Arizona builds security plan

• By Dibya Sarkar
• May 18, 2001

S.B. 1123

Although a bill failed that would have addressed the protection of Arizona's physical and electronic properties, the state is circulating security guidelines directing how agencies can share information and respond to cyberthreats.

That satisfies state Rep. Wes Marsh, who sponsored the House version of S.B. 1123, vetoed by Gov. Jane Dee Hull last week. The bill would have created a Statewide Infrastructure Protection Center (SIPC), a command and control structure charged with defending the state's physical and information resources in emergencies.

Rick Zelznak, the state's chief information officer, opposed the bill because he said if it passed, it would have been a setback for state security efforts.

Specifically, he said it did not provide funds to establish the SIPC or spell out how the state should use its existing resources and personnel. He said his department, the Government Information Technology Agency (www.gita.state.az.us), has been planning and drafting statewide security policies for protecting the information infrastructure.

Zelznak said the state has an incident response mechanism in place so that alerts can be sent out to agencies. It has a computer emergency response team (CERT), of sorts, composed of GITA, the attorney general's office, and the public safety and administration departments, to respond to cyberattacks, Zelznak said, adding that the state is also part of the FBI's intrusion-detection reporting program called InfraGuard.

He said GITA also has close ties with the emergency management division, which protects the state's physical infrastructures. He said the two agencies would work in concert if, for example, a cyber incident disables a dam and causes a flood.

This was the second bill Marsh sponsored to created a critical infrastructure protection plan by statute.

Under the bill, Marsh said Arizona would have been the first state to develop a coordinated approach to investigate and respond to cyberthreats and threats to physical infrastructures. It would have also created a single CERT and established an information-sharing link between the Arizona National Guard and the U.S. Defense Department.

He said technology is inextricably tied to the physical world and it's easy for hackers to interrupt delivery of services, such child support, tax refunds and emergency services, and cause rolling energy blackouts. "The bottom line is we need to protect the delivery of services, economic vitality and public safety," he said.