Walz signs Executive Order directing agencies to improve cybersecurity for infrastructure
Aug 31, 2022 06:22AM ● By Editor
From Boreal Community Media • August 31, 2022
On Tuesday,, Minnesota Governor Tim Walz signed a comprehensive and aggressive Executive Order directing Minnesota state agencies to enhance efforts to provide cybersecurity protection of critical public and private infrastructure in the state. Citing both global geopolitical conflicts and organized crime networks, the Executive Order proposes significant risk assessments against increasingly sophisticated cybersecurity threats. The text of the Executive Order says:
"The critical infrastructure that protects the health and safety of Minnesotans is facing increasingly sophisticated cyber attacks. Addressing this risk requires both the public and private sectors to coordinate our efforts and harden cyber defenses. Ongoing geopolitical conflicts and the proliferation of organized criminal networks engaged in nefarious cyber activities means that we must strengthen our cyber defenses across our critical infrastructure. We must do all that we can to enhance cybersecurity, especially for critical infrastructure in both the public and private sectors."
Additionally, the Executive Order calls on the Minnesota Department of Public Safety (DPS) and the Minnesota Department of Information Technology Services (MNIT) to continue their partnerships with the FBI and U.S. Homeland Security to develop measures to enhance cybersecurity and follow the following aggressive timeline in coming months to put those measures into action. This is an outline of the Executive Order's deadlines for implementation.
By October 14, 2022, state agencies with regulatory oversight over critical infrastructure providers must, to the extent necessary and permissible under existing authority, inform and assist critical infrastructure providers in registering their appropriate points of contact with the Fusion Center, so that these providers can receive active threat intelligence briefings, stay informed about the evolving threat landscape, and protect their services to ensure continuity of critical services for Minnesotans.
By November 28, 2022, state agencies with regulatory oversight over critical infrastructure providers must, to the extent necessary and permissible under existing authority, and in cooperation with MNIT, provide guidance to these providers on what to do if a cyber attack is detected.
By December 28, 2022, state agencies with regulatory oversight over critical infrastructure providers must, to the extent necessary and permissible under existing authority, and in cooperation with MNIT, develop criteria for provider cybersecurity self-assessments.
By April 4, 2023, state agencies with regulatory oversight over critical infrastructure must examine their authority, and to the extent necessary and permissible under existing authority, require or encourage critical infrastructure providers to annually certify self-assessment completion and compliance with core cybersecurity best practices.
By April 4, 2023, state agencies with regulatory oversight over critical infrastructure must, to the extent necessary and permissible under existing authority, and in cooperation with MNIT, identify additional assessment capabilities to assist critical infrastructure providers with standardized cybersecurity assessments.
The Executive Order says that: "By taking steps to understand our current cybersecurity posture, we can identify cybersecurity needs and enhance our capabilities to safeguard our interconnected critical infrastructure.
To see the full text of the Executive Order, click on the attached PDF.
Downloads
224183.pdf
