[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Arizona governor vetoes cyberdefense bill
- To: fitug debate <debate@fitug.de>
- Subject: Arizona governor vetoes cyberdefense bill
- From: Andreas Lehner <atoth@berlin.ccc.de>
- Date: Sat, 12 May 2001 00:36:17 +0200
- Comment: This message comes from the debate mailing list.
- Sender: owner-debate@fitug.de
- User-Agent: Mutt/1.2.5i
Computerworld
http://www.computerworld.com/cwi/stories/0,1199,NAV47-68-84-88-93_STO60424,00.html
Arizona governor vetoes cyberdefense bill
By BRIAN SULLIVAN
(May 10, 2001) Arizona Gov. Jane Dee Hull vetoed a bill yesterday that would have established the first
state-level IT infrastructure protection center in the nation (see story). But a key proponent of the bill, which
some touted as a model for coordinating cyberdefense efforts across the country, isn't giving up.
"Lightning came down from the mountain," said State Rep. Wes Marsh in reference to the veto. "We're going to do
it. We're going to do it without legislation," he added.
The Republican legislator said he met with Rick Zelznak, Arizona's CIO and director of the state's Government
Information Technology Agency, for about 90 minutes today and came away from that meeting convinced that some form
of state cyberprotection remains possible.
"We're just going to institutionalize it," Marsh said. "It's a win-win. We're going to have something; it won't be
codified in law."
Marsh suggested that the plan may be put together by executive order. But a spokeswoman for Hull said that as far
as she knew, nothing had changed.
"I don't know what he said, and if Mr. Marsh has decided to do something, that is up to him. He has not informed
us about that," the spokeswoman said.
In a letter to the legislature explaining the veto, Hull wrote that she had the following three major problems
with the bill, which had passed both the Arizona House and Senate:
* The bill mandates measures that aren't among the best practices of infrastructure protection.
* The bill would delay measures aimed at protecting the state's information systems.
* The bill didn't include funding for the 15 different plans it mandated.
Marsh said that he was disappointed that Hull, a fellow Republican, had vetoed the bill and that he didn't know
what her complaints were beyond what appeared in her letter.
"I was disappointed in the governor that they didn't even bother to call me," Marsh said, adding that he didn't
understand Hull's concerns that the measure would not abide by "best practices."
"I saw that, and ... I am going to ask them for the support documentation," Marsh said. He speculated that Hull
might have objected to using freeware and older components for some systems.
Despite the setback, Marsh said he is confident that he has the support of Zelznak and that Arizona will
eventually take the lead in cybersecurity among the 50 states. "I've seen standards," Marsh said of his talks with
Zelznak. "It isn't like they are just telling me what I want to hear."
He acknowledged, however, that whatever plan emerges now won't be as extensive as the one outlined in his bill and
won't link the state of Arizona to the U.S. Department of Defense.
As originally proposed, the bill would have created a Statewide Infrastructure Protection Center (SIPC) to merge
the efforts of a state-run civilian Computer Emergency Response Team with a similar unit proposed by the Arizona
National Guard.
The SIPC would also have been linked to the private sector through the FBI's InfraGard program, as well as to the
Defense Department and the National Infrastructure Protection Center, a federal security agency based at FBI
headquarters in Washington.
Marsh said he wanted to move quickly because Arizona's cyberinfrastructure has been under attack. He alluded to
several Web sites in the state that had been attacked and said the attacks went beyond mere defacement of sites.
"Something has to be done," he said.