Protecting citizens from cyber attack

330
cyberarms.wordpress.com/2014/04/10/amazing-real-time-cyber-threat-map-by-kaspersky/

Cyber attacks have become increasingly common over the last few years. From the Sony email scandal, to our very own Minneapolis-based Target Credit Card hack, to the more recent WannaCry virus, people are starting to understand how critical it is to remain protected from attack.

Minnesota Governor Mark Dayton certainly does. He made clear his understanding the risk of cyber attack, and the need to protect Minnesota citizen and business information stored in the state government databases in a recent press release:

“Strong cybersecurity is critical to protect our citizens, our businesses, and our state from attacks online. I am proud that Minnesota has been a leader in cybersecurity, but we must do more. As these threats increase in volume and sophistication, we must invest in critical upgrades, technology, and talent to keep Minnesotans safe and secure online.”

(Press release)

This isn’t just about personal identity theft: It’s also about being able to disrupt the operations of the state government or even going as far as using government resources to conduct illegal operations. The most recent example of hacking Minnesota database, stealing emails and passwords, was conducted by hacker Vigilance upset with the verdict in the Philando Castile case. Vigilance is said to have hacked 23 different databases, accessing about 1,400 passwords and the emails for both state employees and private citizens (Smith).

But funding has been an issue, as Rep. Sarah Anderson (R-Plymouth) said, it’s because not everyone was on board with consolidating their IT functions to become more secure:

“One of the key pieces you need is consolidation, because that limits the entry points for securing our data in government. When these agencies refuse to participate in the consolidation, that’s a problem.”  

$125 million in funding was proposed for cybersecurity during this past legislative session, though it did not get approved. The legislature did offer $22 million at one point, but that money ended up being used to maintain the current staffing levels of state agencies (MINNPOST).

Governor Dayton has signed onto a Compact to improve Sate Cybersecurity with 38 other governors that are a part of the National Governors Association (NGA). The main three areas of this compact are

  1. To build cybersecurity governance
  2. Prepare for and defend against cybersecurity threats
  3. Develop a cyber security workforce

(Press release)

The state has already begun with all the steps: A government consolidation process, bringing all state agencies under Minnesota IT (MNIT), is underway. 61 people currently work on the cybersecurity team (which is a fairly small team – especially when you compare it to a private business like US Bank, which has almost 500 people working on cybersecurity in one aspect or another).

The state hast developed a five year strategic cybersecurity plan for the management, control, and protection of sate systems and data. This plan is set to ensure that the more than 35,000 users and 5.5 million Minnesotans information is kept safe. The scary thought is that the State of Minnesota information technology systems are attacked or probed more than 3 million times per day (Smith).

The state has been lucky that it has not had an information breach at this point and more needs to be done to keep this information safe.

(If you want to get an idea of how many cyberattacks happen in a small amount of time, take a peak at these “Realtime” maps offered by Kaspersky Cyberthreat and Norse.)