Arizona’s New Cybersecurity Efforts Are Pricey But Essential, Says Ducey

Arizona’s New Cybersecurity Efforts Are Pricey But Essential, Says Ducey

By Terri Jo Neff |

Gov. Doug Ducey has secured the funding necessary to launch Arizona’s new Cyber Command Center, and during a ceremony at the Arizona Department of Public Safety’s Arizona Counter Terrorism Information Center (ACTIC) on Monday he equated cybersecurity with homeland security.

“Our society is becoming increasingly interconnected through technology, and cybersecurity has become one of the most important issues facing Arizona,” Ducey said Monday. “This new command center will be critical in protecting Arizonans and ensuring our cyber infrastructure remains safe and secure.”

According to the governor, the state has spent nearly $15 million in the last year to address cyber threats and implement best practices. The results are impressive, with the Arizona Department of Homeland Security detecting and alerting on about 68 million threats and protected state websites from over 800,000 attacks in September.

The new Cyber Command Center will be Arizona’s headquarters for coordinating statewide cybersecurity operations, and will serve as a central location for cybersecurity professionals and local, state and federal agencies to prevent and respond to cyberattacks. Several programs will be run out of the command center, including the Arizona Counter Terrorism Information Center, a joint effort created in 2004 among DPS, AZ DHS, the FBI, and other agencies to support Arizona’s homeland security efforts.

Ducey has been successful the last few years in securing funding to address cybersecurity threats which impact not only state agencies, but also local governments, the private sector, educational institutions, and citizens.

In Fiscal Year 2020, the governor secured legislative approval to add $2.9 million to the Arizona Department of Administration’s Statewide Information Security and Privacy Office. The money was earmarked to enhance the operations of the office and purchase additional cybersecurity controls to combat cyberthreats on state IT assets, according to Ducey’s office.

He has also tapped $9 million in FY2020 and FY2022 to improve the Department of Education’s school finance system which distributes billions in state and federal funding to Arizona’s public schools. In addition, nearly $500,000 of funding will be available to the Arizona Department of Emergency and Military Affairs (DEMA) in FY2022 to establish a cyber task force to perform cybersecurity prevention and response activities on behalf of the state, according to the governor’s office.

That is on top of a one-time $300,000 credit to the National Guard Cyber Response Revolving Fund to allow the National Guard to engage in cyberattack prevention, response, and support activities for the state and other public entities.

Arizona is not the only state making cybersecurity a priority, and public records show many of the projects across the country are being paid for by federal funds under the CARES Act.

According to the Center for Digital Government, the CARES Act provided more than $150 billion in March 2020 to state and local governments to address cybersecurity issues brought about by IT budget constraints, modernization issues, and new challenges such as remote work and distance learning. In December, Congress later extended the deadline for utilizing the funding after some states complained of not being able to get projects quickly operational due to time and staff constraints.

“This extension is critical because our research indicates state, local and county governments still have billions of federal dollars left to spend,” according to a briefing by the Center for Digital Government, a national research and advisory institute on information technology policies and best practices in state and local government. “Doing so will increase their resilience, streamline constituents’ access to critical services, and safeguard critical government systems and all the valuable public data they collect.”

In North Carolina, $4.5 million of CARES funding was allocated to create a shared cybersecurity infrastructure for its Department of Public Instruction. The project also facilitates district cybersecurity monitoring and support,, which according to the briefing “has become even more essential as the schools in the state experience a surge in ransomware attacks.”

Meanwhile, the briefing notes Oklahoma has used its federal aid for a secondary data center with higher availability and advanced disaster recovery capabilities. State officials call the investment “critical” to ensuring the capability to deliver core public services in an emergency.

Idaho, Montana, and Texas are examples of other western states utilizing CARES funds for cybersecurity projects.