About 26,000 times each day, someone tries to break into the computer systems that power the Arizona government — the technology that houses personal details like your birth date, home address and Social Security number.
Those attacks tally to 800,000 a month and are just a fraction of the total threats to state systems. Keeping them at bay is the reason Arizona on Monday launched a new, collaborative effort to protect its computer systems and boost overall cybersecurity.
The Cyber Command Center brings four state public safety agencies together in one room with one mission: Guard the state’s computers against attacks and by extension, help protect the over 7 million residents of the Grand Canyon State.
“When we protect your data, we protect you at home as well,” Arizona Department of Homeland Security Director Tim Roemer said in an interview. “We help you not fall victim to identity theft, for example. Because once your data is compromised, they use that to open up accounts.”
Nearly 28,000 instances of identity theft were reported in Arizona last year, according to the Federal Trade Commission. Cases of identity theft in Arizona have increased threefold since 2018 when fewer than 9,000 instances were reported to the FTC.
The center launched the same day three of the world’s largest social media channels — Facebook, Instagram and Whatsapp — experienced hours-long outages, exemplifying our dependence on the internet and the potential for vast disruption when it goes offline.
Cyberattacks also have increased nationally during the coronavirus pandemic as people shifted to work from home.
Before the pandemic, about 2,000 state employees worked remotely at least one day each week; by May 2020, about 16,000 employees did, according to state budget information. That shift also meant safeguarding an additional 20,000 devices that were no longer connected to the state’s secure network, Roemer said.
Meanwhile, there is increasing attention on potentially devastating attacks on infrastructure, including an attempt to poison a water system in Florida and shuttering of a massive gasoline pipeline on the East Coast earlier this year.
“Our reliance on technology has improved lives in countless ways, but it has also made Arizonans more vulnerable to cyberattacks than ever before,” Gov. Doug Ducey said Monday.
What’s at the new command center
The command center sits inside the state Department of Public Safety’s Arizona Counter Terrorism Information Center in Phoenix, a 24-hour-a-day operation where state employees coordinate with local and federal agencies to gather intelligence.
One year ago, the room was full of cubicles facing different directions, Roemer said. Now, a roughly $100,000 remodel has created organized rows of desks that face giant television screens where employees report on the locations of possible hackers, he said.
Employees from the state Department of Homeland Security, Department of Administration, Department of Public Safety and Arizona Department of Emergency and Military Affairs will use the room to identify and investigate the flood of attempts to hack into the computers used by approximately 34,000 state employees.
In the case of a serious incident, the room will serve as a response headquarters. Roemer said agents from the FBI and U.S. Department of Homeland Security’s cybersecurity agency will often be on hand, too.
In September alone, about 68 million threats to state systems were identified by the Department of Homeland Security, according to the Governor’s Office.
Those computer systems power unemployment benefits, the state’s prisons, motor vehicle services, public health programs, elections, and tax collection, among many other duties.
Ducey said cybersecurity was “becoming one of the most critical issues facing our state.” Because of the increasing threat, Ducey named Roemer the state’s chief information security officer in 2019, and in the past several years, the governor earmarked over $3.5 million to beef up the state’s defenses against hackers and other digital bad actors as the pandemic shifted people to start working from home.
Ransomware is the biggest threat in Arizona, Roemer said. Hackers install ransomware software onto computer systems that make them inaccessible, effectively holding information hostage, until a ransom is paid.
The software can invade a computer system through compromised account credentials or through phishing when hackers hope to trick an employee into opening a document or clicking a malicious link by posing it as legitimate.
The consequences can be far-reaching and expensive: Earlier this year, a ransomware attack on the Colonial Pipeline led to gasoline shortages across the East Coast. Colonial paid the hackers, who were affiliated with a Russia-linked cybercrime organization, a $4.4 million ransom.
Arizona’s new cybersecurity headquarters won’t yet coordinate with private companies, but that could come soon. For now, local, state and federal governments can share information to keep each others’ systems safe.
“If we leave those doors open, if we leave those windows unlocked, just like in physical security, those hackers will exploit them,” Roemer said. “It’s our job to lock every door, tighten every window, put us in a position that we decrease our vulnerabilities, which decreases our risk.”
Reach reporter Stacey Barchenger at [email protected] or 480-416-5669. Follow her on Twitter.
Support local journalism. Subscribe to azcentral.com today.