​Minnesota hopes to spur agencies to action with cyber score cards

It’s not enough to know that cybersecurity is important — government has to act on it, said Thomas Schaeffer, assistant commissioner and executive director of enterprise operations at MN.IT Services, Minnesota’s state IT office.

Educating people on the importance of cybersecurity and getting the funding to adequately protect the state are two of the biggest challenges faced by MN.IT, Schaeffer said. One way they’re facing that challenge is by bringing in their partners to create agency risk score cards that get those agencies to seek funding on top of the state’s existing charge-back model.

The office is also pursuing legislation that could generate additional cybersecurity funding, he said.

“This year’s been a difficult one for us because we are pushing cybersecurity and trying to figure out how to fund cybersecurity,” Schaeffer said. “Funding really is the hardest thing for us right now. And things around cybersecurity are not the cheapest things.”

Other challenges facing Minnesota include a shift in culture that prioritizes service delivery and deviates from an “IT for the sake of IT” approach.

Data center consolidation has allowed the state to reduce its data center count from 49 to less than 30. Consolidating data centers is accompanied by a drive to consolidate processes and flatten their workflow, he said.

“We’ve brought our business partners into the equation,” Schaeffer said, “and talked to them about what they’re doing and what they need from us, so collaboration with them and it also includes our vendor partners and making sure we have their buy-in for what we’re trying to deliver for our customers and for the citizens of the state of Minnesota.”