A new statewide cybersecurity plan launched last week by Minnesota IT Services (MNIT) and the Minnesota Cybersecurity Taskforce is a first-of-its-kind plan in the state geared towards strengthening cybersecurity capabilities.
The Whole-of-State Cybersecurity Plan consists of $23.5 million in new funding from the federal State and Local Cybersecurity Grant Program (SLCGP) and the Minnesota Legislature.
"The biggest opportunity that I personally see is an opportunity and ability to provide crucial cyber resources and sophisticated tools to organizations in Minnesota and throughout Minnesota," said Tarek Tomes, MNIT Commissioner and State of Minnesota Chief Information Officer. "In particular, ones that are under resourced, smaller ones, that may not have large staffs or have access to enterprise class cyber capabilities."
The plan looks to partner with county, city, and township governments, K-12 public education, local government consortiums, and a number of other public entities, including the Minnesota National Guard.
In total, the Whole-of-State Cybersecurity Plan looks to establish a cybersecurity standard for 3,500 government entities in Minnesota.
"I think the funding and the services that that funding creates really allows smaller organizations to bring their cyber capabilities up to a certain maturity level," added Tomes. "We're certainly excited to provide those resources."
Several data breaches have grabbed headlines this year across Minnesota including breaches impacting the Minnesota Department of Education, the University of Minnesota, Minneapolis Public Schools, and even Saint Paul Public Schools.
Tomes says cybersecurity incidents continue to be top of mind for Minnesotans.
"The data breaches we see certainly extend well beyond public sector. If you look at incidents that happen across the country or globally, the really happen in all walks of life whether it's private life, private organizations, or public sector organizations. I think frequently in particular for smaller organizations, it is a matter of making sure resourcing exists to put a fundamental layer of security capabilities in-place."
According to MNIT's Annual Report, malware made up 245 of the 1,006 reported security incidents in 2022. The total number of cybersecurity incidents is likely much higher than what the final numbers show.
"That number doesn't represent always big security incidents, it represents even smaller ones, things that we register where we investigate, mediate, or prevent a cyber activity from taking place," Tomes said. "The number of events that have huge impact, or exposure for Minnesotans is certainly much larger. The number of total incidents throughout the state, I'm sure, is significantly, significantly higher."
Minnesota IT Services has a complete list of tips to help individuals and organizations with cybersecurity including how to detect email attacks, shop safely online, and how keep passwords strong and secure.