"Section 1.  Title 26, chapter 1, article 3, Arizona Revised Statutes, is amended by adding section 26-183, to read:

A.  The adjutant general shall organize an Arizona national guard computer emergency response team for the protection of state national guard networks.

B.  The Arizona national guard computer emergency response team shall establish a memorandum of agreement with the United States department of defense computer emergency response team to establish information sharing for both threat and vulnerability information.

C.  The adjutant general shall adopt procedures for the protection of physical and information infrastructure as required by this section.

Sec. 2.  Title 26, chapter 2, Arizona Revised Statutes is amended by adding article 4, to read:

A.  A statewide infrastructure protection center is established under the director or the director's designee to coordinate and integrate the protection of critical physical infrastructure and information infrastructure for this state including public and private physical systems and cyber-systems essential to the minimum operations of the economy and state government including telecommunications, energy, banking, finance, transportation, water and emergency services.

    b.  The statewide infrastructure protection center, in relation to physical systems and cyber-systems, shall:

        1.  Provide a state focal point for gathering information on threats to the information infrastructures serving as a statewide critical infrastructure threat assessment, warning, vulnerability and response entity.

        2.  Provide the principal means of facilitating and coordinating the state government's response to an incident, investigating incidents, mitigating attacks, investigating threats and monitoring reconstitution efforts. The department of public safety may investigate any incident arising under this article.

        3.  Coordinate with political subdivisions of the state and the private sector to launch a continuing statewide information assurance awareness campaign, emphasizing improving infrastructure security in alerting and reporting of attacks and developing of safeguards.

        4.  Assist state agencies in the implementation of best practices for both physical assurance and information assurance of the infrastructure within the individual agencies and shall direct state agencies to include assigned infrastructure assurance functions within the strategic planning and performance measurement framework of their emergency management plans to include their information technology infrastructures.

        5.  Establish a memorandum of agreement with the Arizona national guard computer emergency response team established by section 26-183 to establish information sharing for both threat and vulnerability information.

        6.  Adopt rules for the implementation of the procedures for the protection of physical and information infrastructure as required by this article.

        7.  By December 31 of each year, submit to the governor, the director, the government information technology agency or its successor, the president of the senate, the speaker of the house of representatives, the chairman of the senate government committee, or its successor committee and the chairman of the house energy, utilities and technology committee, or its successor committee, an annual report and a schedule for completion of a plan with milestones for accomplishing its statewide physical information infrastructure protection duties.

Sec. 3.  Title 41, chapter 32, Arizona Revised Statutes, is amended by adding article 3, to read:
 

A.  A computer emergency response team is established under the director as chief information officer for information technology or the director's designee.

B.  The computer emergency response team shall coordinate and implement information infrastructure protection in cooperation with the statewide infrastructure protection center established by section 26-371 and shall:

    1.  Establish a strategic plan for information assurance.

    2.  Coordinate with political subdivisions of this state and the private sector to launch a continuing statewide information assurance awareness campaign emphasizing improving information assurance in alerting and reporting of attacks and developing of safeguards.

    3.  Assist state agencies in the implementation of best practices for information assurance within their individual agencies and shall direct state agencies to include assigned information assurance functions within the strategic planning and performance measurement framework of their information technology plans.Each state agency shall develop a capability to detect and report attacks and intrusions on their systems from unauthorized and authorized users.The department of public safety may investigate any incident arising under this article.

4.  Coordinate a review of existing federal, state and local entities charged with information assurance tasks and provide recommendations on how these institutions can cooperate most effectively.

5.  Establish a memorandum of agreement with the Arizona national guard computer emergency response team established by section 26-183 to establish information sharing for both threat and vulnerability information.

6.  Provide a state focal point for gathering information on information technology vulnerability, threats and attacks, serving as a statewide assessment and response entity.

7.  Provide the principal means of facilitating and coordinating the state government's response to information systems threats and attacks, investigating incidents, mitigating attacks and monitoring reconstitution efforts.

8.  Adopt rules for the implementation of the procedures for information assurance as required by this article.

9.  By December 31 of each year, submit to the governor, the director of emergency management of the department of emergency and military affairs, the director of the government information technology agency, the president of the senate, the speaker of the house of representatives, the chairman of the senate government committee, or its successor committee, and the chairman of the house energy, utilities and technology committee, or its successor committee, an annual report and a schedule for completion of a plan with milestones for accomplishing its computer emergency response duties.

This act is an emergency measure that is necessary to preserve the public peace, health or safety and is operative immediately as provided by law."