene what’s called the California Cybersecurity Task Force. The first-of-its-kind advisory workgroup is composed of high-level security experts from state and local government, universities and laboratories, and major corporations and technology companies that call California home. “From a homeland security standpoint, we really needed to develop a platform to bring these stakeholders together,” Ghilarducci said.
The group, which had its first closed-door meeting in May, is working on a range of issues, such as enhancing cybersecurity products, improving coordination and information sharing between the public and private sector, securing funding, developing breach remediation guidelines, and creating cybersecurity education programs for the work force and California’s schools and universities.
The initial goal, Ghilarducci added, is to make it more difficult for hackers to infiltrate the electrical grid and other key systems, or to steal companies’ intellectual property and the public’s personal information — realizing along the way that it’s impossible to eliminate all incidents and breaches. Threats are coming in from all directions, whether from individual “hacktivists” or large nation-states that are conducting cyber espionage, so eliminating all cyber threat is unrealistic.