Welcome to New America, redesigned for what’s next.

A special message from New America’s CEO and President on our new look.

Read the Note

Close

State flags

Cybersecurity for the States: Lessons from Across America

Table of Contents

Appendix II: Arizona and the Arizona Cyber Threat Response Alliance (ACTRA): The Community Approach

Overview

To tackle the cybersecurity challenges facing the state, Arizona has created a “team of teams.”1 One of these teams, the Arizona Cyber Threat Response Alliance (ACTRA), is an Information Sharing and Analysis Organization (ISAO) formed in 2013. Its stated mission is to serve as the “hub for collaborative cyber information sharing in a neutral environment of trust where partners from industry, academia, law enforcement and intelligence come together, leveraging cross-sector resources to more effectively analyze critical, real time intelligence and respond to emerging cyber threats to Arizona’s Critical Infrastructure and Key Resources.”2

ACTRA has its roots in the Arizona InfraGard3 and remains wholly independent of, but closely aligned to that organization as its “operational cyber arm” by agreement. In 2012, the AZ InfraGard initiated a planning effort, led by current ACTRA CEO Frank Grimmelmann, to understand and respond to barriers to effective bi-directional communication and information sharing between private and public sector organizations. Although this effort was led by members of the private sector, there was active involvement from the local Federal Bureau of Investigation (FBI) and U.S. Department of Homeland Security (DHS) offices and the Arizona Counter Terrorism Information Center (ACTIC). The study found a need for a separate but affiliated non-profit entity that could serve as the “self-governed private sector controlled hub for cyber information exchange and response.”4

This arrangement allows ACTRA to focus only on cybersecurity information sharing and communication needs, and creates an effective, independent conduit (or buffer) between its private sector and public sector Member Organizations, and the agencies nationally. This separation engenders trust in the anonymization of data shared with government agencies, and helps to coordinate the efficient flow of communication. Rather than place the burden on public sector agencies to choose which private sector entities to inform and involve in specific cybersecurity efforts, ACTRA serves as the point of contact for its private and public sector Members, engaging the various members as needed. Its affiliation with InfraGard—all direct member touchpoints of ACTRA must also be InfraGard members—allows ACTRA to pre-vet its members without additional expenditure of resources.

Representatives from ACTRA sit in the ACTIC, Arizona’s “all-hazards” Fusion Center that serves as Arizona’s analytic and dissemination organization statewide. ACTRA’s president also sits on the ACTIC’s executive board representing private sector, as a bridge to law enforcement and intelligence. The Fusion Center processes various threat and information feeds and communicates critical information to state/local/tribal entities, critical infrastructure operators, and nontraditional organizations. Structurally, the ACTIC sits within Arizona’s Department of Homeland Security, although the chief information security officer for the state reports directly to the Arizona CIO, who resides in the Arizona Department of Administration.

Arizona also runs several other initiatives, some of which are run in concert with or are supported by ACTRA. These include various exercises that span across the private and public sectors, including federal and state partners, including regional cybersecurity workshops that reached over 750 people in the latter half of 2017, mostly in underserved areas. The State CISO and the ACTRA’s CEO, Frank Grimmelmann, co-chair the new Arizona Cybersecurity Team (ACT), an executive level initiative launched in 2018 by Governor Doug Ducey to coordinate the various groups around Arizona working on cyber issues. The ACT includes representatives from federal, state (legislative and executive branches), and local government, the private sector, and higher education.5 These members represent the various groups with a stake in cybersecurity in the state; given Arizona’s established strategy of working through a team of teams, this organization will help to formalize this structure.

The following section describes the successes and challenges of having strong private sector leadership and widespread involvement in a state’s cybersecurity program, and the factors that have enabled this model to flourish in Arizona.

Successes

Information Sharing

Fusing Member Organization policymakers, legal representatives and technical professionals, ACTRA’s information sharing initiatives are diverse and highly dependent on the culture of trust established throughout the organization and its members. This sense of assurance is established first at the personal level, and subsequently empowers organizational dealings at every level. All ACTRA members sign an NDA, which prevents them from discussing any details about ACTRA or its member companies without explicit permission to do so. “Chatham House Rules” are also mandated for every ACTRA event. Because the information shared and the platform on which data is shared are owned by the member organizations themselves, members don’t feel as though they are communicating directly with a U.S. government agency, and have greater confidence in the anonymization of the information sharing.6 If the government needs or desires to identify the originator of the intelligence, they can route the request through ACTRA.7

The need to share and deliver accurate information is manifested in efforts to align the self-interest of all key stakeholders, and drives ACTRA’s National Security/Risk Management Value Proposition. ACTRA’s goal is to “deliver a timely, cost effective, actionable individual and/or collective response to protect individual critical sector corporate assets, and improve our national security through adopting a unique collaborative structure.”8 In order to do so, ACTRA and its members place a heavy emphasis on the quality and value of the intelligence it shares. For its direct or manual information sharing mechanisms, ACTRA strongly suggests that intelligence shared be limited to new or unusual tactics, techniques, and procedures (TTPs), and/or vulnerabilities.9

Specific information sharing initiatives include email alerts sent directly by members to other vetted member touchpoints, specialized sharing per industry (e.g. supplier threats to an industry), disseminating information via a shared threat intelligence system that includes STIX/TAXII feeds and a plug-in for most SIEM platforms, and both unclassified and classified ACTRA FBI Tear Sheet Exchanges held at the Arizona Fusion Center, that include FBI and other agency briefs. The latter briefings, facilitated by the FBI and DHS agencies, are held monthly (classified briefings being held quarterly,) and are open to all members and key agency stakeholders under Chatham House Rules and legal protection. The briefings are essential to developing a working relationship and inter-reliance between private and public-sector individuals and cyber professionals, and agency stakeholders within the state of Arizona. If the government stakeholders share real actionable information, private institutions are more likely to share information back. The discussions that stem from these briefings are also useful both for the private sector representatives in attendance and for the government briefers, as they often go further into detail and impact than a one-directional briefing could achieve.10 Regular C-Level roundtables coordinated by Arizona’s CISO Mike Lettman also aid in this ongoing effort.

Box 4

The Threat Unit Fellow (TUF) Program

ACTRA’s information sharing efforts are facilitated by the Threat Unit Fellow (TUF) Program. The ACTRA Cybersecurity Academy (ACA) runs a 300-hour apprenticeship/training program with a robust cyber threat analysis curriculum, and real-world experience across all ACTRA organizations. Upon graduation from this program, TUF members become a part of the ACTRA Virtual SME11 Response TUFTeam (VSRT) and serve as analysts in ACTRA and at their own organizations, where they can feed information to the Threat Intelligence Platform and provide a virtual watch center service. This is further complemented by a physical Watch Center that triages incidents among VSRT TUFTeam members. These physical ACTRA trained TUFTeam VSRT members are employed by a MSP stakeholder, and have dedicated hours and bifurcated systems so that they can monitor the ACTRA systems and their own client systems simultaneously. However, ACTRA information is fed only back to those customers who are members of ACTRA.12 Additionally, ACTRA distributes formal non-attributed advisories as requests for information (RFI) across the InfraGard and ACTIC networks. By exception approved by a Member Organizations, these can be shared with attribution with these external networks or a subset of them under the control of the member.

The TUFTeam Training is available to ACTRA Member professionals across the private and public sector and serves to build relationships between individual organizations and across sectors. Thus far, private sector, state, federal and local analysts have gone through the training; law enforcement officials and National Guard service members are scheduled to attend a session in the second quarter of 2018, while keeping the lanes in the road separate to align diverse stakeholder’s self-interests.

Workforce Development

In addition to the TUFTeam/VSRT programs, ACTRA has several collaborative volunteer-driven Cyber Warfare Ranges “in the wild” for community leveraging community outreach and workforce development. One range is physically located at Grand Canyon University (but not a university resource), and the second range is located in the City of Mesa’s Arizona Labs also operating independently through an identical structure. These ranges “enable penalty-free offensive and defensive exercises, and real-world operations that provide knowledge and forensic insight into how to better defend infrastructure by getting into the head of the adversary.”13 They also enable security professionals to test defensive infrastructure without risking actual organizational data.14

These collaborative endeavors also serve as a training ground for any individuals who may want to gain practical expertise in the field. A headhunter volunteers at the range to help place individuals who have gained experience on the range with companies needing security professionals.15 Volunteers at the ranges are working on curriculum sets that would institutionalize some of the training elements and make it more aligned with prospective employers.

ACTRA and its members also work with the Phoenix Chamber of Commerce, which has a cyber workforce collaborative initiative directed by Jennifer Mellor. One initiative, which utilizes the SkillBridge16 and Career Skills Program (CSP),17 both offered by the U.S. Department of Defense, provides government sponsored six-month apprenticeships in public and private organizations for service members leaving the military. Once that period is completed, companies who take part in the program providing internships can then hire the trained individual at their own discretion. This program was discovered by an ACTRA member company as part of their relationship with southern Arizona military facilities and has now expanded as a pilot to other members and to other military installations in Arizona.18 In turn, ACTRA just announced that the program will be rolled out across all of Arizona shortly through a rapid deployment methodology developed during the ACTRA pilot in cooperation with the ACTRA Member Organization serving as the Team Lead.

Cyber Defense

ACTRA is written directly into the Cyber Annex to Arizona’s emergency response plan.19 Per this plan, in the case of an incident, ACTRA is tasked along with bidirectional communications to:

  • provide resources to the Arizona Department of Administration and all Arizona state government agencies upon request;
  • assist the FBI with managing and facilitate the state’s role in critical infrastructure protection; and
  • communicate and report information on observed cyber security incidents.

Since its inception, ACTRA has yet to be called upon for such a coordinated incident response, but after news broke about Russian targeting of the Arizona election system in 201620, state officials received offers for aid from several members of ACTRA.21 ACTIC and ACTRA have also held multiple exercises to coordinate efforts in the case of an incident.22 Additionally, ACTRA VSRT Members have been stood up alongside agencies in the Multi-Agency Coordination Center (MACC) during a major event and expect to during other major Arizona events in the future.

ACTRA also facilitates participation in regional and national table top and live exercises run by DHS, DoD, and other organizations.23 Representatives from public and private member organizations regularly participate in these exercises, which further increases the personal ties in the cyber ecosystem and provides exposure to national efforts and related activities performed in other areas of the country.24

ACTRA has three additional programs designed to increase the capabilities of cyber defense within its purview. The first such program is the ACTRA Think Tank, an invitation-only brain trust of experts who can translate the challenges experienced by members and threats observed on the ranges to solutions for the market. The think tanks drill down into particular issues and sometimes uses a member organization’s infrastructure (with member approval) to test solutions. The ACTRA Special Operations Group then operationalizes those findings. These two teams have made progress in efforts to increase reliable automation by connecting various SIEM platforms with ACTRA’s Threat Intelligence system, and to leverage resources in the development of additional solutions available across ACTRA.

The third program is channeled through a local university and enables students to perform open source cyber intelligence collection. In large part because of ACTRA’s imprimatur (or engagement), the Phoenix FBI, DHS and other agency stakeholders supports the program, and agency stakeholders provide briefings to the students on how to remain legal in their activities.25 With its deep network, ACTRA also serves as a point of contact for technology transfer programs within universities and chosen vendor stakeholders, when they might be looking for potential pilot sites or feedback on new cyber technologies.26

Challenges

Locality

The ACTRA model depends heavily on the relationships built within its community. At its core, ACTRA is a grass roots organization conceived and constructed by its constituency for its members, both organizational and individual/professional. For entities outside of the Phoenix area, attending regular and frequently scheduled meetings is an onerous investment of time and travel, especially given the demands on the types of senior executives that should be participating.27 Although some members have advocated for virtual meetings, which now occur monthly and quarterly, the experience is not as rich as participating personally; there are also significant roadblocks to conducting the classified briefings remotely through secure video telecommunications. ACTRA is also expanding its efforts using out of state Member Organizations as the catalyst for collaborative but individual grass roots initiatives in other areas of the country, driven by the local leadership to reflect the unique aspects of the community but have the ACTRA model as a foundation for building capacity.

Local engagement creates further challenges for member firms with professionals in multiple areas. ACTRA training is only available at its designated facilities; if an organization has its security staff employed in a distant location, they must front the cost for travel and accommodation for portions of the training. Finally, some ACTRA information may be duplicative with that received by employees from other areas, adding a step of deconfliction with already reported or differing intelligence.28

Member Limitations

Although ACTRA’s fees for service and participation in the organization and its programs are a fraction of the cost of membership for most Information Sharing and Analysis Centers (ISACs), there is some barrier to entry created by such dues and charges. Non-members do not receive direct benefits beyond the formal RFI advisories, although they further profit from the improvements to the ecosystem. Smaller companies may also not have the in-house expertise to be properly analyze and act on the information they receive.29 This is proactively addressed through the availability of automation where possible and in the future, and special MSP relationships.

Larger ACTRA members and outside stakeholders voluntarily donate additional funds, thereby keeping the general membership costs low, and chosen stakeholders offer discounts for services provided to members.30 Even beyond the cost factor, other limitations present ongoing obstacles to full private sector market penetration. Procuring buy-in from corporate executive and legal teams has proven to not be an impediment given ACTRA’s formula, including the information sharing initiatives. That said, both policymakers and lawyers need to be educated at times, particularly around information sharing. ACTRA’s board includes senior legal representatives from fortune 50 member companies, facilitating informed stakeholders proactively supporting the mission.31

Information Sharing

Although some machine-to-machine interface progress has been achieved toward automating the information sharing process, much of ACTRA’s dissemination process remains manual as a result of the ubiquity of certain existing tools and norms. If an organization does not have a compatible SIEM platform, or if the internal security structure does not allow such a connection, all information sharing and receiving methods must be manual and can be relegated to e-mail and other communication platforms, resulting in delays in delivery. Uniform display of information beyond the Threat Intelligence Platform—dashboarding—is also a work in progress.32

Facilitating detailed information release back to U.S. government agencies in a non-anonymized manner involves information requests being manually routed back to the company of origin for clearance unless the authorize the sharing on submission. This process can take a prolonged period of time, resulting in deferred delivery and supplementary resources required to complete the task.33 That said, the consensus of those interviewed is that ACTRA’s information sharing occurs exceptionally quickly due to the flat responsive network, compared to other solutions.

Dependencies

Leadership

Founder Frank Grimmelmann has been the face of ACTRA since its inception. His relationships with cyber professionals, business and government agencies around the state, the region, and the country have brought in new members, encouraged others to participate, and opened a multitude of doors. Frank provides the vision and is the face of the organization, both internally and to those outside ACTRA, a critical element that continues to align the various interests of the individuals and organizations involved.

In the various interviews conducted for this study, multiple stakeholders drew attention to the strength of Frank’s leadership and his role in keeping a consistent voice as an advocate for strengthening the ecosystem. The member organizations also trust Frank and the operational systems/processes in place to be their anonymizing proxy, enabling the efficient and effective involvement of the private sector in state and federal cybersecurity initiatives in Arizona.

However essential Frank has been to ACTRA, the concept has proven to extend beyond Arizona and Frank’s direct involvement. WICTRA, the Wisconsin Cyber Threat Response Alliance, led by Jerry Eastman, is well on its way to demonstrating that localized versions of the ACTRA model are replicable and scalable.

Trust

This trust now extends beyond Frank to and among the members of the organization itself. Because ACTRA is operated independently and outside the government agencies with which it is involved (receiving no federal funding or grants), and as it continues to be built on a framework of personal and professional relationships, member organizations are more likely to share information back through ACTRA. Its proven system of anonymity instills confidence, and its focus on the value proposition encourages strong participation.

Box 5

WICTRA

The Wisconsin Cyber Threat Response Alliance (WICTRA) is an organization built on the ACTRA model and adapted for the needs, challenges, and realities for member organizations in Wisconsin. While WICTRA is maturing, members receive dual membership in both WICTRA and ACTRA so that they can take advantage of the information and training available to ACTRA members while participating in the local meetings in Wisconsin. Eventually, each organization will be “independent,” yet maintain a very close collaborative, peer-to-peer relationship.34

Jerry Eastman, the CEO of WICTRA, envisions services very similar to those offered to ACTRA members, but likely more virtualized given the wide geographical spread of members. WICTRA also faces some additional challenges in working with the State of Wisconsin government, which unlike Arizona has individual CIOs and CISOs for each of the 30+ executive agencies. Although there is a state CIO and CISO, each of the agency officers play a large role. Wisconsin is a “Home Rule” state, thus each county government reports unto itself, thus the 72 counties, cities, villages, and tribal entities typically have their own IT structure, such as CIOs and CISOs. IT (especially for cyber) Resources (personnel and funding) are scarce at the local level of government. Like Arizona, Wisconsin has a State Fusion Center, the WI Statewide Intelligence Center (WSIC). WICTRA members are already serving in shifts in the center multiple days a week to help connect WSIC with the private sector and provide intelligence and context when possible.35

USG Participation

The willingness to share by U.S. government entities in the area (FBI, DHS, TSA, and others) fosters greater participation, as members feel that they are getting a return on their investment of time, funding, information and resources.36 These public sector institutions have strong relationships in other areas, such as physical security, that have helped bring in new members.37 This convergence of the physical and cyber worlds is being further leveraged through the FBI InfraGard program and relationships.

State Leadership

Having strong leadership at the state level, particularly by the CISO (who is an ACTRA Board Member, with the State of Arizona as a member organization) and the Arizona Department of Homeland Security, has dramatically increased the effectiveness of ACTRA’s programs. The state and its representatives conduct multiple exercises that include ACTRA member organizations, hold networking and information sharing events, and exhibit a willingness to participate in ACTRA’s programs.38 Efforts such as state-offered training and contract negotiation (available to public entities only), which has enabled local governments to take advantage of state pricing opportunities in this sector, have further enriched the cyber ecosystem as a whole.

Community

The local community of information security professionals in Phoenix is a particularly active and collaborative one, built on working relationship and trust engendered over time. There are multiple sporting venues, which attract population densities for events and create a need for frequent and regular exercises, preparation, workforce and economic development collaboration, and information sharing between a range of public and private sector entities. Arizona is also large enough to have institutes of higher education fostering a large talent pool, and a vibrant and growing roster of companies across a broad range of industry; the region, however, is home to few Fortune 500 companies, which could dominate any conversation and present significant proprietary barriers to entry and participation, however in practice this has not proven to be the case even among fortune 50 companies. This combination of local interest and engagement has created a more collaborative community and one that is increasingly informed and enthusiastic about the ACTRA mission.39

Citations
  1. Grimmelmann, F. (2018, 1 Multiple Interviews). CEO, ACTRA. (N. Cohen, Interviewer)
  2. Arizona InfraGard. (2018, 3 25). Arizona Cyber Threat Response Alliance. Retrieved from Arizona InfraGard: source
  3. InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for public-private collaboration with government to expedite the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure.
  4. Arizona InfraGard. (2018, 3 25). Arizona Cyber Threat Response Alliance. Retrieved from Arizona InfraGard: source
  5. Governor Ducey Announces Appointments to Arizona Cybersecurity Team. (2018, 3 7). Retrieved from Office of the Governor Doug Ducey: source
  6. Figueroa, C. (2018, 1 19). Protective Security Advisor for Arizona, Department of Homeland Security. (N. Cohen, Interviewer)
  7. ACTRA Member Roundtable. (2018, 1 19). (N. Cohen, Interviewer)
  8. Arizona InfraGard. (2018, 3 25). Arizona Cyber Threat Response Alliance. Retrieved from Arizona InfraGard: source
  9. Grimmelmann, F. (2018, 1 Multiple Interviews). CEO, ACTRA. (N. Cohen, Interviewer); ACTRA Member Interviews. (2018, 1 18 & 19). (N. Cohen, Interviewer) Note: Because ACTRA members are under NDA they cannot be cited specifically. The author spoke with 14 individual ACTRA members from both the public and private sectors.
  10. Hellmer, M. (2018, 1 19). SSA Phoenix Cyber, Phoenix FBI Field Office. (N. Cohen, Interviewer)
  11. Subject Matter Expert
  12. ACTRA Member Interviews. (2018, 1 18 & 19). (N. Cohen, Interviewer) Note: Because ACTRA members are under NDA they cannot be cited specifically. The author spoke with 14 individual ACTRA members from both the public and private sectors.
  13. Grimmelmannn, F., Halla, D., & Nix, M. (2016). A Development Guide for Regionally Based Information Sharing and Analysis Organizations. Laurel, MD: Johns Hopkins Applied Physics Laboratory.
  14. ACTRA Member Interviews. (2018, 1 18 & 19). (N. Cohen, Interviewer) Note: Because ACTRA members are under NDA they cannot be cited specifically. The author spoke with 14 individual ACTRA members from both the public and private sectors.
  15. Halla, D. (2017, 12 7). Senior Advisor, Johns Hopkins Applied Physics Laboratory. (N. Cohen, Interviewer)
  16. DoD SkillBridge: source
  17. U.S. Army Installation Management Command. (2017, 7 12). Army Career Skills Program. Retrieved from Stand-To!: source
  18. ACTRA Member Roundtable. (2018, 1 19). (N. Cohen, Interviewer); Mellor, J. (2018, 1 18). Vice President of Economic Development, Phoenix Chamber of Commerce. (N. Cohen, Interviewer)
  19. Arizona State Emergency Response and Recovery Plan. (2016, 9 1). Retrieved from Arizona Department of Emergency Management: source
  20. Nakashima, E. (2016, 8 29). Russian hackers said to have targeted Arizona election system. Washington Post. Retrieved from source
  21. ACTRA Member Interviews. (2018, 1 18 & 19). (N. Cohen, Interviewer) Note: Because ACTRA members are under NDA they cannot be cited specifically. The author spoke with 14 individual ACTRA members from both the public and private sectors.
  22. ACTRA Member Roundtable. (2018, 1 19). (N. Cohen, Interviewer)
  23. ACTRA Member Roundtable. (2018, 1 19). (N. Cohen, Interviewer)
  24. ACTRA Member Roundtable. (2018, 1 19). (N. Cohen, Interviewer)
  25. Grimmelmann, F. (2018, 1 Multiple Interviews). CEO, ACTRA. (N. Cohen, Interviewer); Hellmer, M. (2018, 1 19). SSA Phoenix Cyber, Phoenix FBI Field Office. (N. Cohen, Interviewer)
  26. Shakarian, P. (2017, 12 13). Fulton Entrepeneurial Professor, Arizona State University. (N. Cohen, Interviewer)
  27. ACTRA Member Roundtable. (2018, 1 19). (N. Cohen, Interviewer); ACTRA Member Interviews. (2018, 1 18 & 19). (N. Cohen, Interviewer) Note: Because ACTRA members are under NDA they cannot be cited specifically. The author spoke with 14 individual ACTRA members from both the public and private sectors.
  28. ACTRA Member Interviews. (2018, 1 18 & 19). (N. Cohen, Interviewer) Note: Because ACTRA members are under NDA they cannot be cited specifically. The author spoke with 14 individual ACTRA members from both the public and private sectors.
  29. ACTRA Member Roundtable. (2018, 1 19). (N. Cohen, Interviewer)
  30. Grimmelmann, F. (2018, 1 Multiple Interviews). CEO, ACTRA. (N. Cohen, Interviewer)
  31. ACTRA Member Interviews. (2018, 1 18 & 19). (N. Cohen, Interviewer) Note: Because ACTRA members are under NDA they cannot be cited specifically. The author spoke with 14 individual ACTRA members from both the public and private sectors.
  32. Grimmelmann, F. (2018, 1 Multiple Interviews). CEO, ACTRA. (N. Cohen, Interviewer)
  33. ACTRA Member Interviews. (2018, 1 18 & 19). (N. Cohen, Interviewer) Note: Because ACTRA members are under NDA they cannot be cited specifically. The author spoke with 14 individual ACTRA members from both the public and private sectors.; Hellmer, M. (2018, 1 19). SSA Phoenix Cyber, Phoenix FBI Field Office. (N. Cohen, Interviewer)
  34. Eastman, J. (2018, 3 15). CEO, WICTRA. (N. Cohen, Interviewer)
  35. Eastman, J. (2018, 3 15). CEO, WICTRA. (N. Cohen, Interviewer)
  36. ACTRA Member Interviews. (2018, 1 18 & 19). (N. Cohen, Interviewer) Note: Because ACTRA members are under NDA they cannot be cited specifically. The author spoke with 14 individual ACTRA members from both the public and private sectors.
  37. Figueroa, C. (2018, 1 19). Protective Security Advisor for Arizona, Department of Homeland Security. (N. Cohen, Interviewer)
  38. ACTRA Member Interviews. (2018, 1 18 & 19). (N. Cohen, Interviewer) Note: Because ACTRA members are under NDA they cannot be cited specifically. The author spoke with 14 individual ACTRA members from both the public and private sectors.; ACTRA Member Roundtable. (2018, 1 19). (N. Cohen, Interviewer)
  39. ACTRA Member Interviews. (2018, 1 18 & 19). (N. Cohen, Interviewer) Note: Because ACTRA members are under NDA they cannot be cited specifically. The author spoke with 14 individual ACTRA members from both the public and private sectors.

Close

Appendix II: Arizona and the Arizona Cyber Threat Response Alliance (ACTRA): The Community Approach

View as PDF

Table of Contents

Close

Cybersecurity for the States: Lessons from Across America