Category Archives: Security

Minnesota National Guard assists city of St. Paul after cyberattack

Posted on by
Reply

Minnestoa Public Radio reports...

Gov. Tim Walz called in the Minnesota National Guard on Tuesday to help the city of St. Paul with a cyberattack and make sure city services continue.

St. Paul experienced the cyberattack on Friday. The governor said in an emergency executive order that the attack targeted “critical systems and digital services” and caused disruptions to vital services throughout the weekend.

“St. Paul officials have been working around the clock since discovering the cyberattack, closely
coordinating with Minnesota Information Technology Services and an external cybersecurity vendor,” the executive order said. “Unfortunately, the scale and complexity of this incident exceeded both internal and commercial response capabilities.”

The city asked the state for support from the National Guard.

The order calls on the National Guard to provide cybersecurity services in collaboration with the city and state.

City officials said online payments and some online services are unavailable after the attack.

The city said “911 remains fully operational.” But a statement on St. Paul’s website asks in cases of non-emergencies such as “public safety or infrastructure concerns,” that residents call 651-291-1111.

Minnesota Consumer Data Privacy Act starts July 31, 2025

Posted on by
Reply

St Cloud Live reports…

Starting July 31, Minnesotans will have new data privacy rights under the Minnesota Consumer Data Privacy Act.

The Minnesota Consumer Data Privacy Act will give consumers several new rights, including to access, edit, request deletion and obtain a copy of their personal data obtained by businesses, as well as the right to opt out of targeted advertising, data sales and profiling.

Minnesota Attorney General Keith Ellison and chief author of the 2024 legislation, Rep. Steve Elkins, DFL-Bloomington, held a press conference Monday, July 28, discussing the new protections.

“For years, we’ve come to be conditioned to believe that our privacy and our private data just isn’t really private at all,” Ellison said. “When we wear a smart watch or we turn GPS tracking on our phones, when we use a web browser or sign up for an email newsletter, we generate private, sensitive data companies have been free to buy and sell that data without any permission from us, without our knowledge even and without any mechanism for us to make them stop. On July 31 … that all changes in the state of Minnesota.”

Here’s what it means to businesses…

Under the new law, businesses subject to the MCDPA are those that control or process the personal data of 100,000 or more Minnesota residents, earn 25% of their revenue from the sale of personal data, or control personal data of 25,000 consumers or more.

Businesses will also be required to request parental permission for selling and using the data of users under the age of 16, and must provide a list of third parties their business has sold personal data to, if the consumer requests it.

Elkins said the types of businesses commonly affected by the new consumer protections range from weather and menstrual tracking apps to major tech companies like Google, as well as data brokers.

And what it might mean to consumers…

Minnesotans looking to exercise these new rights can contact businesses directly. The new law requires businesses to respond within 45 days, as well as include an email address or other online mechanism within their privacy disclosures page for consumers to use, according to Ellison’s office.

Consumers can also visit the attorney general’s website at privacymn.com for more instructions on both how to contact businesses as well as how to file formal legal complaints for businesses suspected of violating the MCDPA.

Senator Klobuchar’s Take It Down Act is signed into law

Posted on by
Reply

From Senator Klobuchar’s website…

Today, U.S. Senators Amy Klobuchar (D-MN) and Ted Cruz (R-TX) announced that their bipartisan TAKE IT DOWN Act was signed into law.

 The TAKE IT DOWN Act criminalizes the publication of non-consensual intimate imagery (NCII), including AI-generated NCII, and requires social media and similar websites to have in place procedures to remove such content within 48 hours of notice from a victim. …

he TAKE IT DOWN Act protects and empowers victims of real and deepfake NCII while respecting speech by:

  • Criminalizing the publication of NCII in interstate commerce. The bill makes it unlawful for a person to knowingly publish, or threaten to publish, NCII on social media and other online platforms. NCII is defined to include realistic, computer-generated pornographic images and videos that depict identifiable, real people. The bill also clarifies that a victim consenting to the creation of an authentic image does not mean that the victim has consented to its publication.
  • Protecting good-faith efforts to assist victims. The bill permits the good-faith disclosure of NCII, such as to law enforcement, in narrow cases.
  • Requiring websites to take down NCII upon notice from the victim. Social media and other websites would be required to have in place procedures to remove NCII, pursuant to a valid request from a victim, within 48 hours. Websites must also make reasonable efforts to remove copies of the images. The FTC is charged with enforcement of this section.

Protecting lawful speech. The bill is narrowly tailored to criminalize knowingly publishing NCII without chilling lawful speech. The bill conforms to current First Amendment jurisprudence by requiring that computer-generated NCII meet a “reasonable person” test for appearing indistinguishable from an authentic image.

The legislation was co-sponsored by Shelley Moore Capito (R-WV), Richard Blumenthal (D-CT), Bill Cassidy (R-LA), Cory Booker (D-NJ), John Barrasso (R-WY), Jacky Rosen (D-NV), Cynthia Lummis (R-WY), John Hickenlooper (D-CO), Ted Budd (R-NC), Marsha Blackburn (R-TN), Roger Wicker (R-MS), Todd Young (R-IN), John Curtis (R-UT), Tim Sheehy (R-MT), Raphael Warnock (D-GA), Martin Heinrich (D-NM), Gary Peters (D-MI), Adam Schiff (D-CA), Catherine Cortez Masto (D-NV), and Jeanne Shaheen (D-NH).

Senator Klobuchar’s bipartisan bill to protect online security and stop deepfakes passes Congress

Posted on by
Reply

Senator Klobuchar reports...

Today, U.S. Senators Amy Klobuchar (D-MN) and Ted Cruz (R-TX)  announced that their bipartisan TAKE IT DOWN Act passed the House and is headed to the President’s desk to be signed into law. Representatives Maria Elvira Salazar (R-FL) and Madeleine Dean (D-PA) led the companion legislation that passed today.

The bill unanimously passed the Senate in February, and it includes the Klobuchar and Senator John Cornyn’s (R-TX) Stopping Harmful Image Exploitation and Limiting Distribution (SHIELD) Act, which addresses the online exploitation of explicit, private images and passed the Senate last July.

The TAKE IT DOWN Act would criminalize the publication of non-consensual intimate imagery (NCII), including AI-generated NCII, and require social media and similar websites to have in place procedures to remove such content within 48 hours of notice from a victim.

Digital Footprint: Who knows what about you online – and how can you manage that.

Posted on by
Reply

I ran across an article a week ago entitled, What Does DOGE Know About You?. It includes a quiz; it’s interesting to check it out. If you answer a few broad questions, it will tell you what DOGE is likely to know about you. The article reminded me of a TED Talk I saw in Edinburgh in 2012 about how your phone company is watching from Malte Spitz. He sued his phone company to get the data they had on him and his interactions based on cell phone use. He created visual tools to help the audience understand not only how much data this was, but what it meant when you tracked interactions among users in aggregate in terms of what was happening in a community.

In 2022, PC Mag published an article on how much data social media and tech companies gather on users. (They used research from Security Baron, a privacy company, which I think is worth mentioning. You always want to know who paid for and wrote the report.) I like the article for our purposes now because the results are shared in an easy graphic. (At right.) As you read through the explanations, you get a feel for what these companies know. (Click to get a larger version of the image.)

What is a Digital Footprint?

All these interactions, purchases, clicks, pings from your phone to the cell tower, are things that make up your digital footprint. I think it’s important to recognize that you leave a footprint wherever you go. Important to share with your young people around you. And just like footprints in real life, they are helpful and hurtful. Footprints can help you find your way back to the cabin on a snowy day, but it means people can use them to find you. Even being found is a double edge sword. The more you know about it, the more you can make your digital footprint a positive.

How can I manage my Digital Footprint?

The Internet Society is an international nonprofit focused on empowering people to keep the Internet a force for good. They have a Top 10 list for ways to manage your digital footprint, followed by a link to videos for more information.

  1. Get a better understanding of the issues.
    There’s a lot of information about privacy to take in. Think about the implications of what you’re sharing when you sign up for new services, or install new apps.
  2. Develop your ‘basic hygiene” habits.
    Privacy is about context. If you use one email address for home and another for work, or one credit card for online shopping and another for everything else – it will help keep different parts of your digital footprint separate.
    Be mindful about what you share via social sites and elsewhere, because every selfie, retweet, or like is probably more public, and more persistent than you think.
  3. Become a sophisticated user of your online tools and services.
    Browsers, devices and apps are often set to share your personal data out of the box. Take a look at the privacy settings and see if you’re comfortable with what the default settings are.
    When an application asks for “permission to send you push notifications and use your location data”, think about if that’s really what you want. Your camera and smartphone usually record your time and location in each photo you take, and when you share those photos, you could be sharing that data.
  4. Find and use specific online privacy tools.
    There are many helpful online privacy tools. Use them to protect your online privacy, and to keep track of what information you’re sharing as you surf.
  5. Manage cookies.
    Check what settings your browser(s) have for cookies; find your browser’s “cookie store” and spend some time looking through it. Notice how many of the cookies in there have been set by sites you weren’t even aware of visiting… and then see whether your browser allows you to block third-party cookies. Some browsers offer this as an easy option, but there are also a lot of plug-ins you can use to help control tracking cookies.
  6. Check your privacy settings
    Erasing cookies only goes so far. You should also know your rights when it comes to information that you share on websites, especially open services such as social networks, blogs, and photo sharing sites. It’s a lot easier to prevent your data from being shared than it is trying to remove it from an advertiser database later. Check what permissions apply to content you upload.
  7. Understand the realities of sharing your stuff.
    When you post something on the internet, it’s out there forever. Deleting online content often only removes it from public view, it can be stored in archives and databases forever. Even deleting your account isn’t a guarantee that your content will be deleted. It may still be accessible through other means
  8. Think about the trade-off between convenience and privacy.
    OK, one is instant gratification and the other is a long-term intangible… but the choice is still up to you. Maybe a little inconvenience is worth it, to regain some control over your digital footprint.
  9. Understand the “bargain” you make with online service providers.
    “Free” doesn’t mean “free”: it usually means you pay through the monetization of data about you. “Freemium” doesn’t mean your data isn’t monetized: it usually means you don’t see advertisements in that service, app or game.
  10. “There is no app for this”.
    That’s the bottom line. We can inform you and suggest some privacy tools, but the reality is that there’s no one-click answer: in the long term, the best way to improve your privacy is to change your online habits. We’re here to help, but you hold the key.

Want to know more? Watch our got tutorials on managing your digital footprint.

7 communications-related bills getting attention in US House now

Posted on by
Reply

The Benton Institute for Broadband & Society report

On March 4, the House of Representatives’ Commerce Committee, chaired by Rep. Brett Guthrie (R-KY), held a full committee markup to consider twelve bills in total––the committee’s first legislative markup of the 119th Congress.

“This Committee has a rich, bipartisan history, which we will continue in that spirit with the bills we are considering today,” said Rep Guthrie in his opening remarks. “Each of these bipartisan pieces of legislation was passed by the House last Congress, and I am proud that we will be moving these forward again today.”

Here, we look at the seven communications-related bills that are now teed up for a vote from the full House.

I am just going to include the list – the original article offer more detail…

  1. Precision Agriculture Satellite Connectivity Act
  2. Institute for Telecommunication Sciences (ITS) Codification Act
  3. NTIA Policy and Cybersecurity Coordination Act
  4. Promoting United States Wireless Leadership Act of 2025
  5. Trans-Atlantic Submarine Fiber Optic Cable
  6. Understanding Cybersecurity of Mobile Networks Act
  7. Critical Infrastructure Manufacturing Feasibility Act

MN House looking at cybersecurity support cities and towns for $20 million

Posted on by
Reply

KRWC reports

A bill moving through the Minnesota House looks to help local communities bolster their cybersecurity through a new grant program.

Graham Berg-Moberg is with the Minnesota Association of Townships….

We are collecting things like W2s, W4s, Social Security numbers. We do not have a whole lot of infrastructure in place presently to protect that sort of thing given the way the world is working, the increased pressure of online only reporting systems, we would expect more townships to become vulnerable to cyber security over time.”

The program would draw $20 million from the state’s General Fund. The bill was laid over for inclusion in a possible omnibus bill.

MN HF140 (Cyber security support for cities, towns and townships) is laid over

Posted on by
Reply

Today the MN House Committee State Government Finance and Policy discussed MN HF140 (Cyber security support for cities, towns and townships). The bill was laid over.

HF140(Bahner)
State-funded county and city cybersecurity grant program established, report required, and money appropriated.

Representative Bahner:

  • Amendment A1:  tech changes to conform with Senate and adding townships with population of 5000.
    Passed.
  • Cyber incidents are on the rise especially with AI
  • We need to be vigilant – MNIT does a great job
  • Smaller cities and towns do not have staff or expertise that MNIT has and they need to upgrade
  • It matters to everyone because the networks interact with bigger networks. We’re only as strong as our weakest link

Daniel Lightfoot (MN League of Cities)

  • This is a critical need – this bill would help. We are a small city state but they manage a wide range of public works.
  • They are a target for ransomware
  • 702 cities don’t’ have dedicated IT staff; average staff size is 7 TFE but some have only one
  • We provide insurance

Graham Momberg (Townships)

  • We support the need for cyber security
  • We don’t manage as much as cities but we do manage some
  • 1185 towns collect personal data and we don’t always have the expertise to manage it
  • We know this is a budget compromise year – but we’re glad to see some towns are included

Questions

Q: Does Eligible city, township and town with population over 5000 means each has to population over 5000 or only the township?
It targets only townships.

Bill introduced in MN House HF1606: prohibiting access to nudification technology

Posted on by
Reply

The Minnestoa House reports

Stephenson introduced:

H. F. 1606, A bill for an act relating to commerce; prohibiting access to nudification technology; proposing coding for new law in Minnesota Statutes, chapter 325E.

The bill was read for the first time and referred to the Committee on Commerce Finance and Policy.

I am unlikely to follow this closely, but I wanted to make folks aware as I see this as a digital awareness and security issue. The bill as introduced

A bill for an act
relating to commerce; prohibiting access to nudification technology; proposing
coding for new law in Minnesota Statutes, chapter 325E.

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:

Section 1. 

[325E.91] PROHIBITION ON NUDIFICATION TECHNOLOGY.

Subdivision 1. 

Definitions.

(a) For the purposes of this section, the following terms have
the meanings given.

(b) “Intimate part” has the meaning given in section 604.32, subdivision 1, paragraph
(d).

(c) “Nudify” means the process by which:

(1) an image or video is altered to reveal an intimate part not depicted in the original
unaltered image or video; or

(2) the depiction is so realistic that a reasonable person would believe the depiction
reveals an intimate part of an identifiable individual.

Subd. 2. 

Nudification prohibited. 

A person who owns or controls a website, application,
software, or program must not allow a user to access, download, or use the website to nudify
an image or video.

Subd. 3. 

Civil action; damages. 

An individual injured by a violation of this section may
bring an action for:

(1) compensatory damages, including mental anguish or suffering, in an amount up to
three times the actual damages sustained;

(2) punitive damages;

(3) injunctive relief;

(4) reasonable attorney fees, costs, and disbursements; and

(5) other relief the court deems just and equitable.

Subd. 4. 

Penalties. 

The attorney general may enforce this section under section 8.31.
In addition to other remedies or penalties, a person that violates this section is subject to a
civil penalty of not less than $500,000 for each unlawful access, download, or use under
subdivision 2.

EFFECTIVE DATE. 

This section is effective August 1, 2025, and applies to causes
of action accruing on or after that date.

EVENT Feb 20: Seante Committee meeting on (SF379) cyber security and (SF608) data centers

Posted on by
Reply

A meeting happening tomorrow (Feb 20) with two topics of potential interest…

Committee on State and Local Government
Chair: Sen. Tou Xiong
12:30 p.m.
Room 1200 Minnesota Senate Bldg.

*Agenda items may be added or removed. Please submit documents to mikayla.mtanous@mnsenate.gov by Wednesday, February 19, 2025 at 12:00pm. Late submissions may not be posted in advance of the hearing or included in prepared materials for committee members. TESTIMONY: Testimony is limited. The number of testifiers and length of time permitted is at the discretion of the chair and is subject to change. Please plan accordingly. If you would like to testify, please email the Committee Administrator, mikayla.mtanous@mnsenate.gov by Monday, February 19, 2025 at 12:00pm. Requests for Zoom testimony must be made at least 24 hours in advance. Include the bill number, your name, title and/or organization where applicable, and whether your testimony will be in support of or opposition to the bill. WRITTEN TESTIMONY AND HANDOUTS: Written testimony is encouraged. To submit written testimony or hand-outs, email Committee Administrator, mikayla.mtanous@mnsenate.gov by Monday, February 19, 2025 at 12:00pm. Please email the submission in following pdf format: yearmonthday_bill number_organization_testimony-or-handout Example: 20250329_SF2373_MinnesotaOrganizationName_Testimony
Agenda:
Call to Order
S.F. 379-Wiklund/Wiklund: State-funded county and city cybersecurity grant program establishment.
S.F. 483-Rasmusson/Rasmusson: Motor vehicle loss of consciousness of voluntary control provisions modifications.
S.F. 608-Lieske: Data centers in certain districts prohibition provision.

FCC announces Cybersecurity Pilot Program Participants including 12 in MN

Posted on by
Reply

The FCC reports

The Federal Communications Commission today selected 707 participants for the FCC’s Schools and Libraries Cybersecurity Pilot Program, including 645 schools and districts, 50 libraries, and 12 consortia.  Participants in the three-year pilot program will receive support to defray the costs of eligible cybersecurity services and equipment and provide the Commission with data to better understand whether and how universal service funds could be used to improve school and library defenses against increasing cyberattacks.  All 50 states, in addition to Puerto Rico and the District of Columbia, and several Tribal lands are reflected by the Pilot participants announced today.   …

The Cybersecurity Pilot Program is part of Chairwoman Rosenworcel’s Learn Without Limits initiative to address the Homework Gap by ensuring connectivity to and within schools and libraries.  This initiative includes Wi-Fi on school buses, the Wi-Fi hotspot lending program, and E-Rate support for libraries in Tribal communities.

Here are the participants in Minnesota…

CHRIST HOUSEHOLD OF FAITH SCH School MN
ST PAUL PUBLIC LIBRARY Library System MN
SAINT PAUL PUBLIC SCHOOL DISTRICT 625 School District MN
RED LAKE SCHOOL DISTRICT 38 School District MN
HMONG COLLEGE PREP ACADEMY 4103-07 School MN
SOUTHERN PLAINS EDUCATION COOPERATIVE School District MN
COMMUNITY SCHOOL OF EXCELLENCE 4181-07 School MN
TRI-COUNTY COMMUNITY ACTION INC. School District MN
THE BEST ACADEMY School MN
NEW CENTURY SCHOOL 4240-07 School MN
BDOTE LEARNING CENTER 4226-07 School MN
Bultum Academy School MN

 

OPPORTUNITY: Minnesota Cybersecurity Task Force 2024 seat open

Posted on by
Reply

An opportunity from the Secretary of State several seats open on the Cybersecurity Task Force …

Membership

The Task Force membership shall meet, at minimum, the requirements of cybersecurity planning committee as defined in Public Law 117-58, Sec. 70612.

Membership requirements are based on and conform to Public Law 117-58. In summary, membership shall consist of the following:

  • The Chief Information Officer (CIO), the Chief Information Security Officer (CISO), or equivalent official of the eligible entity;
  • If the eligible entity is a state (including territories), then representatives from counties, cities, and towns within the jurisdiction of the eligible entity;
  • Institutions of public education and health within the jurisdiction of the eligible entity; and
  • As appropriate, representatives of rural, suburban, and high-population jurisdictions.

At least one half of the representatives of the Cybersecurity Planning Committee must have professional experience relating to cybersecurity or information technology.

 

NTIA awards $60.6 Million in Digital Equity Capacity Grant (North Dakota gets $4.5M)

Posted on by
Reply

It’s not Minnesota, but during the holiday season we can celebrate with our neighbors to the west. The National Telecommunications and Infromation Administration reports

The Department of Commerce’s National Telecommunications and Information Administration (NTIA) today has approved and recommended for award applications from Arizona, Arkansas, Colorado, Maryland, North Dakota, American Samoa, and the U.S. Virgin Islands, allowing them to request access to more than $60.6 million to implement their Digital Equity Plans.

Here’s what’s happening in North Dakota…

North Dakota will use $4,549,772 in funding to implement key digital equity initiatives, including:

  • Providing funding to state agencies to expand and/or adjusting existing digital equity programs and resources; and

  • Convening Internet service providers to establish objectives for a cybersecurity certification program, then identifying a subrecipient to finalize development of the certification program.

The National Defense Authorization Act (NDAA) set to connect barracks-type housing to broadband

Posted on by
Reply

The Benton Institute for Broadband & Society reports…

This week, Congress passed the Servicemember Quality of Life Improvement and National Defense Authorization Act for Fiscal Year 2025, this year’s version of the National Defense Authorization Act (NDAA). The law authorizes $895.2 billion for Department of Defense programs, defense-related activities, and national security programs in the Department of Energy and the Defense Nuclear Facilities Safety Board. Included in the law are provisions to rural telecommunications networks more secure and internet access service affordable for members of the armed service while addressing issues around artificial intelligence and cybersecurity.

This includes…

Free Internet Access for Members of the Armed Forces

The Servicemember Quality of Life Improvement and National Defense Authorization Act amends existing law to allow military departments to provide members of the armed services that reside in “military unaccompanied housing” (think a barracks or a dormitory not suitable for a dependant).

Within three months, the Secretary of Defense will issue a guidance to implement this new policy, ensuring that service members have reasonable access to 100/20 Megabits per second (Mbps) broadband internet access service that maximizes access to individual rooms and spaces with appropriate restrictions.

Internet access can play a vital role in service members’ lives including distance education for professional military education.

Ookla track biggest tech outages Q1-3 2024

Posted on by
Reply

Ookla reports

Our reliance on technology is so total that for many it feels like the world is ending when a popular site or service on the internet is inaccessible, and 2024 saw many outages that reminded us how much one such interruption can disrupt the daily lives of millions. We analyzed Downdetector® data from Q1-Q3 2024 to see where that pain of disconnection was felt most acutely. Read on to revisit the largest outages of 2024 at a global level and sorted by region.

Note that while some companies experienced more than one large outage during this time period, we’ve listed only the largest incident per company in each chart.

More info on the outages, and some help to remind you of them if you were impacted…

Users of social media sites, internet providers, and gaming sites and services suffered the most disruptions this year according to Downdetector data on the world’s biggest outages. Facebook had the largest outage on our list. On March 5, over 11.1 million people across the world reported issues with the popular social media site.

The second largest global outage may be the most memorable. While CrowdStrike is not a service most people think of, we saw nearly 5 million reports to services that rely on it (or rely on Microsoft which relies on Crowdstrike), including emergency services, airlines, and ride sharing apps when a routine software update went bad on July 19.

AT&T suffered the third largest outage in the world, according to Downdetector data, when an equipment configuration error caused customers across the entire United States to lose network access for over 12 hours.