Shortsighted on cybersecurity

Legislation was heard in the State Government Finance and Policy Committee last week that would greatly impede the important work of the state agency in charge of information technology (IT) and cybersecurity in Minnesota. MN.IT was created to consolidate state IT services and streamline the ability for constituents to connect with agencies online. The agency is particularly beneficial for smaller agencies to reduce their technology costs and is also crucial in the effort to keep Minnesotans’ electronic data safe and secure, which makes a recent proposal to require a $3 million personnel cut to MN.IT by the GOP very discouraging.

Hacking of the state’s IT systems is a very real threat that many of Gov. Dayton’s commissioners have expressed. Additional resources, not cuts, are critical at this time to avoid breaches of IT security and to prevent more costly solutions in the future. Once an IT hack is successful, it is extremely difficult and expensive to fix the problem.

The GOP plan to cut MN.IT personnel is also overly prescriptive about how the agency must store IT data. By December 2018, the bill requires MN.IT to store at least 35% of all state agency data on a public cloud. However, MN.IT must ensure that Minnesotans’ data will be secure on public cloud services prior to overturning all of this data, some of which is private data. By requiring MN.IT to have a quota of data on the public server, the GOP is putting data security at risk. MN.IT should be given more resources this session for cybersecurity and the flexibility to determine the best solutions for the state’s IT needs. (S.F. 2009)