Minnesota Broadband Task Force October: Cybersecurity

The Minnesota Broadband Task Force met today. They had a quick check in with subcommittees on their recommendations for the legislature. Continued funding for the Office of Broadband Development and for grants were popular themes.

Also they heard from Chris Buse from State Cybersecurity. They have a plan to improve security – one bit of advice. The movement to improve cybersecurity starts with better supporting IT.

Office of Broadband Development Update

  • Got recognition for the program from NATOA.
  • MN opted into FirstNet. Now the State can move forward with AT&T and FirstNet. It should have a positive impact on rural broadband in the future.
  • The biggest thing is going through grant applications. We are hoping to make an announcement around Thanksgiving – at least by the end of the year. The challenge deadline is next Monday.
  • Jane has been working on the broadband conference Oct 25-26. Many grantees will be talking about their projects. Also presenting will be 3 WISP providers.
  • Working on BDAC. Minnesota is getting attention for what we are doing here.
  • They are a part of the MTA conference. I will connected them with school folks and e-rate possibilities.

Updated Cost to Deploy Broadband

Can we know what the absolute unserved number in the state?

OBD doesn’t have an answer now – but lots of discussion points.

We have 4 numbers from Jan 2017:

  • Households w/o access 25/3 to wirelines =  252,000 households
  • Households w/o access 25/3 to wireline or fixed wireless =  145,000 households (there may be unreliable data points)
  • Households w/o access 100/20 to wirelines =  629,000 households
  • Households w/o access 100/20 to wireline or fixed wireless = 573,000(there may be unreliable data points)

There are a lot of moving pieces. We don’t know which CAF deployments will meet these standards. We know there are OBD-grant projects being deployed.

The Task Force talked to a few consultants about getting a new estimate – but no one has been able to say yes. There are too many variables, some folks no longer look at this topic. Network chosen a variable, terrain is a variable.

Big question – does the big question or cost still matter? The answer may be more nuanced now.

We don’t’ know the future beyond the TF – we have one more legislative session with this permutation. We want to be able to provide info that may help going forward.

The difficulty is trying to plan for the future – like we’ve done with 2026.

Maybe we can tackle the cost with info from OBD. Each program has a cost per home – can we extrapolate?

Should we count satellite? Maybe as a footnote – but the latency doesn’t make the standards we’ve set.

Satellite is enough for people who just want email. But you can’t run a business.

Original estimate to close the gap ($1-3 billion) is stale. Can we update that number?


Report out from Technology/Cybersecurity Subcommittee—Content and Recommendations (Kevin Hansen, chair)

Had a call yesterday. Based on position

We want to talk about the technologies we heard from and work on an appendix material rather than make recommendations. We would discuss what we learned throughout the year. This could feed into the 2018 Task Force. We can also feed in some of what we learn today.

We want to support a cyber security request for the State.


Report out from Return on Investment Subcommittee—Content and Recommendations (Maureen Ideker and Don Niles, co-chairs)

On healthcare – 2 recommendation 1) support grant funding because broadband is a cornerstone in good health 2) cover pharmacists working with telemedicine for opiod tapering. Use telemedicine to get people off opiods. All healthcare providers can bill for telemedicine but not pharmacists. We don’t’ know if the pharmacists will ask for this. Probably not.
It might be nice to hear from some pharmacists. We could be in a good position to support them rather than take the lead.
If broadband support opiod treatment – that’s a good ROI for broadband.

Third recommendation is to support broadband deployment with/for/around FirstNet

Report out from Accessibility and Adoption Subcommittee—Content and Recommendations (Bernadine Joselyn and Shannon Heim, co-chairs)

We had put out 4 recommendation based on paste reports. We made a matrix of which recommendations had related to accessibility & Adoption. We have altered our plan based on the decision to pare back the report this year.

What do we mean by accessibility, affordability and adoption? Community perspective, consumer perspective?

Want to give a nod to previous recommendations (such as gov computers refurbished & redistributed)  and say they still have merit but given budget we step back. It will serve as a reminder.

2 Recommendations

  • Continue the grant program – and Make the grants part of DEED base budget
  • Continue to fund the OBD

We remembered that we only want to add content that relates to the recommendations – fund the grant, fund the OBD.

Lunch (Capitol basement)

Setting the Bar: Minnesota’s IT Security Strategic Plan – Chris Buse, Assistant Commissioner for Information Security and CISO, MNIT

Technology is awesome – we have increasing levels of power – but there is a dark side of it.

Unprecedented cyber threats

  • Fraud – people who steal data for financial gain
  • Hacks – hate gov and try to bombard systems so they can’t work (distributed denial of service)
    MN has one of the largest networks so it’s a target
    Law enforcement is a big target of DDOS attacks –

Quick stats

  • 90% hacks perpetrated by external actors
  • 60% systems compromised in minutes
  • 75% initial compromises spread w/I 24 hours

2017 trends (bold indicates MN sees this too)

  • IoT exploits
  • Cyber crime as a service
  • Massive DDOS
  • Increase in espionage
  • Increase in attacks against elections
  • More attacks again control systems
  • Increase in attacks against opensource software
  • Increase in phishing – they are working on phishing that looks like it comes from within
  • Ransomware

Cybersecurity Foundation

  • Service Delivery Model
  • Policies & Standards
  • Strategic plan

Talking about the strategic plan:

  • 18 core strategies
  • 5 years aspirational goals
  • 1 year milestones
  • Extensive vetting

It’s a living document – that gets updated annually – including tracking progress made.
Having a plan bonded a community. We have 60 security professionals.
Everyone owns the plan.
Got security professionals from private sector to help too. They are concerned and therefore happy to help.

The risk and responsibility need to be shared with departments outside of security.


  1. Build secure systems – Secure engineering, secure datacenters, secure network
  2. Improve situational awareness – Risk management, we have scorecards for all agencies, training
  3. Minimize Operational Risk – DOS, vulnerability management (timing is everything), monitoring, disaster recovery
  4. Partnering for success
  5. Getting talent – they have an awesome program that involves scholarships for service. Also looking to become the entry level employer of choice.

What’s the best thing we can do to improve security? Support IT.

Question – are there initiatives to bring in women and people of color?
At the broader level, yes.

Question – how can we support your efforts – any specific recommendations?
Yes – need to find a way to get state government in better shape. We need funding.
We need to support cities, counties, higher ed. We need to look at government more holistically.

Citizens don’t care which part of government has their data – they want it to be safe.

The master plan talks about opportunistic things we should think about looking forward.

Question – does the data practice act/open meeting law impede your work?
No – not a lot of issues. We have compliance that gets difficult but the ability to communicate risk with real examples can be a challenge.
Disappointing legislative session; we got nothing. Legislative commission on cybersecurity (Sen Paul Anderson) – didn’t come to pass – couldn’t get a hearing in the House. We needed a forum where we could really talk about down and dirty risks.

Question – At some point there will be a big enough attack – then the legislators will get it.

Continued Discussion of Task Force Report and Recommendations

November Meeting/Wrap-up/Adjourn

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s