Assigned to GOV                                                                                                                                          AS ENACTED

 

 

 

ARIZONA STATE SENATE

Phoenix, Arizona

 

VETOED

FINAL REVISED

FACT SHEET FOR S.B. 1123

 

office of housing development

(NOW: information protection; planning; development)

 

Purpose

 

            Creates the Arizona National Guard Computer Emergency Response Team, the Statewide Infrastructure Protection Center and the state's Computer Emergency Response Team to address the protection of the state's physical and information infrastructure.

 

Background

 

            According to the Computer Crime and Intellectual Property Section of the U.S. Department of Justice, our national defense, public safety, economic prosperity and quality of life depend on the efficient delivery of essential services: energy, banking and finance, transportation, vital human services and telecommunication.  The rapid growth and integration of the telecommunication infrastructure has made all of these sectors interdependent, and in the process, created unprecedented risks and vulnerability.  Recently, much attention has been focused on the vulnerability of information systems, specifically computerized systems, to the many forms of "computer attack," such as the Love Bug and Anna Kournikova viruses.  The creation of these entities is intended to address this growing concern.

 

            This legislation allows these entities to utilize monies in the information technology fund, which is funded by a 0.15 percent charge on state agency payrolls.  According to the Joint Legislative Budget Committee, the estimated FY 2000-2001 balance is approximately $2 million.

 

            In her veto message, Governor Hull related the following three reasons, as part of her rationale: the bill mandates approaches to infrastructure protection that are inconsistent with best practices; the bill would delay the protection of Arizona' information system; and the bill provides no funding for the 15 programs the bill mandates.

           

            Though the exact fiscal impact of this legislation is being determined, fiscal impacts can be expected relating to personnel and administrative costs.

 

 

 

 

 

 

 

Provisions

 

Arizona National Guard Computer Emergency Response (ANGER) Team

 

1.      Requires the Adjutant General to organize an ANGER team for the protection of Arizona National Guard networks and to adopt procedures for protecting the physical and information infrastructure.

 

2.      Requires the ANGER team to establish a memorandum of agreement with the U.S. Department of Defense Computer Emergency Response Team to establish information sharing for both threat and vulnerability information.

 

Statewide Infrastructure Protection Center/DEMA

 

3.      Establishes a statewide infrastructure protection (SIP) center under the Director of the emergency management division of DEMA in cooperation with the Director of the Government Information Technology Agency (GITA) to function under the Director for critical infrastructure protection.

 

4.      Requires the SIP center to coordinate and integrate the protection of critical physical and information infrastructure for this state.

 

5.      Provides additional duties of the SIP center including the provision of funding for the information infrastructure protection requirements from the information technology fund and the submittal of an annual report and a schedule for completion of a plan with milestones for accomplishing its statewide physical information infrastructure protection duties by December 31 of each year to the Governor, the Director of GITA and the Legislature.

 

Computer Emergency Response Team/GITA

6.      Establishes the Computer Emergency Response Team (CERT) under the Director of GITA to coordinate and implement information infrastructure protection in cooperation with the SIP center.

 

7.      Provides additional duties of CERT including the provision of funding these requirements with monies from the information technology fund and the submittal of a report to the Governor, the Director of emergency management division of DEMA, the Director of GITA and the Legislature containing a schedule for completion of a plan with milestones for accomplishing its computer emergency response duties.

 

8.      Requires all state agencies to develop a capability to detect and report to CERT any attacks and intrusions on their systems from unauthorized and authorized users.

 

9.      Allows the Department of Public Safety to investigate any incident arising from CERT activities.

 

10.  Provides for a general effective date.

 

House Action                                                               Senate Action

 

CED                4/02/01    DPA         8-0-0-2-0           COM               1/24/01     DPA     6-0-0-0

TRANS           4/05/01    DPA/SE   6-0-1-3-0            3^rd Read           2/05/01                  25-4-1-0

3^rd Read           4/25/01                     43-14-3-0           Final Passage  5/02/01        18-12-0-0

 

 

Vetoed by the Governor 5/8/01

 

Prepared by Senate Staff

May 10, 2001