IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

38 Governors Sign 'a Compact to Improve State Cybersecurity'

At a meeting of the National Governors Association, the governors agreed to develop or build upon statewide plans to combat cyberattacks against IT networks, and to protect both personal and government data stored on state systems.

(TNS) -- Minnesota state agencies fend off approximately 3 million cyberattacks daily, a constant barrage that explains why Gov. Mark Dayton on Friday joined 37 other U.S. governors in pledging to make cybersecurity a shared top priority.

At a meeting of the National Governors Association in Providence, R.I., Dayton signed on to “A Compact to Improve State Cybersecurity.” The 38 governors, including those from Iowa and Wisconsin, agreed to develop or build upon statewide plans to combat cyberattacks against IT networks, and to protect both personal and government data stored on state systems.

Dayton, a DFLer, has called for more state funding for cybersecurity initiatives. He said Minnesota needs to build on work it has already started.

“I am proud that Minnesota has been a leader in cybersecurity, but we must do more,” he said. “As these threats increase in volume and sophistication, we must invest in critical upgrades, technology and talent to keep Minnesotans safe and secure online.”

State officials have said that Minnesota government agencies fend off about 3 million attempts to steal data each day. While hacks against high-profile companies such as Target have gotten more attention, state government systems are also vulnerable, as they hold sensitive information including bank account details, Social Security numbers and addresses.

A few hacks into state systems have made headlines, including an April e-mail “spear phishing” attack that targeted the state Department of Education. In that case, a hacker sent e-mails impersonating Education Commissioner Brenda Cassellius and seeking financial data. The attempt was ultimately unsuccessful. In June 2016, an attack on the Minnesota Judicial Branch’s website rendered it unusable for most of an entire day. An international hacker activist group known for attacks against government websites claimed responsibility.

In June of this year, a hacker who said he was retaliating over the acquittal of the St. Anthony police officer who shot and killed Philando Castile targeted the University of Minnesota’s computer system after similar attacks against Minnesota State University, Moorhead, and other state government databases. The hacker was able to send e-mail through the University of Minnesota system, but didn’t access private data.

Cybersecurity was the topic of the opening panel at the Governors Association’s summer meeting, which drew high-profile speakers including Vice President Mike Pence and Canadian Prime Minister Justin Trudeau.

Virginia Gov. Terry McAuliffe noted that attacks against targets as far-ranging as Netflix, the New York Times, and medical clinics and hospitals have dominated headlines in recent years.

He suggested that his colleagues think of their IT defense as “ a health issue, an educational issue, a public safety issue and an economic issue, as well as a democracy issue.” A guide compiled by the association notes that cyberattackers are generally motivated by either crime or a political or social cause, or as part of espionage or military efforts of various nations.

The governors’ agreement included a pledge to boost cybersecurity employment by working with colleges to increase the number of related degree programs; helping veterans enroll in cybersecurity training programs; and encouraging colleges and universities to seek a special National Security Agency certification.

Governors are also encouraged to incorporate the National Guard into their “cyber response plans” and to work with state lawmakers to determine when the Guard should be activated in the event of a cyberattack.

Minnesota IT Services Commissioner Tom Baden said the pact is a step forward to ensuring that the state is ready to “work collaboratively with our cities, counties and federal partners to enhance our defenses against these threats.”

The cybersecurity initiatives drew bipartisan support from the governors. Among the other state leaders who signed on to the document were Wisconsin Gov. Scott Walker and Iowa Gov. Kim Reynolds, both Republicans.

In February, Dayton proposed $125 million for state agencies to upgrade technology systems, improve cybersecurity defenses and head off data breaches. To date, the Legislature has not gone along with that recommendation.

©2017 the Star Tribune (Minneapolis) Distributed by Tribune Content Agency, LLC.

Special Projects
Sponsored Articles
  • How the State of Washington teamed with Deloitte to move to a Red Hat footprint within 100 days.
  • The State of Michigan’s Department of Technology, Management, and Budget (DTMB) reduced its application delivery times to get digital services to citizens faster.

  • Sponsored
    Like many governments worldwide, the City and County of Denver, Colorado, had to act quickly to respond to the COVID-19 pandemic. To support more than 15,000 employees working from home, the government sought to adapt its new collaboration tool, Microsoft Teams. By automating provisioning and scaling tasks with Red Hat Ansible Automation Platform, an agentless, human-readable automation tool, Denver supported 514% growth in Teams use and quickly launched a virtual emergency operations center (EOC) for government leaders to respond to the pandemic.
  • Sponsored
    Microsoft Teams quickly became the business application of choice as state and local governments raced to equip remote teams and maintain business continuity during the COVID-19 lockdown. But in the rush to deploy Teams, many organizations overlook, ignore or fail to anticipate some of the administrative hurdles to successful adoption. As more organizations have matured their use of Teams, a set of lessons learned has emerged to help agencies ensure a successful Teams rollout – or correct course on existing implementations.