As the Minnesota capital continues to recover from last week’s cyber attack — and as officials seek accountability — lessons are starting to emerge from various parts of the gov tech world. Here’s what they have to say.
It didn’t hurt that Gov. Tim Walz deployed 13 members of the Minnesota National Guard’s Cyber Protection Unit to help fix the damage — reportedly the first time that unit has deployed inside the state in its eight years of existence.
“This is definitely a serious attack,” Betsy Cooper, founding director at nonpartisan civic advocacy group Aspen Policy Academy, told Government Technology via email. “Cities are attacked regularly, but this one is particularly broad in scope. We’ve seen comparable attacks in places like Cleveland and Washington, D.C. It’s not unprecedented, but it is significant.”
Even though St. Paul officials on Thursday still were seeking to repair their systems and figure out exactly what happened, lessons are starting to emerge as officials and gov tech suppliers throughout the country brace for the next attack.
At a July 29 press conference, featured in the video below, city IT leaders explained why the incident interrupted some services.
Local reports indicated that nearly a week after the cyber attack, many city services operated at a much slower pace — assuming they are running. St. Paul officials offered no immediate comment.
Online bill payments and library computers were among the areas still feeling the pain of the attack. Though some police officers reportedly had to use radios instead of laptops to keep up with public safety, officials insisted there were no major safety threats.
“To be crystal clear, there is absolutely no problem with our emergency response,” Police Chief Axel Henry said at a news conference.
The FBI was helping local investigators trace the attack’s origins and reason.
At least one gov tech executive offered a view about how the attack happened — one informed not by any inside knowledge of what happened in St. Paul, but by experience helping law enforcement agencies protect their own operations from hackers and ransomware demands.
“In general, most cyber attacks like this are a result of unpatched or unimproved secured servers,” said Andre McGregor, a former FBI agent who worked in cybersecurity and who is now CEO of ForceMetrics. More than likely, “it goes back to an individual who received an email that allowed [hackers] to compromise” the system.
A sense of “we are all in it together” also has accompanied developments in the St. Paul cyber attack — a sense that reflects the broader move toward “whole-of-state cybersecurity,” a philosophy that calls for wide cooperation among different agencies to protect systems.
For instance, the state of Minnesota — the state capital is St. Paul — “continues to actively support the city of St. Paul’s response and recovery to the recent cyber attack,” said Emily Zimmer, communications manager for Minnesota IT Services.
Zimmer said she could not share specific details about recovery efforts but she told Government Technology via email that the St. Paul attack shows that cyber threats are becoming more sophisticated and larger.
“We urge all government entities to take this as a reminder to review defenses, test response plans and remain vigilant,” she wrote. “Cybersecurity is a shared responsibility, and our top priority is protecting the systems and data Minnesotans rely on.”
Cooper, McGregor and others said the recent attack offers a reminder to other governments that secure backups stored separate from affected systems are vital. So is a plan for how to keep offering core services without the Internet.
“With artificial intelligence, cyber attacks such as the one St. Paul experienced will only be on the rise, and every city should have a plan for how to move forward if they are the next victim,” Cooper said. “Emergency services being hit is one of the worst-case scenarios.”
The dangers of the recent attack in St. Paul were deeply felt in even some of smallest towns — towns such as Auburn, Ind., with an estimated population of nearly 14,000.
That’s according to Natalie DeWitt, president of the Auburn Common Council and an official with long experience in public-sector cybersecurity.
“The recent cyber attack on St. Paul is both alarming and eye-opening,” she told Government Technology via email. “It’s a stark reminder that no community — large or small — is immune.”
If anything, she added, the smallest cities have “greater vulnerabilities” thanks to relatively tight budgets, older tech systems and fewer IT resources.
Getting past those challenges requires more cybersecurity education for IT staff, elected officials and residents, she said. The same urgency that surrounds police and fire response must attach to the potential for cyber attacks.
In those ways, the St. Paul attack represents a call to action, she said. More training, better response plans, and stronger state and federal partnerships: Those are among the moves she recommends in the aftermath of this latest major attack.
“This incident underscores a broader truth we need to embrace: Cybersecurity is public safety,” DeWitt said. “Just like police, fire and EMS, protecting our digital infrastructure is about protecting people — their data, their services and their trust in local government.”
Thad Rueter writes about the business of government technology. He covered local and state governments for newspapers in the Chicago area and Florida, as well as e-commerce, digital payments and related topics for various publications. He lives in Wisconsin.
