[ST. PAUL, MN] – Governor Tim Walz today signed Executive Order 22-20, requiring Minnesota’s state agencies to work with critical infrastructure providers to improve information security programs across the State of Minnesota.

The critical infrastructure that protects Minnesotans’ health and safety faces increasingly sophisticated cyber-attacks. To elevate Minnesota’s critical infrastructure cybersecurity defenses in a continuously evolving threat landscape, Minnesota will assist critical infrastructure operators and owners in continuously improving their information security programs.

“We must do all that we can to strengthen the state’s cybersecurity,” said Governor Tim Walz. “Minnesota’s critical infrastructure is operated and owned by both the public and private sectors, and we have a shared responsibility to defend it. By taking steps to understand educate, support, and encourage the adoption of cybersecurity best practices, we can enhance our capabilities to safeguard our interconnected critical infrastructure.”

“We are grateful for the continued leadership of Governor Walz in cybersecurity,” said MNIT Commissioner Tarek Tomes. “As the risk of cyber threats continues to increase, we must prioritize cybersecurity and build awareness throughout Minnesota to safeguard critical technology and protect the data of all Minnesotans.”

The Executive Order:

• Directs state entities with regulatory oversight of critical infrastructure providers to identify and focus resources to protect Minnesota’s critical infrastructure. It also directs state entities with regulatory oversight of critical infrastructure providers to aid those operators with performing risk assessments and prioritizing defenses to counter immediate cyber threats.
• Emphasizes the need to secure state government cyber defenses by directing state agencies to prioritize patching critical vulnerabilities, take additional steps to prepare and practice response to cyber-attacks, and identify additional opportunities to further state cybersecurity.
• Advances information-sharing with the Minnesota Fusion Center (MNFC) and Minnesota IT Services (MNIT) during critical cybersecurity events, and it provides instructions for state agencies to implement cybersecurity best practices.

Executive Order 22-20 goes into effect fifteen days after publication in the State Register and filing with the Secretary of State.