Gowan Says Arizona Prepared For Type Of Cyberattack Which Crippled Virginia Legislature

Gowan Says Arizona Prepared For Type Of Cyberattack Which Crippled Virginia Legislature

By Terri Jo Neff |

With the introduction of legislation this week in the Arizona House of Representatives to prohibit many public entities from using public funds to pay for ransomware attacks, AZ Free News recently spoke with Sen. David Gowan about the security of the Legislature’s own computer systems.

Gowan says that the dedicated IT staff of the Arizona Legislature have ensured that its system protections are up to date and meet or exceed industry standards. This would allow the legislative session to continue with little impact if hit with the type of ransomware attack suffered by the Virginia Legislature last month.

“Nothing is 100 percent guaranteed, but we try to figure it out before a hacker can,” he said. “And we have the ability to move forward and maneuver, even if we have to do some things on paper.”

The Dec. 10 ransomware attack on servers used by Virginia lawmakers led to the disabling of the legislature’s voicemail system, its budgeting portal, and the platform used to draft bills. Even access to the Virginia Constitution and state code normally accessible online had to be taken down after the attack, which one state official blamed on an “extremely sophisticated malware.”

For a short time the website serving Virginia’s Division of Capitol Police was also down but there was no report of impacts to critical functions.

Whoever hacked the Virginia Legislature’s system left a ransom note, although it did not include a ransom price nor due date, according to a senior staff member. It is the first reported cyber security attack on a state legislature, although at dozens of public entities across the country were hit in 2021.  

Gowan is pleased that Arizona’s legislative staff has safeguards in place which will allow lawmakers to “quickly move forward with our work” if hit by an attack like Virginia experienced. He credits the fact that the legislature’s IT personnel conduct refresher training for lawmakers and staff about suspicious emails, which is the easiest way for a cyber attacker to get into a system.

There is also frequent spot checks of the legislature’s systems. And it helps, Gowan noted, that Arizona has one of the nation’s premiere cybersecurity programs, with the Arizona Department of Homeland Security, the Arizona Department of Public Safety, and the Department of Emergency and Military Affairs all major players, along with local and federal agencies.

Two controversial bills recently introduced by a state representative would make significant changes to Arizona’s laws related to cyberattacks. One would tie the hands of public officials in responding to a ransomware attack, while the other seeks to require anyone who does business in Arizona to report a computer security breach or face a civil penalty from the Arizona Attorney General’s Office.

HB2145 would bar the State and any political subdivision of the state (such as a county, city, town, or school district) from making ransomware payments to secure the release of data. It would also require immediate notification of such an attack to the Director of the Arizona Department of Homeland Security.

Meanwhile, HB2146 would mandate anyone who “conducts business in this state and that owns, maintains or licenses unencrypted and unredacted computerized personal information” to report any security system breach to the Director of the Arizona Department of Homeland Security within 45 days.

A willful violation of the notification statute could lead to a civil penalty of up to $500,000, according to the bill.  

Republicans Join Democrats To Force Vote On In-State Tuition For Students In County Illegally

Republicans Join Democrats To Force Vote On In-State Tuition For Students In County Illegally

On Monday, the Arizona House passed Senate Concurrent Resolution 1044. The resolution allows voters to decide if students who are in the country illegally but have attended for two years and graduated from an Arizona high school can be eligible for in-state college tuition.

SCR 1044 also exempts post-secondary education from the definition of a state or public benefit. Currently, Arizona residents who do not have legal immigration status do not qualify to receive those benefits.

Last week, Republican State Reps. Michelle Udall and Joel John forced a vote on the resolution by joining all House Democrats. Republicans Rep. David Cook and Rep. Joanne Osborne joined the group later and voted in favor of the matter. The move shifted power away from the Republican Caucus momentarily, but left a deep division.

Speaker Rusty Bowers expressed his disappointment in the tactic employed by Udall and John before casting his vote against the measure:

The measure will now go before the Arizona voters on a ballot in 2022.

The ballot initiative would repeal a 15-year-old ban on in-state tuition for undocumented high school graduates, including about 2,000 Dreamers per year. Voters created that ban in 2006 when they approved Proposition 300, which denies public benefits to those not in the country legally, including reduced cost tuition.