Citizen Portal

Committee advances five-year pilot for state cybersecurity upgrades, focusing initially on Secretary of State systems

2363431 · February 19, 2025
Article hero
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

The Science and Technology Committee advanced House Bill 2736, a five-year pilot program to modernize encryption and cyber defenses for key Arizona state agencies, with the Secretary of State marked for initial implementation.

The House Science and Technology Committee recommended House Bill 2736, which would authorize a five-year pilot program to upgrade state information-security infrastructure, beginning with the Secretary of State and extending to major agencies including the Department of Revenue, the Department of Administration and the legislature.

Sponsor Representative Gillette told the committee the measure responds to long-standing technology obsolescence and vulnerabilities across state agencies. She described examples in which sensitive material was shared via unsecured cloud links and said some state systems still run on code written in the 1990s and 2000s. "We have done a disservice to the people of the state of Arizona because we haven't funded what we've been asked to fund," Gillette said, calling for a coordinated upgrade rather than piecemeal fixes.

Under the bill, ADOA would implement a five-year program focused on data encryption and cybersecurity; the program must use U.S.-owned and -operated solutions with no foreign owners or investors, must be auditable by the auditor general and would include agency-by-agency implementation plans. The sponsor and witnesses said the Secretary of State should be the first agency addressed. Homeland Security and DEMA requested language clarifying testing authority; the sponsor indicated an amendment would be filed to allow DEMA to perform testing and use National Guard resources where appropriate.

Cybersecurity witnesses and industry representatives told the committee that post-quantum encryption, U.S.-owned fiber and perpetual penetration testing are crucial to guarding against evolving threats. Witnesses described the state's current systems as fragile and fragmented and urged a central coordinating effort. "It isn't important. It's critical," witness Chuck Moses said of protecting Arizona's data, and another speaker noted that the Department of Defense and other actors are moving to new standards.

Committee members asked about costs and timelines. The sponsor said a pilot structure would allow each agency to identify needs so the Joint Legislative Budget Committee could later provide specific fiscal estimates; the committee record shows no final statewide cost estimate was available at the hearing. The committee returned HB 2736 with a due-pass recommendation (vote 9–0). The bill requires further appropriation or budget actions before work begins and includes auditor general oversight of deliverables and audits of vendor performance.