Category Archives: Security

NCTA video on disaster recovery for broadband

Posted on by
Reply

One of the weird tasks I had as a librarian was writing a disaster recovery (aka continuity) plan for the collection. So, I always think a little bit about recovery. We are so reliant on broadband, I found the following video from NCTA interesting…

Description from NCTA

When natural disasters strike, the connections communities rely on can suddenly go dark. AFTER THE STRORM, a new docufilm from NCTA, takes you inside the effort to restore connectivity after hurricanes, wildfires, and floods. The film follows broadband crews as they work alongside utilities and government agencies to rebuild critical infrastructure and reconnect communities. Through striking footage and firsthand accounts, AFTER THE STORM reveals the coordination, precision, and teamwork that drive recovery.

EVENT Jan 8: MN Legislative Commission on Cybersecurity (2pm)

Posted on by
Reply

The MN Legislative Commission on Cybersecurity meets today (Jan 8) at 2pm. You can join remotely…

 

Date: Thu., Jan. 8

Time: 2:00 p.m.

Event: Legislative Commission on Cybersecurity

Agenda:

Minnesota National Guard presentation.

Future meeting topics and schedule.

Channel: HTV1

Take time for an important story: When big cyberattacks hit small towns

Posted on by
Reply

Big thanks to Ben Winchester for the heads up on this one. Click Here is a podcast that “tells stories about the people making and breaking our digital world.” Last week, they focused on When big cyberattacks hit small towns. It’s a quick 30-minute broadcast. It tells a sobering story of cyber security challenges in rural areas. I won’t retell the story, but I will share the messages that resonated with me:

  • While big cities often have cyber security teams or people or at least an IT department, smaller cities, towns and counties don’t. That means that cyber security in smaller governments is left to no one or everyone, the results can be the same.
  • Back in the day, everyone had a different security solution. It’s more homogenous now; even between small and large local governments. So, a cyber criminal can learn a lot about “how things are done” even in hacking a small town.
  • Unlike having your car or wallet stolen, a cyber crime is hard to recognize. You don’t always know what a thief got, how they got in or if they have been locked out. You don’t always know who did it or why.

Constantly checking your phone can drain your focus and memory

Posted on by
Reply

Here’s good information (or reminder) about smartphone use from the Washington Post, as summarized by the Benton Institute for Broadband & Society

For many of us, checking our phones has probably become an unconscious reflex, similar to breathing or blinking. Glancing at your phone can begin to compromise your cognitive skills once it passes a certain threshold. Studies from Nottingham Trent University in the U.K. and Keimyung University in South Korea found that checking your phone about 110 times a day may signal high risk or problematic use. Over eight years of research involving teenagers and millennials, Larry Rosen, a professor emeritus of psychology at California State University, Dominguez Hills, observed that participants checked or unlocked their smartphones between 50 and more than 100 times per day, on average every 10 to 20 minutes while awake. “The phones and digital media are reinforcing for our brains, activating the same reward pathway as drugs and alcohol. The phones create a compulsive habit loop where we check without thinking and experience withdrawal when we don’t check or don’t have access to our phone,” said Anna Lembke, a professor of psychiatry and addiction medicine at Stanford University School of Medicine.

 

Legislative Commission on Data Practices talk about data privacy, retention, health apps and automated license plate readers

Posted on by
Reply

Today, I listened to the Legislative Commission on Data Practices meeting. It felt a little broadband-adjacent at first but the more I listened, the more interested I became. At the root of the discussions is the recognition that the laws are often not keeping up with the technology. Here’s the agenda for the meeting:

  1. Approval of October 15, 2025, Minutes
  2. Modern data privacy best practices around data minimization, retention, and maintenance
  3. Current challenges with data retention
  4. Treatment of geolocation data
  5. Intersection of HIPAA/HITEC, the MN Health Records Act, and the MN Consumer Data Privacy Act
  6. ALPR and Body Camera reporting requirements
  7. Data privacy as it relates to the interplay of state and federal government
  8. Adjourn

I was least focused on data retention portion, but my ears perked up when someone noted that many of the policies in place were written in the 1980s. That’s back when the retained “while you were out” messages left on your desk for a missed call. That helps ground the further conversation to realize that the government is trying to manage privacy and “customer” expectations using technology from 2025 and rules from 1985. And even the legislators talk about having one set of expectations for their personal privacy while wanting to use personal data to improve government processes. It’s a delicate balance.

The discussion included mention of a proposed law on health apps and easier access for parents to help manage kids’ health records, rethinking access to geolocation with an eye toward people using reverse warrants to overzealously observe residents and learning about unintended uses of automated license plate readers.

Legislative Commission on Cybersecurity Oct 27, 2025 Notes: future topics and LoginMN presentation

Posted on by
Reply

The Legislative Commission on Cybersecurity met today. They started with a brainstorm on what they wanted to talk about in 2026. A hot topic was whether they extend (or maybe remove) the expiration date for the commission and talks about how to work with other commission that may have overlapping issues – such as the Data Practice Commission.

MNIT gave a presentation. There were lots of questions. I’ve highlighted the questions that I thought might be of interest to most readers. They are based on concern for folks who don’t have an email address or other digital tools/expertise and how will they be able to access some state and county services in the future.

More complete notes: Continue reading

Be brave enough to ask the dumb questions – especially with technology

Posted on by
Reply

I have taught every age from preschool to graduate school, and while this post may seem a little adjacent to what I usually write, I couldn’t resist because I read it and was reminded myself that a dumb, legitimate question can turn out to be the smartest discussion starter. Politico asks Signal Foundation President Meredith Whittaker questions “about the hype, risks and data-privacy threat of AI.” Before founding Signal (an encrypted-messaging app), she worked for Google.

When you talk to policymakers now, whether about energy or national security or economic competitiveness, AI is inevitably part of the equation. What do you make of how big an impact AI is having?

I would dare you or anyone listening who has contacts with policymakers and politicians to just sit them down and say: What do you mean by AI? I think what you’ll get at that point is a lot of hype, a lot of fog, a lot of magical thinking. And that’s a big problem. We are seeing a wave of hype washing over critical institutions, governments, and key decision makers to trust these technologies with key functions that those who understand the technical reality, the limitations, the conditions for how these actually work would never have advised.

What’s the antidote to that? You also always hear this argument that Washington or policymakers don’t understand the technology well enough to regulate it, or put guardrails on it.

That old trope that all you need is tech brains in Washington to move aside the dusty policymakers and get things on the rails of modernization has been around for a very long time. But they’re not too old or too crusty to understand the domains in which they operate, be that education or health care or national security. And tech has a lot to learn on the fundamentals of those domains.

The antidote — there’s no one weird trick here, but just be brave enough to ask the dumb question. People are deeply afraid of being humiliated for being dumb about AI. And I will hear NATO chiefs, I will hear CEOs of Fortune 100 corporations, repeating as received wisdom claims about AI that make absolutely no sense.

These quote-unquote stupid questions, like, “How does this work? Do we have control over the data? What are the privacy implications? Are there vulnerabilities there?” These are just basic questions that should be the floor before entrusting critical decision making to obscure systems that often don’t, in my opinion, meet that bar for safety use in critical domains.

Legislative Commission on Cybersecurity Meeting Oct 27 – 10:30

Posted on by
Reply

I know it’s last-minute notice but sometimes that makes it easier to commit. Here’s the info

Mon. October 27, 2025 10:30 AM
G-23, State Capitol

Additional documents may be posted prior to the meeting.

To provide feedback on digital accessibility of meeting information, please submit comments through the Minnesota Legislature Accessibility & Usability Comment Form. To learn more about requesting an accommodation, please visit the FAQs for Disability Access or contact the Legislative Coordinating Commission at lcc@lcc.mn.gov.

Livestream Link

What about the early morning broadband outage? Some answers about the AWS issues

Posted on by
Reply

CNN reports…

Amazon Web Services (AWS), the cloud computing platform that powers much of the internet, went down for several hours Monday, making several majorwebsites and apps inoperable.

From banking services to social networks to airline booking sites to online shopping, thousands of services were disrupted as millions of people worldwide – many of whom were on their way to work on the US East Coast – were unable to mobile-order coffee or access key apps.

The latest outage serves as a reminder of how fragile the internet’s backbone can be, even if the disruption is brief, and how reliant the world has become on these online services.

Although AWS and its competitors are generally robust, the internet is a complex web of overlapping services that are only as reliable as their weakest code. The root cause of Monday’s outage remains unknown, but a service that converts friendly web names into IP addresses was unable to communicate with thousands of companies’ massive databases hosted by Amazon.

This isn’t a first occurrence…

Past outages on this scale have been caused by a wide variety of errors, including faulty updates, the accidental injection of bad code, or a change to third-party software that doesn’t play nicely with a service. Rarely, internet cable cuts, cyberattacks or direct denial of service attacks can bring down or overload servers that host key apps.

But the relative frequency of these events shows the lack of necessary redundancies and competitive services. Too often, some internet experts say, companies put all their eggs in one cloud services basket.

NPR talks about the pros and cons of big cloud computing options…

According to Synergy Research Group, AWS holds about 30% of the worldwide cloud computing market. Other big players are Microsoft and Google.

Betsy Cooper, a cybersecurity expert and the director of the Aspen Institute’s Policy Academy, says there are pros and cons to companies using Amazon or another big provider for cloud computing. They offer strong cybersecurity protections and convenience.

“We all have an incentive to use the big companies, because they’re so ubiquitous and it’s easier for us to access all of our data in one place.”

But, she says, there’s a downside.

“That’s great until something goes wrong, and then you really see just how dependent you are on a handful of those companies.”

Major telecom threat thwarted as leaders gathered at UN headquarters in New York

Posted on by
Reply

AP News reports

While close to 150 world leaders prepared to descend on Manhattan for the U.N. General Assembly, the U.S. Secret Service was quietly dismantling a massive hidden telecom network across the New York area — a system investigators say could have crippled cell towers, jammed 911 calls and flooded networks with chaos at the very moment the city was most vulnerable.

The cache, made up of more than 300 SIM servers packed with over 100,000 SIM cards and clustered within 35 miles of the United Nations, represents one of the most sweeping communications threats uncovered on U.S. soil. Investigators warn the system could have blacked out cellular service in a city that relies on it not only for daily life but for emergency response and counterterrorism.

Coming as foreign leaders filled midtown hotels and motorcades clogged Manhattan, officials say the takedown highlights a new frontier of risk: plots aimed at the invisible infrastructure that keeps a modern city connected.

The network was uncovered as part of a broader Secret Service investigation into telecommunications threats targeting senior government officials, according to investigators. Spread across multiple sites, the servers functioned like banks of mock cellphones, able to generate mass calls and texts, overwhelm local networks and mask encrypted communications criminals, officials said.

EVENT Sep 17: National Security and Resilient Critical Infrastructure

Posted on by
Reply

From Broadband Breakfast...

Building critical resilience in today’s geopolitically volatile environment requires organizations and nations to develop comprehensive preparedness strategies that address both traditional threats like natural disasters and emerging challenges including cyberwarfare, electromagnetic pulse and other infrastructure vulnerabilities. Effective resilience must integrate robust backup systems for essential services, diversified supply chains, and layered security.

This session of Broadband Breakfast Live Online on Wednesday, Sept. 17 will explore how our nation can maintain a network of resilient critical infrastructure – in advance of the in-person Resilient Critical Infrastructure Summit on Thursday, Sept. 18, 2025. 

EVENT Aug 27: MN Legislative Commission on Cybersecurity

Posted on by
Reply

From the House and Committee Schedule email list…

Wednesday, August 27, 2025 , 1:00 PM

Legislative Commission on Cybersecurity

Chair: Rep. Bahner
Location: G-23 State Capitol
Agenda:

  1. Introductions
  2. Approval of November 22, 2024, minutes
  3. Election of chair, vice chair, and secretary
  4. Future meeting topics and schedule
  5. Member Discussion: 2026 session
    • AI, Cybersecurity, and Data Privacy bills
  6. Intention to go into closed meeting per Minnesota Statutes 3.888, Subd. 5

For more agenda information, click here

North St Paul experiences cyberattack

Posted on by
Reply

Minnesota Star Tribune reports

Public safety and essential city services continue to operate in North St. Paul as the city investigates a recent cyberattack on the city’s Police Department.

The breach was related to a phishing email sent to one business email account within the North St. Paul Police Department, said city spokeswoman Ava Griemert.

The attack was contained to a single account. There has been no impact outside of the one affected account, Griemert said.

On Monday, the City Council voted to hire a law firm to provide legal services and approved a contract with a cybersecurity company to conduct an investigation after what is being called a “business email compromise” came to light.

“Thanks to our IT team’s swift response, the unauthorized access was quickly identified, isolated, and terminated,” the city said Tuesday.

It’s important to see what’s happening in the area and how different local governments are taking care of the situation.

Minnesota plans to include warning labels on social media sites

Posted on by
Reply

South Carolins Public Radio takes an interesting look at Minnesota’s plan for social media warnings…

At least a dozen states have tried to keep kids off social media with bills requiring apps to verify ages. But courts have blocked most of those attempts. So lawmakers in Minnesota tried something different. Next summer, Minnesotans of any age will see a mental health warning label when they log on. That is, unless tech companies block the new law. Here’s Minnesota Public Radio’s Dana Ferguson.

DANA FERGUSON, BYLINE: Imagine you’re getting ready to hop on your Instagram, Facebook or TikTok account. You hit the screen on your phone, and in seconds, you’re directed to the latest pictures, stories or posts. This time next year…

ZACK STEPHENSON: The only change is going to be that you’re going to see a message before you can interact with the app.

FERGUSON: State Representative Zack Stephenson wrote the new Minnesota law requiring social media companies to add warning labels, flagging risks of mental health harm from excessive use.

STEPHENSON: I think the evidence is very clear that social media use is linked with depression, anxiety, loneliness, self-harm, suicidal ideation, eating disorders, all sorts of terrible mental health conditions.

FERGUSON: The Democrat likens them to warnings for tobacco products.

STEPHENSON: So I believe you’ll see a message telling you that prolonged use of social media can lead to those outcomes.

FERGUSON: Former U.S. Surgeon General Vivek Murthy called for warning labels last year. He pointed to the research on prolonged social media use and mental health. Minnesota is the first state to require them, but New York may not be too far behind. Stephenson says the warnings could prompt some to spend less time scrolling.

STEPHENSON: If you had expected big tobacco to make cigarettes less addictive in the ’50s and ’60s, you would have been sorely mistaken. They would never have done that. Addiction was their business model, and the same thing is true for Big Tech.

You can see the full interview on their website.

73 percent of U.S. adults have experienced some kind of online scam or attack

Posted on by
Reply

Pew Research Center recently released results of a study on online scams and attacks. It seems timely for folks in St Paul. It’s not meant to be a downer or even a warning but a reminder to be cautious and smart. If it seems too good to be true or something doesn’t sound right, look closer…

Online scams and other internet crimes are skyrocketing, with a record $16.6 billion in losses reported to the FBI in 2024. The federal governmentbanks and companies are all sounding alarms. And the public is also wary, with many having firsthand experience:

  • Nearly all Americans view online scams and attacks as a national problem. More than nine-in-ten say online scams and attacks are a problem in the country, including 79% who describe them as a major problem.

  • Most U.S. adults have been a victim of an online scam or attack. We find that 73% of U.S. adults have ever experienced things like credit card fraud, ransomware or online shopping scams.

Helpful to know how for are getting scammed…

Online scams target Americans in variety of ways, including phone calls, texts and emails. According to our survey, a majority of U.S. adults report getting scam phone calls (68%), emails (63%) or text messages (61%) at least weekly that attempt to get their personal information. One-third get these messages on social media at the same frequency.