HOUSE COMMITTEE ON
INFORMATION MANAGEMENT AND TECHNOLOGY
March 31, 2005 Hearing Room 357
1:00 P.M. Tapes 31 - 32
MEMBERS PRESENT: Rep. John Dallum, Chair
Rep. Jerry Krummel, Vice-Chair
Rep. Chuck Burley
MEMBERS EXCUSED: Rep. Kelley Wirth, Vice-Chair
Rep. Brad Witt
STAFF PRESENT: Dallas Weyand, Committee Administrator
Louann Rahmig, Committee Assistant
MEASURES/ISSUES HEARD:
HB 3145 – Public Hearing and Work Session
These minutes are in compliance with Senate and House Rules. Only text enclosed in quotation marks reports a speaker’s exact words. For complete contents, please refer to the tapes.
TAPE/# |
Speaker |
Comments |
TAPE 31, A |
||
005 |
Chair Dallum |
Calls the meeting to order at 1:10 p.m. and opens a public hearing on HB 3145. |
HB 3145 – PUBLIC HEARING |
||
015 |
Dallas Weyand |
Describes the history of HB 3145, which assigns responsibility for information systems security within the Executive Department to the Department of Administrative Services (DAS); and provides authority to take remedial action in the event of an intrusion of state information systems. Explains the -1 amendments (EXHIBIT A). Adds that HB 3145 has an emergency clause. |
035 |
Don Fleming |
State Chief Information Officer (CIO), DAS. Testifies and submits written testimony in support of HB 3145 and the -1 amendments (EXHIBITS B AND C). Explains that HB 3145 supports the establishment of an enterprise cyber security program. Stresses the approach being recommended is a hybrid model, where the agencies continue to have significant responsibility for security, within the framework of the collaboratively established enterprise program. |
078 |
Fleming |
Continues with explanation of vulnerability assessments that drive the planning process. Advises that the state can expect to be attacked so an instant response program will be established. Adds that rulemaking will be necessary to identify the instant response team activities. |
110 |
Fleming |
Explains how vulnerability assessments will need to be managed and controlled in a centralized way. |
140 |
Fleming |
Continues that agencies will retain responsibility for agency-unique and specific security issues, desk tops and local area networks for a time. |
174 |
Fleming |
Advises that there are federal government security restrictions over and above those identified through the cyber security program. |
213 |
Rep. Burley |
States that the ability of hackers keeps growing, and the expense of these attacks is beyond comprehension. Understands that DAS would develop the comprehensive government-wide security program. Refers to Page 1, Lines 6 and 7 in the -1 amendments (EXHIBIT A) where it states the authority is in the Executive Department. Seeks clarification. |
238 |
Fleming |
Responds that today’s infrastructure services traffic beyond state government and beyond the Executive Branch. Explains that some of that traffic cannot be secured at its source. Advises that zones will be created within the infrastructure to allow that traffic to flow. Provides an example. |
274 |
Rep. Burley |
Asks why HB 3145 is limited to the Executive Branch. |
277 |
Fleming |
Believes they can successfully make this situation work. Goes on that the need for further authority would have to be demonstrated by encountering situations that cannot be adequately addressed. Is comfortable with moving forward with HB 3145 as written. |
313 |
Chair Dallum |
Advises that they wanted to avoid problematic issues involving legislative and judicial processes in drafting HB 3145. |
323 |
Rep. Burley |
Asks if the promulgation of rules will help develop agency-specific actions. Is curious about oversight of other agencies to be sure they are implementing as directed. |
339 |
Fleming |
Answers that is another part of the security program, and there will be monitoring, including the DAS systems. |
TAPE 32, A |
||
012 |
Rep. Krummel |
Asks if HB 3145 gives all powers over every agency in terms of information management to DAS |
014 |
Fleming |
Answers, yes. |
015 |
Rep. Krummel |
Refers to Line 12 in the -1 amendments (EXHIBIT A) and asks if DAS has sole responsibility. |
021 |
Fleming |
Responds, correct, and they interpret it to mean the computing and networking infrastructure of the state. Discusses other connections to the state network that would not be within their scope. |
033 |
Rep. Krummel |
Refers to ORS 174.112 that lists exemptions. |
039 |
Fleming |
Wants to be sure the committee understands that DAS will engage key agencies in a collaborative process by which all will abide. |
055 |
Rep. Krummel |
Comments that HB 3145 gives DAS quite a bit of authority over all agencies, except the Legislative Branch and the Judicial Branch. Asks if DAS is going to use techniques available on the open market. |
083 |
Fleming |
Discusses forensic analyses on compromised machines. Advises that tools will not be built by DAS but they will take advantage of the technology that is widely available. |
128 |
Chair Dallum |
Asked if HB 3145 was reviewed with the CIO Council. |
132 |
Theresa Masse |
Chief Information Security Officer, DAS. Responds, yes. |
136 |
Chair Dallum |
Inquires if counties will have the opportunity to participate. |
141 |
Fleming |
Replies that there is a county representative on the CIO Council and one on the security council as well. States that the participation level will be consistent with what is necessary to make the system work. |
151 |
Chair Dallum |
States the committee is monitoring the progress on the Computing and Networking Infrastructure Consolidation project and may ask for a progress report. Asks how often an “outside look” of an agency would be requested. |
164 |
Fleming |
Responds that most enterprises do a comprehensive vulnerability assessment about every two years. Reiterates that they will be doing ongoing monitoring, with a formal comprehensive assessment every two years by a competent third-party with state-of-the-art knowledge. |
190 |
Dave Fiskum |
Represents Rapidigm, Inc. and Electronic Data Systems. Endorses the -1 amendments to HB 3145. Points out that Page 1, Lines 21-22 of the -1 amendments (EXHIBIT A) state the department will contract with qualified independent consultants to conduct vulnerability assessments. |
220 |
Ken Murphy |
Director, Office of Emergency Management. Supports HB 3145 and the -1 amendments. |
251 |
Chair Dallum |
Closes the public hearing and opens a work session on HB 3145. |
HB 3145 – WORK SESSION |
||
256 |
Rep. Krummel |
MOTION: Moves to ADOPT HB 3145-1 amendments dated 3/30/05. |
|
|
VOTE: 3-0-2 EXCUSED: 2 - Wirth, Witt |
259 |
Chair Dallum |
Hearing no objection, declares the motion CARRIED.
|
268 |
Rep. Krummel |
MOTION: Moves HB 3145 to the floor with a DO PASS AS AMENDED recommendation. |
273 |
Rep. Krummel |
Comments that HB 3145 gives DAS a lot of authority over the other departments but believes it is important that these decisions be made under one enterprise umbrella and not by individual agencies. |
290 |
|
VOTE: 3-0-2 AYE: In a roll call vote, all members present vote Aye. EXCUSED: 2 - Wirth, Witt |
296 |
Chair Dallum |
The motion CARRIES. REP. KRUMMEL will lead discussion on the floor. |
303 |
Chair Dallum |
Announces that he will provide information to any committee members who wish to put their name on HB 3145. |
309 |
Chair Dallum |
Closes the work session on HB 3145 and adjourns the meeting at 1:57 p.m. |
EXHIBIT SUMMARY
HOUSE COMMITTEE ON
INFORMATION MANAGEMENT AND TECHNOLOGY
March 15, 2005 Hearing Room 357
1:00 P.M. Tapes 25 - 26
MEMBERS PRESENT: Rep. John Dallum, Chair
Rep. Jerry Krummel, Vice-Chair
Rep. Kelley Wirth, Vice-Chair
Rep. Chuck Burley
Rep. Brad Witt
STAFF PRESENT: Dallas Weyand, Committee Administrator
Louann Rahmig, Committee Assistant
MEASURES/ISSUES HEARD:
High Performance Computing Briefing – Informational Meeting
These minutes are in compliance with Senate and House Rules. Only text enclosed in quotation marks reports a speaker’s exact words. For complete contents, please refer to the tapes.
TAPE/# |
Speaker |
Comments |
TAPE 25, A |
||
003 |
Chair Dallum |
Calls the meeting to order at 1:00 p.m. Introduces the high school students from Mitchell, Oregon, attending the committee meeting as guests. Opens the informational meeting on high performance computing briefing. |
HIGH PERFORMANCE COMPUTING BRIEFING – INFORMATIONAL MEETING |
||
015 |
Brian Wornath |
LCN Media & Consulting Group. Announces that he represents the Oregon High Performance Computing Consortium. Distributes hard copy of General Proposal for Establishing an Oregon High Performance Computing Infrastructure PowerPoint presentation (EXHIBIT A). Begins the presentation with an overview and the goals of developing a supercomputing resource in Oregon. |
055 |
Wornath |
Provides an explanation of supercomputing and who would use it. |
074 |
Wornath |
Describes the old-style, traditional, single-purpose computer called a “monolith.” |
088 |
Wornath |
Discusses types of supercomputers. Refers to case studies in EXHIBIT A, Page 14. |
117 |
Wornath |
Discusses how much unused computing time is available after regular office hours, creating an affordable and powerful computing “grid.” |
149 |
Wornath |
Continues with justification to develop affordable high performance computing resources within Oregon. |
184 |
Wornath |
Proposes to create a state resource that markets the unused capacity and the accompanying consulting services, offering “one-stop shopping” for high-performance computing. |
216 |
Wornath |
Outlines sources for general initial capitalization. States that earnings from operations would come from leasing affordable high-performance computing time. |
237 |
Wornath |
Shows comparison of estimated financial scenarios (EXHIBIT A). |
313 |
Wornath |
Discusses the percentage of return and cost per year of operating a computer grid. |
381 |
Wornath |
Suggests implementing a pilot project to determine the best technical solution. Displays the estimated pilot profitability. |
TAPE 26, A |
||
019 |
Wornath |
Discusses a possible organizational structure similar to an Oregon high-performance computing consortium. Continues with explanation of challenges. |
069 |
Wornath |
Has spoken with Chief Information Officers around the state, who believe the concept is good. |
083 |
Wornath |
Summarizes by stating that the technology is proven, can easily be applied to numerous applications and uses, and is easily expandable. |
121 |
Chair Dallum |
Asks about the “down side.” |
125 |
Wornath |
Responds that information technology people will say this is a very specialized area. Believes that ideally the universities and the state would co-develop a pilot program. |
148 |
Chair Dallum |
Inquires if this concept is attractive to private enterprise. |
155 |
Wornath |
Replies, it is. Continues that there are certain niches that don’t have the financial resources to take on a project such as this. Cites examples of researchers who believe they can use. |
192 |
Chair Dallum |
Asks what proposed legislation should look like. |
196 |
Wornath |
Answers that funding for a pilot project could be requested. |
227 |
Rep. Burley |
Inquires what is preventing us from using this now. |
233 |
Wornath |
Responds, nothing. Indicates from a financial standpoint, it is best to consolidate and not have many small clusters. |
261 |
Rep. Burley |
Refers to the case studies in EXHIBIT A that were mostly done by private corporations. Comments that if we were going to use public resources, that is a different set of circumstances particularly since we are concerned with security issues. |
270 |
Wornath |
Agrees. Offers to provide more up-to-date information. Reports on other states that are doing this for economic development. |
313 |
Rep. Burley |
States that the corporate environment is more controlled than ours as we have computers all across the state. Asks how we would insure security. |
323 |
Wornath |
Agrees that some environments are better suited than others. |
329 |
Rep. Krummel |
Asks if setting something like this up in the new data center might generate the dollars to pay for it. |
338 |
Wornath |
Replies, absolutely. Reports that high performance computing is being done on a limited basis at the Oregon State University Oceanic School. |
404 |
Rep. Krummel |
Asks if there have been discussions with the Department of Administrative Services (DAS) or other privately owned data centers to see if there is an interest. |
416 |
Wornath |
Has spoken with DAS and some small companies affiliated with academics. |
439 |
Rep. Witt |
Inquires if one has to be a participant in the network to be able to utilize supercomputing capacity. |
TAPE 25, B |
|
|
011 |
Wornath |
Responds, yes, for security reasons. States that the criteria needs to be identified in the business model. |
020 |
Rep. Witt |
Asks if he is aware of any claims in other states that there is not equal access. |
025 |
Wornath |
Answers that he has not heard of any. |
027 |
Rep. Wirth |
Inquires if anyone has expressed an interest in helping finance a pilot study. |
032 |
Wornath |
Replies, absolutely. |
038 |
Rep. Wirth |
Asks how much private money might be available. |
046 |
Wornath |
Replies that there is interest, and some medical schools are trying to lure grants. Believes discussions with interested parties to determine how much money is available would be needed. |
069 |
Rep. Wirth |
Inquires if other states have included some public financing, and how far along they are in the process. |
077 |
Wornath |
Answers, it varies. |
089 |
Wanda Brennan |
High School Science Teacher, Mitchell, Oregon. Cites problems of areas with limited internet access. Asks how high-performance computing will benefit them. |
096 |
Wornath |
Responds that not all rural areas will receive the same amount of benefit; however, areas with community colleges perhaps can provide access. |
140 |
Chair Dallum |
Closes the informational meeting on high performance computing and adjourns the meeting at 2:08 p.m. |
EXHIBIT SUMMARY