New requirement mandating public agencies report cyber incidents went into effect Dec. 1
12/2/2024 11:11:05 AM
St. Paul, MINN — As part of ongoing efforts to combat rising cyber threats targeting the public sector, a new cybersecurity incident reporting requirement went into effect on Dec. 1, 2024. This landmark legislation mandates that public agencies and affiliated entities report cybersecurity incidents to Minnesota IT Services (MNIT), enhancing the state’s ability to detect, respond to, and mitigate cyber threats.
Signed into law in May 2024 by Governor Tim Walz, the cybersecurity incident reporting law underscores Minnesota’s commitment to safeguarding its data, systems, and networks. By establishing a clear reporting process, the law strengthens the state’s collective cybersecurity posture and improves its overall resilience against evolving cyber-attacks. The reporting form and instructions were made available on Sept. 30, 2024, as required by the statute.
“Active participation is vital to strengthening the State of Minnesota’s defenses,” said John Israel, Chief Information Security Officer. “We appreciate the cooperation of organizations statewide as we work together to build a more secure future.”
The new cybersecurity incident reporting law has garnered widespread support from leaders across Minnesota, including those in K-12 education.
Eric Simmons, Director of Technology at Stillwater Area Public Schools, emphasized the importance of collaboration, stating, "Minnesota's cybersecurity incident reporting law highlights the critical collaboration between MNIT and school districts to combat growing cyber threats. Schools are prime attack targets, yet many lack the resources to respond effectively. This law supports all districts by fostering partnerships, enhancing communication, and prioritizing resources to safeguard students, staff, and educational services."
Anthony Padrnos, Executive Director of Technology of Osseo Area Schools, echoed his sentiment. "I applaud Minnesota's new cyber incident reporting law as an important step in fostering collaboration among government entities to combat cyber threats in Minnesota. Ensuring our state's critical infrastructure, including K-12 schools, can share and access vital security information is essential. This law empowers schools and agencies to act swiftly and effectively, strengthening protections against cyber threat actors and safeguarding the communities we serve."
MNIT and the Bureau of Criminal Apprehension (BCA) are leading the initiative, using incident data to:
The law applies to a wide range of organizations, including:
Organizations are encouraged to review the law’s requirements and comply if and when an incident occurs to help protect Minnesota’s digital infrastructure. To implement the new reporting process, MNIT engaged with local governments and K-12 entities by:
MNIT will continue providing updates and guidance to assist entities in meeting the new reporting requirements. More information about the law can be found at mn.gov/mnit/cir.
Minnesota IT Services, led by the state’s Chief Information Officer, is the Information Technology agency for Minnesota’s executive branch, providing enterprise and local IT services to over 70 agencies, boards, and commissions. MNIT employs more than 2,800 people. Together, we build, maintain, and secure the State’s IT infrastructure, applications, projects, and services. MNIT sets IT strategy, direction, policies, and standards for enterprise IT leadership and planning. We also serve Minnesotans by connecting all 87 counties, 300 cities, and 200 public higher education campuses across the state on the MNET network. Through public-private partnerships, our team proactively protects the state’s information systems and the private data of 5.7 million Minnesotans.
Cybersecurity
