New Cybersecurity Requirements for State of Minnesota Critical Infrastructure Providers

Posted in RESOURCES

Mary Madison, RN, RAC-CT, CDP
Clinical Consultant – Briggs Healthcare

On August 30, Governor Tim Walz signed Executive Order 22-20, directing state agencies to implement cybersecurity measures to protect critical infrastructure in Minnesota. Your business is part of the 16 critical infrastructure types. Please review this 4-page Executive order for specific directions and deadlines.

MDH leadership, in partnership with Minnesota IT Services (MNIT) is following this order by continuing to monitor and help reduce cybersecurity risks to protect the life and safety of Minnesotans. All service providers rely on systems that are potentially vulnerable to cybersecurity threats and will be required to take actions to protect their system security, with more details in the future from MDH.

What needs to be done?

  • Register your system owners and identified staff with MN Fusion Center at MNFC. See below.
  • Report cyber-attacks using guidance at the State Security Operations Center (SOC).
  • Look for additional information in the near future from MDH on materials to conduct a cybersecurity self-assessment. You may also choose to have an assessment completed by an outside entity.
    • After completing the cybersecurity assessment, your system will:
      • Certify completion with MDH.
      • Continue work in addressing potential security gaps; and
      • Annually certify that an updated assessment has been completed.

Register system owner and staff with the Minnesota Fusion Center (MNFC). Personnel responsible for system ownership, system operations, and cybersecurity are expected to register at MNFC; there is no limit to how many may register. Register under ‘Partners Membership,’ complete the biographic information, then select the Critical Infrastructure applicable Key Resources Sector. Public drinking water entities should choose “Water.”  Most others will select “Health Care and Public Health.” IT and cyber security personnel should select ‘Information Technology’ and a sector. Registration questions can be directed to mn.fc@state.mn.us.

Find general information on cybersecurity self-assessments?

See Free Cybersecurity Services and Tools | CISA for additional guidance as it’s available. This is a great resource for all providers.