House passes bill to classify IT as critical infrastructure

Nearly three years ago, the Senate had its servers breached, allowing hackers to access some passwords, forcing staff to quickly shut down the website and rebuild pages once they were deemed secure.

It is a close-to-home example of what cyberattackers can do. Nationally, attacks against Atlanta in 2018 and the state of Virginia in 2021 downed myriad services.

Think about all the ways Minnesotans interact with their state government online: renewing license tabs, acquiring a fishing or hunting license, applying for unemployment and receiving health care assistance. These are only four of hundreds, if not thousands, of examples.

“In the event of a cyberattack we must act swiftly and without hesitation,” said Rep. Kristin Bahner (DFL-Maple Grove). “As legislators we have a duty to our citizens and to our state. We must lead now and not wait for disasters to strike.”

Passed 122-0 by the House Friday, the Bahner-sponsored HF1960 would designate information and technology systems and services infrastructure as critical infrastructure. It now goes to the Senate.

“We are the first in the nation to do this,” said Rep. Jim Nash (R-Waconia).

In addition to clarifying that a cyberattack is an intentional attack on critical infrastructure, it would let the governor declare a peacetime emergency in response to a cyberattack. That means the state’s top official could enter into contracts or other obligations to quickly respond to, for example, obtain federal disaster relief funding for recovery and help prevent escalation.

Bahner said the bill represents the recommendations of the Technology Advisory Council, and is supported by homeland security and the National Institute of Standards and Technology.