Dayton pushes again for cybersecurity upgrade

Minnesota IT Services Commissioner Johanna Clyborne and the state’s chief information security officer, Aaron Call, discuss the need for additional funding for cybersecurity efforts. Tim Pugmire | MPR News

State IT officials say they need nearly $20 million this session to protect government systems from cyberattacks.

Minnesota IT Services Commissioner Johanna Clyborne released a five-year plan Friday for addressing the growing number of threats. During a news conference, Clyborne recounted several widely-reported cyberattacks on government targets, including recent ransomware attacks in Baltimore and Atlanta.

“We cannot let this happen to Minnesotans,” Clyborne said.

Clyborne said her agency is doing everything it can to fend off hackers and protect data. But she said more resources are needed to keep up.

“We have to do more, and we have to do more faster,” she said.

DFL Gov. Mark Dayton included the agency’s requested funding in his budget proposal.

Minnesota IT Services manages computer systems at more than 1,300 locations in the state.

Scott Rysdahl, a security analyst for the agency, said systems are under constant attack.

“This is not an exaggeration,” Rysdahl said. “Minnesota state systems that are connected to the Internet are scanned and probed by the bad guys 24-hours a day, 365 day a year.”

Rysdahl noted a recent phishing campaign against state employees, who received emails containing malware files and links. He said the emails resulted in the temporary takeover of nearly a hundred employee accounts.

Republican legislative leaders say they offered cybersecurity funding to Dayton last year in final budget negotiations, but the governor chose instead money for state agencies.

Rep. Sara Anderson, R-Plymouth, the chair of the state government finance committee, said she supports legislation this session that would require agency officials to use a percentage of their budgets on cybersecurity.

“This is what you would do in any organization,” Anderson said.

Matt Swenson, Dayton’s deputy chief of staff, said the governor’s proposal is modest and urgently needed. He urged Anderson to present her plan for fighting cyberattacks and protecting state data.