Citizen Portal
Sign In

Minnesota IT Services credits 2023 funding for statewide cybersecurity gains; incident report highlights social‑engineering risk

Legislative Cybersecurity Commission · February 6, 2026

Loading...

AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

At a Feb. 11 Legislative Cybersecurity Commission meeting, Minnesota IT Services presented its inaugural incident report and said the 2023 legislature investment plus federal grant match expanded tools statewide. MNIT warned social‑engineering and account takeovers remain the most common threats and set a July 1, 2027 target for single sign‑on adoption for high‑risk public apps.

Minnesota IT Services told the Legislative Cybersecurity Commission on Feb. 11 that investments approved by the 2023 Legislature and follow‑on federal funds have enabled expanded cybersecurity protections for local governments, but social‑engineering attacks remain the largest single threat.

"In 2023, the legislature invested $33,000,000 in MNIT to advance the governor's vision of strong cybersecurity across Minnesota," Commissioner Tarek Tombs said in his presentation. He added that a $5,000,000 state match unlocked roughly $23–24 million in federal Infrastructure Investment and Jobs Act funding to support a whole‑of‑state cybersecurity grant program.

Why it matters: MNIT framed the funding as the basis for an enterprise approach that provides tooling and monitoring to local governments—school districts, townships and cities—that otherwise lack the resources to deploy such defenses. Tombs said the programs drive both measurable security outcomes and cost avoidance for municipalities.

The incident report and metrics: John Israel, assistant commissioner and state chief information security officer, presented MNIT’s first statutorily required cybersecurity incident report from the 2024 reporting law. Israel said MNIT engaged more than 500 local governments while building the reporting program and that the resulting data supports early warning and outreach.

Israel reported the most common incidents tracked in year one matched national trends: "social engineering kind of those account takeovers" and related activity were the highest‑volume event type. He told commissioners that roughly "58 percent" of reports were in that category and that some reports included data exposure or personal data impacts.

Tombs presented additional program metrics, which he characterized as a data story: "Over the past 12 months, 222,000,000 events [were] detected via the tooling that this program" and those detections triggered "over 650,000 automated investigations," with "over 107,000" events that had potential for impact. He said the average cost of a significant impact is about "$2,800,000," and estimated the state program helped avoid "well over $300,000,000" in potential impacts for local governments.

Identity and LogMn rollout: Israel described the state's single sign‑on initiative, modeled on the federal login.gov service and referred to in testimony as LogMn/LoggingMN. He said about "20 or so" applications are fully onboarded (the largest being the state's paid‑leave system at the Department of Employment and Economic Development) and MNIT is working with more than 50 additional applications. Israel said the constituent identity and access management standard calls for public‑facing, high‑data applications to be on the service by "07/01/2027."

Training and SOC modernization: MNIT described enterprise training—quarterly newsletters, monthly phishing awareness campaigns and role‑based modules tied to compliance—and explained a phased modernization of the security operations center guided by an independent assessment. Israel said the assessment is complete, a prioritized roadmap is in place, and MNIT is in early phases of process and tooling deployment.

Questions from members focused on legacy systems and prioritization. Representative Elkins asked whether older mainframe applications (e.g., some Department of Human Services systems) are on the LogMn roadmap; Israel said mainframe systems require different tactics and "we don't have a solution and a road map for that today," while Tombs said decommissioning the legacy authentication system (referred to in testimony as 'Minium') is a priority.

Next steps: MNIT said it will continue outreach to onboard more applications, report back on SOC modernization, and track federal funding that supports the whole‑of‑state grant programs. Commissioners discussed extending the legislative commission's authorization and watching bills related to state and local cybersecurity grant programs during the 2026 session.