Senate Bill 632, recently signed into law by Gov. Asa Hutchinson, authorizes the state’s Economic Development Commission (AEDC) to create a Cyber Initiative. This initiative will be responsible for working to mitigate the cyber-risks to Arkansas; increasing education relative to threats and defense; providing the public and private sectors with threat assessments and other intelligence; and fostering growth and development around tech, IT and defense.
The initiative will also create a "cyber alliance" made up of partnerships with a variety of insitutitions like “universities, colleges, government agencies and the private business sector,” all of which will work in a unified fashion toward realizing the initiative’s priorities.
The bill also gives the program a potentially extensive financing framework, establishing a special fund that will consist of all money appropriated by the General Assembly, as well as “gifts, contributions, grants, or bequests received from federal, private, or other sources,” according to the text of the legislation.
That money will go toward a wide variety of activities conducted through its myriad partnerships — including research, training of officials at public and private institutions in best defense, business and academic opportunities.
The initiative will also have a considerable privacy component, as it will be exempt from the Freedom of Information Act (FOIA) if the request is deemed a “security risk,” according to bill text.
Much of the initiative's work will be centered around finding more effective methods to ferret out bad actors and identifying where and what those actors are looking to target within the state, said retired Col. Rob Ator, who serves as the director of Military Affairs for the AEDC.
Arkansas, Ator said, is an attractive target to potential hackers because — as the bill notes — it is "home to national and global private sector companies that are considerable targets in the financial services, food and supply chain and electric grid sectors."
“For the first time in our nation’s history, the outward-facing defense for our critical infrastructure is no longer the folks in uniform and it's no longer the government — it's our private industry,” Ator said, adding that, as potential targets for cyberattacks, companies are now responsible for their own defense like never before.
“The truth is that the biggest part of our national security is not the folks in uniform and it’s not our military, the biggest part of our national security is our economy,” Ator said. “We affect more things because we have a strong economy than we do with the military, so if it is neutralized because of cyberthreats, then we really compromise our ability to affect positives in the world,” he said.
“So we need to work collaboratively and build trust that we’re all swinging the ax in the same direction so that we are fixing a defense that is at every level of our society. Not just at the government level, but at every level.”
Also attached to the project is a nonprofit called the Forge Institute, which specializes in developing private-public partnerships. Forge recently launchedthe American Cyber Alliance, which Arkansas' initiative will be joining forces with, according to Forge creator, businessman Lee Watson.
“The American Cyber Alliance is developing advanced training and cyberthreat information-sharing opportunities for cybersecurity professionals,” said Watson, in an email to Government Technology.
Some of the partners that have already been drawn into the alliance through Forge include the Department of Homeland Security, the Arkansas National Guard, Walmart and the University of Arkansas Little Rock, according to the nonprofit's website.
The model that Arkansas is trying to build should be something that can be scaled up and exported not only to other states, but also to the federal government, Ator said.
“The next step is the federal — how do we scale this up to a national capability?” Ator said.