Proposal would help fund cybersecurity measures in state government

Cybersecurity has been underfunded in the state, which puts citizens’ data at risk, some House members say.

Rep. Jim Nash (R-Waconia) said a bill he’s sponsoring “is designed to create an ongoing fund” to be used to enhance cybersecurity across all state departments and agencies that use MN.IT Services “to keep yours and my constituents’ data private.”

“If we ignore this – if we do not act now – and a significant breach happens, we’re on the hook for a ton of money. So we need to appropriate money now and make it programmatic moving forward,” said Nash, noting if a breach were to happen the state would have to pay $50 in monitoring per year, per instance, for three years.

The House Government Operations and Elections Policy Committee approved HF2868 Thursday and sent it to the House State Government Finance Committee. Its companion, SF3764, sponsored by Sen. Mary Kiffmeyer (R-Big Lake), is awaiting action by the Senate State Government Finance and Policy and Elections Committee.

The bill would require at least 5 percent of a department or agency’s IT budget go to cybersecurity and would require the governor’s budget recommendations include an itemization of recommended spending for cybersecurity, totaling 5 percent of IT operating budgets.

Members appreciated the bill’s efforts to fund cybersecurity measures, but some had concerns. Rep. Cheryl Youakim (DFL-Hopkins) wanted the bill to provide “new money” for cybersecurity, while Rep. Michael Nelson (DFL- Brooklyn Park) was concerned that this year they’d be taking money out of current programs to fund this proposal.

Jon Eichten, MN.IT legislative director, said his agency is worried about the 5 percent blanket mandate in the bill, with Nash noting they’ve discussed amending it to require 3.5 percent of IT budget spending go to cybersecurity instead.