HOUSE COMMITTEE ON

INFORMATION MANAGEMENT AND TECHNOLOGY

 

March 31, 2005   Hearing Room 357

1:00 P.M.  Tapes 31 - 32

 

MEMBERS PRESENT:            Rep. John Dallum, Chair

Rep. Jerry Krummel, Vice-Chair

Rep. Chuck Burley

 

MEMBERS EXCUSED:            Rep. Kelley Wirth, Vice-Chair

                                                Rep. Brad Witt

 

STAFF PRESENT:                  Dallas Weyand, Committee Administrator

Louann Rahmig, Committee Assistant

 

MEASURES/ISSUES HEARD:

                                                HB 3145 – Public Hearing and Work Session

 

These minutes are in compliance with Senate and House Rules.  Only text enclosed in quotation marks reports a speaker’s exact words.  For complete contents, please refer to the tapes.

 

TAPE/#

Speaker

Comments

TAPE 31, A

005

Chair Dallum

Calls the meeting to order at 1:10 p.m. and opens a public hearing on HB 3145.

HB 3145 – PUBLIC HEARING

015

Dallas Weyand

Describes the history of HB 3145, which assigns responsibility for information systems security within the Executive Department to the Department of Administrative Services (DAS); and provides authority to take remedial action in the event of an intrusion of state information systems.  Explains the -1 amendments (EXHIBIT A).  Adds that HB 3145 has an emergency clause.

035

Don Fleming

State Chief Information Officer (CIO), DAS.  Testifies and submits written testimony in support of HB 3145 and the -1 amendments (EXHIBITS B AND C).  Explains that HB 3145 supports the establishment of an enterprise cyber security program.  Stresses the approach being recommended is a hybrid model, where the agencies continue to have significant responsibility for security, within the framework of the collaboratively established enterprise program. 

078

Fleming

Continues with explanation of vulnerability assessments that drive the planning process.  Advises that the state can expect to be attacked so an instant response program will be established.  Adds that rulemaking will be necessary to identify the instant response team activities.   

110

Fleming

Explains how vulnerability assessments will need to be managed and controlled in a centralized way. 

140

Fleming

Continues that agencies will retain responsibility for agency-unique and specific security issues, desk tops and local area networks for a time. 

174

Fleming

Advises that there are federal government security restrictions over and above those identified through the cyber security program. 

213

Rep. Burley

States that the ability of hackers keeps growing, and the expense of these attacks is beyond comprehension.  Understands that DAS would develop the comprehensive government-wide security program.  Refers to Page 1, Lines 6 and 7 in the -1 amendments (EXHIBIT A) where it states the authority is in the Executive Department.  Seeks clarification. 

238

Fleming

Responds that today’s infrastructure services traffic beyond state government and beyond the Executive Branch.  Explains that some of that traffic cannot be secured at its source.  Advises that zones will be created within the infrastructure to allow that traffic to flow.  Provides an example.  

274

Rep. Burley

Asks why HB 3145 is limited to the Executive Branch.

277

Fleming

Believes they can successfully make this situation work.  Goes on that the need for further authority would have to be demonstrated by encountering situations that cannot be adequately addressed.  Is comfortable with moving forward with HB 3145 as written.

313

Chair Dallum

Advises that they wanted to avoid problematic issues involving legislative and judicial processes in drafting HB 3145.

323

Rep. Burley

Asks if the promulgation of rules will help develop agency-specific actions.  Is curious about oversight of other agencies to be sure they are implementing as directed.

339

Fleming

Answers that is another part of the security program, and there will be monitoring, including the DAS systems.   

TAPE 32, A

012

Rep. Krummel

Asks if HB 3145 gives all powers over every agency in terms of information management to DAS

014

Fleming

Answers, yes.

015

Rep. Krummel

Refers to Line 12 in the -1 amendments (EXHIBIT A) and asks if DAS has sole responsibility.

021

Fleming

Responds, correct, and they interpret it to mean the computing and networking infrastructure of the state.  Discusses other connections to the state network that would not be within their scope.

033

Rep. Krummel

Refers to ORS 174.112 that lists exemptions. 

039

Fleming

Wants to be sure the committee understands that DAS will engage key agencies in a collaborative process by which all will abide.  

055

Rep. Krummel

Comments that HB 3145 gives DAS quite a bit of authority over all agencies, except the Legislative Branch and the Judicial Branch.  Asks if DAS is going to use techniques available on the open market. 

083

Fleming

Discusses forensic analyses on compromised machines.  Advises that tools will not be built by DAS but they will take advantage of the technology that is widely available.    

128

Chair Dallum

Asked if HB 3145 was reviewed with the CIO Council.

132

Theresa Masse

Chief Information Security Officer, DAS.  Responds, yes.

136

Chair Dallum

Inquires if counties will have the opportunity to participate.

141

Fleming

Replies that there is a county representative on the CIO Council and one on the security council as well.  States that the participation level will be consistent with what is necessary to make the system work.

151

Chair Dallum

States the committee is monitoring the progress on the Computing and Networking Infrastructure Consolidation project and may ask for a progress report.  Asks how often an “outside look” of an agency would be requested.

164

Fleming

Responds that most enterprises do a comprehensive vulnerability assessment about every two years.  Reiterates that they will be doing ongoing monitoring, with a formal comprehensive assessment every two years by a competent third-party with state-of-the-art knowledge.

190

Dave Fiskum

Represents Rapidigm, Inc. and Electronic Data Systems.  Endorses the -1 amendments to HB 3145.  Points out that Page 1, Lines 21-22 of the -1 amendments (EXHIBIT A) state the department will contract with qualified independent consultants to conduct vulnerability assessments. 

220

Ken Murphy

Director, Office of Emergency Management.  Supports HB 3145 and the -1 amendments. 

251

Chair Dallum

Closes the public hearing and opens a work session on HB 3145.

HB 3145 – WORK SESSION

256

Rep. Krummel

MOTION:  Moves to ADOPT HB 3145-1 amendments dated 3/30/05.

 

 

VOTE:  3-0-2

EXCUSED:  2 - Wirth, Witt

259

Chair Dallum

Hearing no objection, declares the motion CARRIED.

 

268

Rep. Krummel

MOTION:  Moves HB 3145 to the floor with a DO PASS AS AMENDED recommendation.

273

Rep. Krummel

Comments that HB 3145 gives DAS a lot of authority over the other departments but believes it is important that these decisions be made under one enterprise umbrella and not by individual agencies.   

290

 

VOTE:  3-0-2

AYE:            In a roll call vote, all members present vote Aye.

EXCUSED:  2 - Wirth, Witt

296

Chair Dallum

The motion CARRIES.

REP. KRUMMEL will lead discussion on the floor.

303

Chair Dallum

Announces that he will provide information to any committee members who wish to put their name on HB 3145.

309

Chair Dallum

Closes the work session on HB 3145 and adjourns the meeting at 1:57 p.m.

 

EXHIBIT SUMMARY

 

  1. HB 3145, -1 amendments, staff, 2 pp
  2. HB 3145, written testimony, Don Fleming, 1 p
  3. HB 3145. written testimony, Don Fleming, 8 pp

HOUSE COMMITTEE ON

INFORMATION MANAGEMENT AND TECHNOLOGY

 

March 15, 2005   Hearing Room 357

1:00 P.M.  Tapes 25 - 26

 

MEMBERS PRESENT:            Rep. John Dallum, Chair

Rep. Jerry Krummel, Vice-Chair

Rep. Kelley Wirth, Vice-Chair

Rep. Chuck Burley

Rep. Brad Witt

 

STAFF PRESENT:                  Dallas Weyand, Committee Administrator

Louann Rahmig, Committee Assistant

 

MEASURES/ISSUES HEARD:

                                                High Performance Computing Briefing – Informational Meeting

 

                                               

These minutes are in compliance with Senate and House Rules.  Only text enclosed in quotation marks reports a speaker’s exact words.  For complete contents, please refer to the tapes.

 

TAPE/#

Speaker

Comments

TAPE 25, A

003

Chair Dallum

Calls the meeting to order at 1:00 p.m.  Introduces the high school students from Mitchell, Oregon, attending the committee meeting as guests.  Opens the informational meeting on high performance computing briefing.

HIGH PERFORMANCE COMPUTING BRIEFING – INFORMATIONAL MEETING

015

Brian Wornath

LCN Media & Consulting Group.  Announces that he represents the Oregon High Performance Computing Consortium.  Distributes hard copy of General Proposal for Establishing an Oregon High Performance Computing Infrastructure PowerPoint presentation (EXHIBIT A).  Begins the presentation with an overview and the goals of developing a supercomputing resource in Oregon. 

055

Wornath

Provides an explanation of supercomputing and who would use it. 

074

Wornath

Describes the old-style, traditional, single-purpose computer called a “monolith.”   

088

Wornath

Discusses types of supercomputers.  Refers to case studies in EXHIBIT A, Page 14.

117

Wornath

Discusses how much unused computing time is available after regular office hours, creating an affordable and powerful computing “grid.” 

149

Wornath

Continues with justification to develop affordable high performance computing resources within Oregon. 

184

Wornath

Proposes to create a state resource that markets the unused capacity and the accompanying consulting services, offering “one-stop shopping” for high-performance computing.   

216

Wornath

Outlines sources for general initial capitalization.  States that earnings from operations would come from leasing affordable high-performance computing time.

237

Wornath

Shows comparison of estimated financial scenarios (EXHIBIT A)

313

Wornath

Discusses the percentage of return and cost per year of operating a computer grid. 

381

Wornath

Suggests implementing a pilot project to determine the best technical solution.  Displays the estimated pilot profitability. 

TAPE 26, A

019

Wornath

Discusses a possible organizational structure similar to an Oregon high-performance computing consortium.  Continues with explanation of challenges. 

069

Wornath

Has spoken with Chief Information Officers around the state, who believe the concept is good. 

083

Wornath

Summarizes by stating that the technology is proven, can easily be applied to numerous applications and uses, and is easily expandable. 

121

Chair Dallum

Asks about the “down side.”

125

Wornath

Responds that information technology people will say this is a very specialized area.  Believes that ideally the universities and the state would co-develop a pilot program.

148

Chair Dallum

Inquires if this concept is attractive to private enterprise.  

155

Wornath

Replies, it is.  Continues that there are certain niches that don’t have the financial resources to take on a project such as this.  Cites examples of researchers who believe they can use.  

192

Chair Dallum

Asks what proposed legislation should look like.

196

Wornath

Answers that funding for a pilot project could be requested. 

227

Rep. Burley

Inquires what is preventing us from using this now. 

233

Wornath

Responds, nothing.  Indicates from a financial standpoint, it is best to consolidate and not have many small clusters. 

261

Rep. Burley

Refers to the case studies in EXHIBIT A that were mostly done by private corporations.  Comments that if we were going to use public resources, that is a different set of circumstances particularly since we are concerned with security issues.

270

Wornath

Agrees.  Offers to provide more up-to-date information.  Reports on other states that are doing this for economic development. 

313

Rep. Burley

States that the corporate environment is more controlled than ours as we have computers all across the state.  Asks how we would insure security.

323

Wornath

Agrees that some environments are better suited than others. 

329

Rep. Krummel

Asks if setting something like this up in the new data center might generate the dollars to pay for it.

338

Wornath

Replies, absolutely.  Reports that high performance computing is being done on a limited basis at the Oregon State University Oceanic School. 

404

Rep. Krummel

Asks if there have been discussions with the Department of Administrative Services (DAS) or other privately owned data centers to see if there is an interest.

416

Wornath

Has spoken with DAS and some small companies affiliated with academics.

439

Rep. Witt

Inquires if one has to be a participant in the network to be able to utilize supercomputing capacity.

TAPE 25, B

 

 

011

Wornath

Responds, yes, for security reasons.  States that the criteria needs to be identified in the business model.    

020

Rep. Witt

Asks if he is aware of any claims in other states that there is not equal access.

025

Wornath

Answers that he has not heard of any.

027

Rep. Wirth

Inquires if anyone has expressed an interest in helping finance a pilot study.

032

Wornath

Replies, absolutely. 

038

Rep. Wirth

Asks how much private money might be available.

046

Wornath

Replies that there is interest, and some medical schools are trying to lure grants.  Believes discussions with interested parties to determine how much money is available would be needed.

069

Rep. Wirth

Inquires if other states have included some public financing, and how far along they are in the process.   

077

Wornath

Answers, it varies. 

089

Wanda Brennan

High School Science Teacher, Mitchell, Oregon.  Cites problems of areas with limited internet access.  Asks how high-performance computing will benefit them.

096

Wornath

Responds that not all rural areas will receive the same amount of benefit; however, areas with community colleges perhaps can provide access.   

140

Chair Dallum

Closes the informational meeting on high performance computing and adjourns the meeting at 2:08 p.m.

 

 

EXHIBIT SUMMARY

 

  1. High Performance Computing Infrastructure, General Proposal for Establishing, printed copy of PowerPoint presentation, Brian Wornath, 67 pp