Arizona builds security plan
- By Dibya Sarkar
- May 18, 2001
S.B. 1123
Although a bill failed that would have addressed the protection of Arizona's
physical and electronic properties, the state is circulating security guidelines
directing how agencies can share information and respond to cyberthreats.
That satisfies state Rep. Wes Marsh, who sponsored the House version of
S.B. 1123, vetoed by Gov. Jane Dee Hull last week. The bill would have created
a Statewide Infrastructure Protection Center (SIPC), a command and control
structure charged with defending the state's physical and information resources
in emergencies.
Rick Zelznak, the state's chief information officer, opposed the bill because
he said if it passed, it would have been a setback for state security efforts.
Specifically, he said it did not provide funds to establish the SIPC or
spell out how the state should use its existing resources and personnel.
He said his department, the Government Information Technology Agency (www.gita.state.az.us), has been planning and drafting statewide security policies for protecting the information infrastructure.
Zelznak said the state has an incident response mechanism in place so that
alerts can be sent out to agencies. It has a computer emergency response
team (CERT), of sorts, composed of GITA, the attorney general's office,
and the public safety and administration departments, to respond to cyberattacks,
Zelznak said, adding that the state is also part of the FBI's intrusion-detection
reporting program called InfraGuard.
He said GITA also has close ties with the emergency management division,
which protects the state's physical infrastructures. He said the two agencies
would work in concert if, for example, a cyber incident disables a dam and
causes a flood.
This was the second bill Marsh sponsored to created a critical infrastructure
protection plan by statute.
Under the bill, Marsh said Arizona would have been the first state to develop
a coordinated approach to investigate and respond to cyberthreats and threats
to physical infrastructures. It would have also created a single CERT and
established an information-sharing link between the Arizona National Guard
and the U.S. Defense Department.
He said technology is inextricably tied to the physical world and it's easy
for hackers to interrupt delivery of services, such child support, tax refunds
and emergency services, and cause rolling energy blackouts. "The bottom
line is we need to protect the delivery of services, economic vitality and
public safety," he said.