PHOENIX – Governor Doug Ducey today issued an executive order to create the Arizona Cybersecurity Team (ACT), a diverse team of experts from state, local, and federal government, the private sector, and higher education to work together to protect Arizonans from a cyber attack.
Government, businesses, and citizens are faced with a challenging and complex task of securing critical information online. To accomplish this, the cyber security team will enhance collaboration among government, private sector, law enforcement, non-profit organizations, higher education, and the greater Arizona community to address cybersecurity statewide and advise and provide recommendations to the governor.
Additional objectives include enhancing cybersecurity workforce development and education and increasing public awareness on cybersecurity best practices.
“The creation of the Arizona Cybersecurity Team is another step we can take to enhance our cyber preparedness,” said Governor Ducey. “In today’s world, the threat of cyber-attacks is persistent and constantly evolving, which is why we are taking proactive steps to mitigate that threat and making sure agencies continually improve their cyber defenses. The security of our information systems is a top priority and we need to work together as one team throughout government and the private sector to strengthen collaboration and risk management efforts.”
“Over the last several years, we have seen cyberattacks target critical national security infrastructure, threaten our democratic institutions, and compromise the information of millions of American citizens,” said Senator John McCain. “It’s never been more critical for the public and private sectors to work together to strengthen our cyber defenses and protect Arizonans. I want to thank Governor Ducey for his leadership in establishing the Arizona Cybersecurity Team, which will bring diverse expertise and experience to the table to enhance our cyber capabilities, educate the public, and train a capable workforce to combat this 21st century challenge.”
“With this announcement, Arizona continues to show its national leadership in the advancement of cybersecurity practice,” said Dane Mullenix, Vice President of Alion Science and Technology and Director of Arizona Laboratories for Security and Defense Research (AZLabs).
“The governor’s executive order forming ACT addresses the critical need to have a statewide body to collaboratively develop a unified direction to proactively address cybersecurity threats through unified policy and seamless execution,” said Frank J. Grimmelmann, President and CEO of Arizona Cyber Threat Response Alliance. “ACT will position Arizona to be the forerunner nationally in cybersecurity.”
"We must think outside the box, and work together with the public and private sector,” said Mike Lettman, State of Arizona Chief Information Security Officer. “The ACT team puts us in the right direction to accomplish just that.”
For more information on ACT and to read about what Arizona has already done on cybersecurity, click here.
Text of the executive order can be viewed below.
Executive Order 2018-03
Creation of the Arizona Cybersecurity Team
WHEREAS, the State of Arizona is committed to securing our information online and protecting our citizens;
WHEREAS, the State of Arizona needs a unified vision for tackling our cybersecurity needs;
WHEREAS, cyber-attacks are a serious and consistent threat to our state and we must take appropriate countermeasures;
WHEREAS, information sharing between public and private sector organizations is essential to defending our data online;
WHEREAS, the State of Arizona aims to be the most cyber-prepared state government in the nation;
WHEREAS, securing our critical infrastructure is vital to our well-being;
WHEREAS, many cybersecurity vendors and products exist and compete for State business;
WHEREAS, the state of Arizona is committed to providing opportunities to better prepare our future workforce for careers in cybersecurity, information technology, and other related fields;
WHEREAS, the time to act is now;
NOW, THEREFORE, I, Douglas A. Ducey, by virtue of the authority vested in me by the Constitution and laws of the State of Arizona hereby establish the Arizona Cybersecurity Team and order as follows:
1. Membership of the Arizona Cybersecurity Team shall include the following members appointed by the Governor:
a. One representative from the Governor’s Office;
b. One representative from the Secretary of State’s Office;
c. One representative from the Attorney General’s Office;
d. The Chief Information Officer (CIO) of the State of Arizona;
e. The Chief Information Security Officer (CISO) of the State of Arizona;
f. One representative from the Arizona Department of Public Safety;
g. One representative from the Arizona Department of Homeland Security;
h. One representative from the Arizona Department of Emergency and Military Affairs;
i. One representative of the Arizona Commerce Authority;
j. One representative from an Information Sharing and Analysis Organization;
k. One representative from critical infrastructure (energy, telecommunications, or transportation);
l. One representative from the office of an Arizona member of Congress;
m. Two representatives from the private sector;
n. Two members from the Arizona legislature;
o. Two representatives of federal law-enforcement agencies;
p. Two representatives from local government (at least one rural);
q. Two representatives from universities or colleges; and
r. At the sole discretion of the Governor, additional members with relevant experience.
2. The members of the Arizona Cybersecurity Team shall serve at the pleasure of the Governor.
3. The Governor shall designate two Co-Chairs of the Cybersecurity Team from its membership.
4. The Cybersecurity Team shall:
a. Develop recommendations and continuously advise the Governor on cybersecurity issues;
b. Receive quarterly updates from the State CISO;
c. Advise on federal resources available to combat cybersecurity threats;
d. Ensure Arizona is a nationwide leader on cybersecurity;
e. Drive cybersecurity and IT related workforce development and education at the higher education level;
f. Enhance collaboration among government, private sector, law enforcement, non-profit organizations, education, and the community at large to more effectively address cybersecurity issues statewide; and
g. Promote public awareness of threats online and how best to protect information.
5. The Arizona Cybersecurity Team shall be staffed by the Arizona Department of Administration.
6. State agency directors will be held accountable to protect data and implement risk management measures adopted by the Governor.
7. The Co-Chairs may form an executive committee or other sub-committees as necessary.
8. This Executive Order expires on December 31, 2019.
IN WITNESS WHEREOF, I have hereunto set my hand and caused to be affixed the Great Seal of the State of Arizona.
DONE at the Capitol in Phoenix on this first day of March in the Year Two Thousand and Eighteen and of the Independence of the United States of America the Two Hundred and Forty-Second.
Secretary of State