April 12, 2018

Contact:

MNIT Communications

To keep citizens safe and Minnesota’s IT systems running despite a barrage of sophisticated cyber-attacks each day, Minnesota IT Services developed a plan to help level the playing field for state government.

SAINT PAUL, MN – Minnesota IT Services (MNIT) today unveiled a comprehensive plan to defend the state of Minnesota from attacks against its IT infrastructure. The five-year strategic plan prioritizes initiatives for the management, control, and protection of the state’s information assets. It also highlights specific milestones for the following year – things that MNIT expects to accomplish with existing resources.

Minnesota IT Services secures and manages systems at over 1,300 locations across Minnesota, and every day, it faces threats originating from over 150 countries. Some of these threats include:

• Denial of Service Attacks. Hackers bombard websites with so much traffic that the site cannot be accessed by legitimate customers.
• Ransomware Attacks. Hackers encrypt data and then extort money from their victims, who must pay to get the security codes to recover their data. In most cases, hackers destroy the data after a short period of time if the victim fails to pay up.
• Internet Attacks Against State Agencies. Hackers routinely attack computer systems that are connected to the Internet. On average, state systems that are accessible from the Internet are probed over 3 million times daily.
• Internet Attacks Against State Vendors. Hackers target private-sector companies who provide services to help state agencies operate many critical systems.

“Every day we see both in the news and across Minnesota’s digital networks that the cyber threat is growing more sophisticated, more skilled, more organized, and more professional,” said Commissioner Johanna Clyborne. “On behalf of the people of our state, we need to shore up our cybersecurity defenses against those intent on stealing our personal information or disrupting the services on which so many Minnesotans rely. We know this fight requires strict attention and diligence as the battlefield evolves rapidly. By investing in this plan, we will be better equipped to prevent disruptive attacks and protect the people of Minnesota.”

The Information Security Strategic Plan organizes Minnesota’s cyber-strategic approach into four different categories: Proactive Risk Management, Improved Situational Awareness, Robust Crisis and Incident Response, and Partner for Success. These four categories encompass every angle of strategy from developing secure applications, conducting continuous risk assessments, detecting and responding to security incidents more quickly, to educating employees and government leaders about risk management.

“Government systems are a target,” said Aaron Call, Minnesota’s Chief Information Security Officer. “In 2017, our nation saw high profile data breaches in various industries and services that directly impacted citizens’ personal and financial security. It’s no secret that malicious cyber-attackers probe state systems over 3 million times each day looking for vulnerabilities. We have a lot of work to do, but I’m confident that executing on our strategic plan will help us to proactively mitigate risks and protect Minnesotans.”

In total, Minnesota IT Services’ plan identifies 18 major strategies that MNIT hopes to achieve over the next five years, resources permitting. Addressing these strategies will require assistance from policymakers and business leaders.

Governor Dayton's 2018 Budget for a Better Minnesota would invest $19.7 million to minimize the state’s risk exposure by migrating business systems to upgraded, modern, secure data centers. It would replace and upgrade unsecure networking equipment, servers, and workstations. It would also fund the deployment of sophisticated software to combat increasingly complex hacker attacks, and procure services for continuous security monitoring, penetration tests, and independent security audits. In addition, the proposed investment would reinforce the State’s cybersecurity team by adding well trained staff, and expanding monitoring and other core security services. Read more about the Governor’s proposal.

Minnesota IT Services continues the fight to protect citizen’s personal information and keep state systems running. Minnesotans are encouraged to gather information about state efforts, share resources, and learn more at MNIT’s website.

About Minnesota IT Services

Minnesota IT Services, led by Minnesota’s Chief Information Officer, is the Information Technology agency for Minnesota’s executive branch, providing enterprise and local IT services to over 70 agencies, boards and commissions. Minnesota IT Services builds, maintains, and secures the State’s IT infrastructure, applications, projects and services. We work to set IT strategy, direction, policies and standards for enterprise IT leadership and planning. We also serve Minnesotans by connecting all 87 counties, 300 cities, and 200 public higher education campuses across the state on the MNET network. Through public-private partnerships, our team proactively protects the state’s information systems and the private data of 5.5 million Minnesotans.

Information and Resources

• /mnit/assets/data-breach-cost-infographic_tcm38-335672.pdfCost of a Data Breach Infographic
• /mnit/assets/data-breach-cost-infographic-text-version_tcm38-335671.pdfCost of a Data Breach Infographic (text version)
• /mnit/assets/securing-the-state_tcm38-335673.pdfSecuring the State
• /mnit/assets/security-tip-mail_tcm38-335663.pdfSecurity Tip: Email Attacks
• /mnit/assets/security-tip-shopping_tcm38-335665.pdfSecurity Tip: Safe Online Shopping
• /mnit/assets/security-tip-passwords_tcm38-335664.pdfSecurity Tip: Safe Passwords

###