Much of Minnesota’s government infrastructure is nearly 30 years old, according to a government fact sheet, but the state is looking to get its IT up to speed, making room in its 2017 budget proposal to update its outdated IT infrastructure. Governor Mark Dayton has proposed $125 million in IT spending, $51 million of which will go toward upgrading the government’s IT infrastructure with the goal to create a more agile and responsive digital environment. The remaining $74 million will be earmarked to update cybersecurity for its digital infrastructure.
With the multimillion-dollar investment in the state’s 21st century digital infrastructure program, “Minnesota IT Services would be able to upgrade some of the state’s older systems, many of which are security liabilities,” the state noted in a January press release. “This investment would help guarantee a fast and secure way for Minnesotans to interact with the state.”
The state currently supports more than 35,000 users and secures the private data of an estimated 5.5 million Minnesotans, connecting 87 counties, 300 cities, and 200 public higher education campuses across the state. Like many state governments, Minnesota is wary of the growing number of cyberattacks aimed at government systems — with internet-accessible state systems experiencing an average of 3 million probes per day, according to the state’s cybersecurity website.
Minnesota isn’t a stranger to cyberattacks either: In June, hackers known as Anonymous Legion targeted Minnesota’s court system website with a dedicated denial of service (DDoS) attack, taking down the site for 10 days.
“Our technology systems keep state government running. If they go down due to cyber-attacks or other issues, millions of Minnesotans’ private data — over $28 billion in annual transactions, and over 300,000 daily transactions — are at risk,” said Minnesota CIO Thomas Baden, who will oversee a $27 million investment aimed at minimizing risk exposure by migrating business systems to upgraded, modern and more secure data centers.
With the investment, Baden would replace and upgrade unsecured networking gear, servers and workstations as well as reinforce the state’s cybersecurity team by adding staff, expanding monitoring and enhancing other core security services. According to Baden, the plan will aim to reduce the attack surface by consolidating state systems in secure, enterprise-level data centers as well as implement advanced security and monitoring tools in a shared environment.
He calls for an “aggressive” implementation of the plan, which was vetted by private-sector security leaders, to solidify the state’s cyberdefenses.
“A major cyberattack could jeopardize public safety and significantly disrupt Minnesotans’ daily lives,” Baden tells StateTech. “Nearly every critical government function and service relies on IT systems. Outdated or unsupported technology puts essential functions at risk. If these systems were taken down by individuals and groups determined to disrupt operations in Minnesota, state government would be unable to effectively deliver critical services.”
While Minnesota has not yet experienced an attack on its citizens’ private data, Governor Dayton believes the investments and upgrades in the IT and computer security systems are long overdue. And with DDoS, ransomware and internet attacks an ever-lingering threat, Baden also believes that delaying the IT investment will prove more costly in the long run.
“The cost of failing to bolster our cyberdefenses could be staggering. A South Carolina-sized breach would require the state to pay millions in identity theft protection costs, lead to millions of dollars in consumer fraud losses, and significantly diminish public trust in state government,” Baden says, referencing a South Carolina Department of Revenue report that found hackers obtained 3.6 million social security numbers from the state’s systems in September 2012. “The cost of doing nothing is too great.”