Bill Text: MN HF1702 | 2013-2014 | 88th Legislature | Introduced
Bill Title: Cyber security and broadband infrastructure vulnerability study and report required.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Introduced - Dead) 2013-04-04 - Introduction and first reading, referred to Labor, Workplace and Regulated Industries [HF1702 Detail]
Download: Minnesota-2013-HF1702-Introduced.html
1.2relating to telecommunications; broadband; requiring a study and report on cyber
1.3security and broadband infrastructure vulnerabilities.
1.4BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:
1.5 Section 1. BROADBAND CYBER SECURITY; REPORT.
1.6 Subdivision 1. Policy statement. The legislature of the state of Minnesota, as
1.7part of its efforts to deploy and improve broadband service in the state under Minnesota
1.8Statutes, section 237.012, finds that it is of critical importance to determine (1) whether
1.9any potential single point of system failure or other vulnerabilities to cyber terrorism exist,
1.10and (2) what, if any, steps need to be taken to address identified shortcomings.
1.11 Subd. 2. Study; cyber security. (a) The Minnesota Broadband Task Force,
1.12established under Executive Order 11-27, shall commission a study that analyzes the
1.13current and desired status of the state's broadband infrastructure security. The study should
1.14focus on issues related to public safety, law enforcement, and the provision of electrical
1.15power, other utilities, and essential services to gauge the potential impact widespread
1.16disruption to broadband services would have on commercial enterprise in the state.
1.17(b) The study shall be conducted by qualified technical experts, including state and
1.18local officials and business technology leaders with varied cyber security experiences.
1.19The Minnesota Broadband Task Force shall oversee and manage the study and work to
1.20ensure the widest participation possible by the business community. By January 15, 2015,
1.21the Minnesota Broadband Task Force shall report back on the study's findings, including
1.22any recommended legislative initiatives, to the legislative committees having jurisdiction
1.23over telecommunications, commerce, and public safety.
2.1(c) The study's key findings must summarize the areas where the state's broadband
2.2infrastructure is most vulnerable. The study must contain detailed research and
2.3recommendations, including an analysis of the economic impact that would result from
2.4widespread disruption of broadband service, as well as the positive impact on economic
2.5development that might accrue if the state enhanced cyber security readiness and leveraged
2.6inherent advantages related to broadband or data center deployment.
2.7(d) Notwithstanding any laws to the contrary, the Minnesota Broadband Task Force
2.8and the individuals participating in the study are authorized to review data, findings, and
2.9recommendations in a closed, nonpublic session to ensure that protected and proprietary
2.10data remain secure. Any proprietary or nonpublic information used in developing the
2.11report must be handled in a manner consistent with Minnesota Statutes, chapter 13.
2.12 Subd. 3. Study; report contents. At a minimum, the report shall evaluate and
2.13make recommendations regarding:
2.14(1) how cyber attacks are currently identified and responded to, including:
2.15(i) an assessment on the impact of cyber terrorism on critical infrastructure, including
2.16but not limited to public safety infrastructure, water and sewers, and the electrical grid;
2.17(ii) a determination regarding how to protect the confidentiality of sensitive security
2.18information, while still making appropriate disclosure to practitioners and public policy
2.19makers;
2.20(iii) a threat assessment, assuming both worst-case and most-likely cyber breach
2.21scenarios, analyzing the impact of a situation where the state's critical and major
2.22broadband and Internet hubs were breached or taken down; and
2.23(iv) an evaluation of the extent to which cyber hackers have or could obtain access
2.24to intellectual property or other protected, private data;
2.25(2) how to enhance the state's response to cyber threats and attacks, including an
2.26assessment on how quickly the state can currently respond to and contain cyber threats
2.27and any recommended improvements;
2.28(3) the extent to which a risk assessment shows broadband traffic in the state is
2.29susceptible to a single point of failure, including:
2.30(i) an evaluation of significant co-location sites in the Twin Cities and the respective
2.31downstream dependencies;
2.32(ii) an evaluation of the state's middle-mile broadband infrastructure to determine
2.33whether the infrastructure has any single points of failure in the event of a disaster or
2.34attack; and
2.35(iii) recommendations or options for robust ways to increase performance and
2.36reduce vulnerability, including an analysis of the investments and efforts needed to ensure
3.1the state's broadband infrastructure remains fully functioning in the event of an attack or
3.2disaster elsewhere;
3.3(4) the state's broadband cyber security strategies compared to other states and peer
3.4entities, assessing the degree to which the strategies might contribute to the state's security
3.5and redundancy goals and reduce the state's vulnerability, including:
3.6(i) an assessment of any broadband advantages the state has that it is not currently
3.7leveraging; and
3.8(ii) a brief assessment of the strategies and procedures other states are using to
3.9prepare for cyber security threats, as well as any recommended national protocols or best
3.10practices the state should consider implementing; and
3.11(5) a description of the security, vulnerability, and redundancy actions necessary
3.12to ensure reliability, drawing heavily on the actions plans documented in the 2009
3.13Minnesota Ultra High-Speed Broadband Report that describe the duties and targets for
3.14the office, including any recommendations regarding the establishment of formal links
3.15between a new broadband office and related activities in other agencies to ensure effective
3.16collaboration and information sharing.
3.17EFFECTIVE DATE.This section is effective the day following final enactment.
1.3security and broadband infrastructure vulnerabilities.
1.4BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:
1.5 Section 1. BROADBAND CYBER SECURITY; REPORT.
1.6 Subdivision 1. Policy statement. The legislature of the state of Minnesota, as
1.7part of its efforts to deploy and improve broadband service in the state under Minnesota
1.8Statutes, section 237.012, finds that it is of critical importance to determine (1) whether
1.9any potential single point of system failure or other vulnerabilities to cyber terrorism exist,
1.10and (2) what, if any, steps need to be taken to address identified shortcomings.
1.11 Subd. 2. Study; cyber security. (a) The Minnesota Broadband Task Force,
1.12established under Executive Order 11-27, shall commission a study that analyzes the
1.13current and desired status of the state's broadband infrastructure security. The study should
1.14focus on issues related to public safety, law enforcement, and the provision of electrical
1.15power, other utilities, and essential services to gauge the potential impact widespread
1.16disruption to broadband services would have on commercial enterprise in the state.
1.17(b) The study shall be conducted by qualified technical experts, including state and
1.18local officials and business technology leaders with varied cyber security experiences.
1.19The Minnesota Broadband Task Force shall oversee and manage the study and work to
1.20ensure the widest participation possible by the business community. By January 15, 2015,
1.21the Minnesota Broadband Task Force shall report back on the study's findings, including
1.22any recommended legislative initiatives, to the legislative committees having jurisdiction
1.23over telecommunications, commerce, and public safety.
2.1(c) The study's key findings must summarize the areas where the state's broadband
2.2infrastructure is most vulnerable. The study must contain detailed research and
2.3recommendations, including an analysis of the economic impact that would result from
2.4widespread disruption of broadband service, as well as the positive impact on economic
2.5development that might accrue if the state enhanced cyber security readiness and leveraged
2.6inherent advantages related to broadband or data center deployment.
2.7(d) Notwithstanding any laws to the contrary, the Minnesota Broadband Task Force
2.8and the individuals participating in the study are authorized to review data, findings, and
2.9recommendations in a closed, nonpublic session to ensure that protected and proprietary
2.10data remain secure. Any proprietary or nonpublic information used in developing the
2.11report must be handled in a manner consistent with Minnesota Statutes, chapter 13.
2.12 Subd. 3. Study; report contents. At a minimum, the report shall evaluate and
2.13make recommendations regarding:
2.14(1) how cyber attacks are currently identified and responded to, including:
2.15(i) an assessment on the impact of cyber terrorism on critical infrastructure, including
2.16but not limited to public safety infrastructure, water and sewers, and the electrical grid;
2.17(ii) a determination regarding how to protect the confidentiality of sensitive security
2.18information, while still making appropriate disclosure to practitioners and public policy
2.19makers;
2.20(iii) a threat assessment, assuming both worst-case and most-likely cyber breach
2.21scenarios, analyzing the impact of a situation where the state's critical and major
2.22broadband and Internet hubs were breached or taken down; and
2.23(iv) an evaluation of the extent to which cyber hackers have or could obtain access
2.24to intellectual property or other protected, private data;
2.25(2) how to enhance the state's response to cyber threats and attacks, including an
2.26assessment on how quickly the state can currently respond to and contain cyber threats
2.27and any recommended improvements;
2.28(3) the extent to which a risk assessment shows broadband traffic in the state is
2.29susceptible to a single point of failure, including:
2.30(i) an evaluation of significant co-location sites in the Twin Cities and the respective
2.31downstream dependencies;
2.32(ii) an evaluation of the state's middle-mile broadband infrastructure to determine
2.33whether the infrastructure has any single points of failure in the event of a disaster or
2.34attack; and
2.35(iii) recommendations or options for robust ways to increase performance and
2.36reduce vulnerability, including an analysis of the investments and efforts needed to ensure
3.1the state's broadband infrastructure remains fully functioning in the event of an attack or
3.2disaster elsewhere;
3.3(4) the state's broadband cyber security strategies compared to other states and peer
3.4entities, assessing the degree to which the strategies might contribute to the state's security
3.5and redundancy goals and reduce the state's vulnerability, including:
3.6(i) an assessment of any broadband advantages the state has that it is not currently
3.7leveraging; and
3.8(ii) a brief assessment of the strategies and procedures other states are using to
3.9prepare for cyber security threats, as well as any recommended national protocols or best
3.10practices the state should consider implementing; and
3.11(5) a description of the security, vulnerability, and redundancy actions necessary
3.12to ensure reliability, drawing heavily on the actions plans documented in the 2009
3.13Minnesota Ultra High-Speed Broadband Report that describe the duties and targets for
3.14the office, including any recommendations regarding the establishment of formal links
3.15between a new broadband office and related activities in other agencies to ensure effective
3.16collaboration and information sharing.
3.17EFFECTIVE DATE.This section is effective the day following final enactment.
