A recent cyberattack on the Minnesota Judicial Branch's website underscored a growing threat that state officials warn will become more difficult to combat without additional resources.
Headline-grabbing data breaches have typically focused on instances where hackers steal millions of consumers' financial information from retailers like Target and Home Depot. But experts say that state government systems also are vulnerable targets that hold sensitive information, including bank account information, Social Security numbers and addresses.
Gov. Mark Dayton earlier this year sought nearly $46 million to upgrade state government computer systems, to better ward off any potential cybersecurity attacks or data breaches. Some of the funding would have also gone toward improving the state's response to a potential data breach.
The Department of Corrections and Department of Education would have received about $10 million to beef up their systems' security.
Amid deep disagreements over how to spend the state's projected budget surplus, state legislators failed to provide the funding Dayton requested, leaving the state's computer systems without additional defenses for at least another year.
"Every day, hackers try to find and exploit gaps in Minnesota's networks, hoping to steal sensitive information or bring websites down," said MN.IT Services, the agency that administers Minnesota's network. "The cybersecurity request this past legislative session reflects the fact that all organizations — both in government and the private sector — operate in an increasingly hostile digital world."
MN.IT Services expects to press for additional resources, saying it is trying to keep up with the deluge of threats it faces daily.
"We must take these threats seriously and invest appropriately to protect Minnesotans' data from cyber criminals," the agency said.
Last week's attack on the judicial website is known as a "distributed denial-of-service" (DDOS) attack, which overwhelms a website with network traffic, effectively blocking out legitimate users. It was the second such attack since late 2015, and similar to other attacks on government computers around the globe.
Court officials said there has been no evidence that secure data had been improperly accessed during the attack, which the international hacker group, Anonymous Legion, took credit for. The website was unusable for most of the day Wednesday.
"Cybercrime is becoming increasingly organized, and cybercriminals are continually modifying their attacks," said Beau Berentson, a spokesman for the state court administration office. "This means that cybersecurity needs to constantly evolve to defend against and respond to changing threats."
Berentson said the state has asked the FBI Cyber Task Force to investigate the attack. "Our public website is used by thousands of Minnesotans every day to find information about their courts and access free legal resources," he said. "Any malicious attack on court operations is a threat to access to justice in our state."
