State

Arizona selects Tanium for ‘whole-of-state’ cyber program

Arizona Chief Information Security Officer Tim Roemer said the new software will give him a better view of the threat landscape.

By Colin Wood

November 16, 2022

The Arizona state flag flies between the United States flag and the Navajo Nation flag at the Visitor Center at Canyon de Chelly National Monument near Chinle, Arizona. (Robert Alexander / Getty Images)

The cybersecurity company Tanium on Tuesday announced it’s secured a statewide contract in Arizona for its endpoint management software.

The deal is to cover more than 100 state agencies, along with 15 counties, 91 cities, more than 200 K-12 districts and 22 tribal nations. The company said in a press release it’s supporting Arizona’s “whole-of-state” approach to cybersecurity, a growing trend among states keen to collect new federal cybersecurity grant funding.

According to Tanium, the state used its software to patch “more than 326,000 vulnerabilities in fewer than 72 hours.”

State Chief Information Security Officer Tim Roemer said in the press release that the new software will help him understand what attackers are seeing when they scan the government’s networks.

“In cybersecurity, we’re expected to hold off the Russian military, as well as the Chinese, the North Koreans, the Iranians, you name it,” said Roemer, who’s also director of the Arizona Department of Homeland Security. “After all, cybersecurity is homeland security, and I can’t protect 7.5 million Arizonan’s data from an attacker I don’t know about.”

State government IT offices claiming responsibility for the protection of computer networks at schools, local governments and tribes was once considered an anomaly, but the trend of “whole-of-state” cyber is taking off in states like Arizona. Former North Carolina Chief Risk Officer Maria Thompson wrote in a recent commentary that “whole-of-state” cyber programs provide state security officials better visibility of the threat landscape.

“By crowdsourcing and knowledge-sharing, already-strained security practitioners within a whole-of-state cybersecurity community, state agencies, local organizations, and schools can alleviate some of the personnel limitations that weaken their security posture,” she wrote.
Beyond information-sharing, “whole-of-state” approaches are also making states eligible for the $1 billion in grant funding included in last year’s federal infrastructure law. To receive funding, states must submit plans that include distributing 80% of the dollars to their local governments.