ST PAUL, Minn. — As the threat from hackers and other cyberspace criminals rises in Minnesota, the state is ramping up efforts to prepare for the worst.
The Legislative Commission on Cybersecurity, which has oversight of those ongoing efforts to bolster defenses, was briefed Monday on expanded efforts to coordinates state and local planning and responses.
Much of the meeting was devoted to how the state's IT division, known as MN IT, is preparing for the types of massive cyberattacks that would cripple key government functions.
Deputy IT Commissioner John Israel said the effort has been ongoing for years to help state agencies develop plans for recovering from a digital invasion.
"We've been working to help state agencies inventory and prioritize their online systems," Israel told lawmakers.
"That is to say, whether it's those really critical priority one systems that need that immediate recovery, all the way down to priority four that could take 30 days or more, but the agency could continue to operate without if needed."
He said the agency will roll out its "Whole of the State" plan Tuesday, an initiative that will include grants to local units of government facing increasing numbers of cyberattacks and ransomware infections.
The panel also heard from Maj. Peter Kapelanski of the Minnesota National Guard's 177th Cyber Protection Team. He said National Guard cyber units around the country have been called on dozens of times in recent years, mostly to help with local units of government dealing with ransomware and data breaches.
Maj. Kapelanski said the team is available to lend expertise and personnel to the state except during those times when they're activated by the Dept. of Defense and deployed to a federal mission. One of those missions is on the near horizon, but efforts will continue to coordinate with government partners that may reach out to the 177th.
Minnesota IT has been tasked with a large new workload resulting from sweeping measures passed by lawmakers in the 2023 session. That includes the creation of new agencies such as the Office of Cannabis Management and the Department of Children, Youth and Families that will need internet connectivity and cybersecurity.
The Dept. of Human Services is going through a major overhaul when it comes to technology, and soon to follow will be the new Paid Family Leave Insurance system.
Deputy MN IT Commissioner Jon Eichten shared a new development on the marijuana front.
"We expect to sign a contract either today or tomorrow with a licensing system provider, a provider that's been successful in a number of other states, particularly on the west coast and Mountain West," Eichten said.
Data privacy and A.I.
Unfinished business from last session includes a bill from Rep. Steve Elkins, a Bloomington Democrat, to give people more control over their private data held by corporations.
"It says consumers ought to be able to ask a company what data it has about them, and be provided with a copy of it," Rep. Elkins explained.
"It allows consumers to opt out to having any of their data sold to data brokers, for categories of sensitive personal data that would include anything related to biometrics, location, any kind of that personal, sensitive data."
Elkins also serves on the National Conference of State Legislatures Task Force on Artificial Intelligence, Cybersecurity and Privacy. That group has been exploring issues touching on how A.I. is being used by the private sector to screen consumers applying for a variety of services.
"The company making a decision about whether you're going to get this apartment, or this insurance rate ought to be able to tell you in plain English why you didn't get it, and what you'd have to do to improve your score next time. If it's purely a black box and nobody can explain how it's working, or how it came to that decision, then it's an inappropriate use of the technology."