Minnesota schools turn to voters, plead for lawmaker help in fending off cyberattacks

A person leads a meeting
State Rep. Kristin Bahner, DFL-Maple Grove, leads a meeting of the Legislative Commission on Cybersecurity on Monday at the state Capitol.
Dana Ferguson | MPR News

Faced with a growing threat of cybersecurity breaches, school districts around the country and in Minnesota are turning to local taxpayers and state officials for help in building up their defenses. 

Voters in at least 17 communities last week weighed ballot questions letting local districts raise tax levies for cybersecurity improvements; more than half were approved.

School officials on Monday told lawmakers that it shouldn’t be entirely on their shoulders. 

“It’s crucial to have strong defense and be prepared to respond with incident response and business continuity plans,” Justin Hennes, chief information officer for Minneapolis Public Schools, told the Legislative Commission on Cybersecurity. “The Legislature and state agencies can help by funding cybersecurity services for education.”

Minneapolis Public Schools experienced a ransomware attack in February. Hennes said an investigation into the attack has been closed and the district took steps to notify people whose data was affected and offered them credit monitoring services.

That district is not alone. 

K12 Security Information Exchange tracks public reports of school hacks around the country. The group reported more than 1,600 security breaches between 2016 and 2022, with dozens taking place in Minnesota within that time frame.

School technology officials worry that their systems have become an attractive target for hackers. 

“This challenge isn’t exclusive to large or small districts, nor is it confined to urban or rural areas. These attackers are opportunistic seeking vulnerabilities wherever they may exist,” said Anthony Padrnos, executive director of technology at Osseo Area Schools.

“Unlike many industries that allow for high restrictive practices and still allow for business objectives to be met, education institutions must delicately balance unnecessary restrictions with flexibility to cater to the evolving learning needs.”

Padrnos said the Osseo district has had success in partnering with five other school districts in the area to test for tech vulnerabilities and work together on defense tools. But there should be a statewide effort to flag cybersecurity concerns across districts and to share programs that work, he said.

“Our state needs improved coordinated communication channels for timely sharing of information and threat awareness among school districts security contacts,” Padrnos said.

North Dakota and Wisconsin have advanced similar communication networks.

School tech leaders also asked for help in paying ballooning cybersecurity insurance premiums and getting access to tech products that are secure by design and by default. Mario McHenry, executive director of technology services with St. Paul Public Schools, said the district’s premiums grew by 98 percent between school years 2021-22 and 2022-23.

The district also experienced a data breach earlier this year.

“This is a kind of concern for pre K-12 environments because, normally, those types of organizations don't have that capital available to be able to afford those types of premiums. And that's of concern,” McHenry said. “Having cyber insurance, I think, is something that’s very important.” 

State Rep. Kristin Bahner chairs the Legislative Commission on Cybersecurity. She said the state can do more to help districts as they confront those threats. It could be on the agenda when the Legislature returns for its 2024 session on Feb. 12.

“So we want to be able to share and collaborate a little bit more. And that is something that we’re working on very hard here in Minnesota,” the Maple Grove DFLer said. “I think we’re gonna see a lot more focus on that concept, because we are only as strong as our weakest link.”