(1) There is hereby created the emergency management council (hereinafter called the council), to consist of not more than 21 members who shall be appointed by the adjutant general. The membership of the council shall include, but not be limited to, representatives of city and county governments, two representatives of federally recognized tribes, sheriffs and police chiefs, county coroners and medical examiners, the Washington state patrol, the military department, the department of ecology, state and local fire chiefs, seismic safety experts, state and local emergency management directors, search and rescue volunteers, medical professions who have expertise in emergency medical care, building officials, private industry, and the office of the superintendent of public instruction. The representatives of private industry shall include persons knowledgeable in emergency and hazardous materials management. The councilmembers shall elect a chair from within the council membership. The members of the council shall serve without compensation, but may be reimbursed for their travel expenses incurred in the performance of their duties in accordance with RCW
43.03.050 and
43.03.060 as now existing or hereafter amended.
(2) The emergency management council shall advise the governor and the director on all matters pertaining to state and local emergency management. The council may appoint such ad hoc committees, subcommittees, and working groups as are required to develop specific recommendations for the improvement of emergency management practices, standards, policies, or procedures. The council shall ensure that the governor receives an annual assessment of statewide emergency preparedness including, but not limited to, specific progress on hazard mitigation and reduction efforts, implementation of seismic safety improvements, reduction of flood hazards, mitigation of cybersecurity risks to critical infrastructure, and coordination of hazardous materials planning and response activities. The council shall review administrative rules governing state and local emergency management practices and recommend necessary revisions to the director.
(3) The council or a council subcommittee shall serve and periodically convene in special session as the state emergency response commission required by the emergency planning and community right-to-know act (42 U.S.C. Sec. 11001 et seq.). The state emergency response commission shall conduct those activities specified in federal statutes and regulations and state administrative rules governing the coordination of hazardous materials policy including, but not limited to, review of local emergency planning committee emergency response plans for compliance with the planning requirements in the emergency planning and community right-to-know act (42 U.S.C. Sec. 11001 et seq.). Committees shall annually review their plans to address changed conditions, and submit their plans to the state emergency response commission for review when updated, but not less than at least once every five years. The department may employ staff to assist local emergency planning committees in the development and annual review of these emergency response plans, with an initial focus on the highest risk communities through which trains that transport oil in bulk travel. By March 1, 2018, the department shall report to the governor and legislature on progress towards compliance with planning requirements. The report must also provide budget and policy recommendations for continued support of local emergency planning.
(4)(a) The cybersecurity advisory committee is created and is a subcommittee of the emergency management council. The purpose of the cybersecurity advisory committee is to provide advice and recommendations that strengthen cybersecurity in both industry and public sectors across all critical infrastructure sectors.
(b) The cybersecurity advisory committee shall bring together organizations with expertise and responsibility for cybersecurity and incident response among local government, tribes, state agencies, institutions of higher education, the technology sector, and first responders with the goal of providing recommendations on building and sustaining the state's capability to identify and mitigate cybersecurity risk and to respond to and recover from cybersecurity-related incidents, including but not limited to ransomware incidents. With respect to critical infrastructure, the cybersecurity advisory committee shall work with relevant federal agencies, state agencies, institutions of higher education as defined in chapter
28B.92 RCW, industry experts, and technical specialists to:
(i) Identify which local, tribal, and industry infrastructure sectors are at the greatest risk of cyberattacks and need the most enhanced cybersecurity measures;
(ii) Use federal guidance to analyze categories of critical infrastructure in the state that could reasonably result in catastrophic consequences if unauthorized cyber access to the infrastructure occurred;
(iii) Recommend cyber incident response exercises that relate to risk and risk mitigation in the water, transportation, communications, health care, elections, agriculture, energy, and higher education sectors, or other sectors as the cybersecurity advisory committee deems appropriate, in consultation with appropriate state agencies including, but not limited to, the energy resilience and emergency management office at the department of commerce and the secretary of state's office; and
(iv) Examine the inconsistencies between state and federal law regarding cybersecurity.
(c) In fulfilling its duties under this section, the military department and the cybersecurity advisory committee shall collaborate with the consolidated technology services agency and the technology services board security subcommittee created in RCW
43.105.291.
(d) In order to protect sensitive security topics and information, the cybersecurity advisory committee must follow 6 C.F.R. Part 29, as it existed on July 23, 2023, procedures for handling critical infrastructure information. The reports produced, and information compiled, pursuant to this subsection are confidential and may not be disclosed under chapter
42.56 RCW.
(e) The cybersecurity advisory committee must contribute, as appropriate, to the emergency management council annual report and must meet quarterly. The cybersecurity advisory committee shall hold a joint meeting once a year with the technology services board security subcommittee created in RCW
43.105.291.
(f) For the purpose of this subsection, "ransomware" has the same meaning as in RCW
43.105.020.
(5)(a) The intrastate mutual aid committee is created and is a subcommittee of the emergency management council. The intrastate mutual aid committee consists of not more than five members who must be appointed by the council chair from council membership. The chair of the intrastate mutual aid committee is the military department representative appointed as a member of the council. Meetings of the intrastate mutual aid committee must be held at least annually.
(b) In support of the intrastate mutual aid system established in chapter
38.56 RCW, the intrastate mutual aid committee shall develop and update guidelines and procedures to facilitate implementation of the intrastate mutual aid system by member jurisdictions, including but not limited to the following: Projected or anticipated costs; checklists and forms for requesting and providing assistance; recordkeeping; reimbursement procedures; and other implementation issues. These guidelines and procedures are not subject to the rule-making requirements of chapter
34.05 RCW.
(6) On emergency management issues that involve early learning, kindergarten through twelfth grade, or higher education, the emergency management council must consult with representatives from the following organizations: The department of children, youth, and families; the office of the superintendent of public instruction; the state board for community and technical colleges; and an association of public baccalaureate degree-granting institutions.