Minnesota state agencies fend off approximately 3 million cyberattacks daily, a constant barrage that explains why Gov. Mark Dayton on Friday joined 37 other U.S. governors in pledging to make cybersecurity a shared top priority.
At a meeting of the National Governors Association in Providence, R.I., Dayton signed on to “A Compact to Improve State Cybersecurity.” The 38 governors, including those from Iowa and Wisconsin, agreed to develop or build upon statewide plans to combat cyberattacks against IT networks, and to protect both personal and government data stored on state systems.
Dayton, a DFLer, has called for more state funding for cybersecurity initiatives. He said Minnesota needs to build on work it has already started.
“I am proud that Minnesota has been a leader in cybersecurity, but we must do more,” he said. “As these threats increase in volume and sophistication, we must invest in critical upgrades, technology and talent to keep Minnesotans safe and secure online.”
State officials have said that Minnesota government agencies fend off about 3 million attempts to steal data each day. While hacks against high-profile companies such as Target have gotten more attention, state government systems are also vulnerable, as they hold sensitive information including bank account details, Social Security numbers and addresses.
A few hacks into state systems have made headlines, including an April e-mail “spear phishing” attack that targeted the state Department of Education. In that case, a hacker sent e-mails impersonating Education Commissioner Brenda Cassellius and seeking financial data. The attempt was ultimately unsuccessful. In June 2016, an attack on the Minnesota Judicial Branch’s website rendered it unusable for most of an entire day. An international hacker activist group known for attacks against government websites claimed responsibility.
In June of this year, a hacker who said he was retaliating over the acquittal of the St. Anthony police officer who shot and killed Philando Castile targeted the University of Minnesota’s computer system after similar attacks against Minnesota State University, Moorhead, and other state government databases. The hacker was able to send e-mail through the University of Minnesota system, but didn’t access private data.
Cybersecurity was the topic of the opening panel at the Governors Association’s summer meeting, which drew high-profile speakers including Vice President Mike Pence and Canadian Prime Minister Justin Trudeau.
Virginia Gov. Terry McAuliffe noted that attacks against targets as far-ranging as Netflix, the New York Times, and medical clinics and hospitals have dominated headlines in recent years.
He suggested that his colleagues think of their IT defense as “ a health issue, an educational issue, a public safety issue and an economic issue, as well as a democracy issue.” A guide compiled by the association notes that cyberattackers are generally motivated by either crime or a political or social cause, or as part of espionage or military efforts of various nations.
The governors’ agreement included a pledge to boost cybersecurity employment by working with colleges to increase the number of related degree programs; helping veterans enroll in cybersecurity training programs; and encouraging colleges and universities to seek a special National Security Agency certification.
Governors are also encouraged to incorporate the National Guard into their “cyber response plans” and to work with state lawmakers to determine when the Guard should be activated in the event of a cyberattack.
Minnesota IT Services Commissioner Tom Baden said the pact is a step forward to ensuring that the state is ready to “work collaboratively with our cities, counties and federal partners to enhance our defenses against these threats.”
The cybersecurity initiatives drew bipartisan support from the governors. Among the other state leaders who signed on to the document were Wisconsin Gov. Scott Walker and Iowa Gov. Kim Reynolds, both Republicans.
In February, Dayton proposed $125 million for state agencies to upgrade technology systems, improve cybersecurity defenses and head off data breaches. To date, the Legislature has not gone along with that recommendation.