Securing the State

To protect the over 35,000 state employees who use Minnesota’s systems and the 5.7 million Minnesotans who have private data secured by the state, Minnesota IT Services continually works to meet the ever-evolving cybersecurity threat to Minnesota’s IT systems. Cybersecurity is one of the most critical functions that MNIT is tasked with.

Security teams are embedded within state agencies to get a deeper understanding of their business needs, compliance requirements, goals, and culture. Enterprise security teams provide statewide services in core service areas to all MNIT partners. MNIT consciously bakes cybersecurity into every project, service, and system for the state of Minnesota. MNIT’s security operations management teams serve state and local governments statewide, tracking and analyzing cyber threats through the Minnesota Fusion Center, and deploying advanced security protections and incident response to local government throughout Minnesota.

Security Programs

Vulnerability Disclosure Program

The Vulnerability Disclosure Program allows any person or security researcher to report suspected weaknesses, flaws, or errors to better ensure the security and privacy of State of Minnesota executive branch systems and data. Learn more about how to report a vulnerability, what we ask of researchers, and what researchers can expect from MNIT.

Statewide Security Monitoring Initiative (SSMI)

The Statewide Security Monitoring Initiative (SSMI) is a program devoted to protecting the data of all Minnesotans by partnering with participating county governments, port cities, and tribal nations to ultimately fortify the cybersecurity of the entire state of Minnesota.

• Provides: Infrastructure, hardware, and software for cybersecurity detection and monitoring, security event detection, incident validation, and incident response support for suspicious and malicious network events

• Focus: Improving situational awareness of and response to cybersecurity incidents that impact Minnesota government, specifically counties, port cities, and tribes

The SSMI program creates a layered approach to security starting with secure access to MNET through partnering with a vendor that provides 24/7 endpoint protection monitoring service. SSMI offerings also include external and internal vulnerability scans for partner agencies.

State and Local Cybersecurity Grant Program (SLCGP)

The State and Local Cybersecurity Improvement Act, passed in the Infrastructure Investment and Jobs Act / Bipartisan Infrastructure Law / Public Law 117-58, provides for the potential of approximately $23 million over four years for cybersecurity risk mitigation across Minnesota. This legislation creates a new grant program, the State and Local Cybersecurity Grant Program (SLCGP) through the U.S. Department of Homeland Security to be administered by the Federal Emergency Management Agency (FEMA) and the Cybersecurity and Infrastructure Security Agency (CISA).

The State and Local Cybersecurity Grant Program (SLCGP) requires an increasing state match each year and offers an option to potentially defer the first-year match if state budgets were approved prior to the launch of the program. MNIT submitted an application on November 15, 2022 apply for the SLGCP on behalf of the state and ensure Minnesota can benefit from the program. Local governments do not need to take any action at this time.

CISA-provided answers to SLCGP questions are continually updated and provided on the SLCGP FAQ page. More information on this program will be posted when available. No funding from this program is expected until early to middle 2023.