Minnesota Legislature
HF 5324
as introduced - 93rd Legislature (2023 - 2024) Posted on 04/08/2024 02:16pm
Current Version - as introduced
1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18 1.19 1.20 1.21 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11 2.12 2.13 2.14 2.15 2.16 2.17 2.18 2.19 2.20 2.21 2.22 2.23 2.24 2.25 2.26 2.27 2.28 2.29 2.30 2.31 2.32 2.33 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11
3.12 3.13 3.14 3.15
A bill for an act
relating to state government; establishing a state-funded county and city
cybersecurity grant program; requiring a report; appropriating money; proposing
coding for new law in Minnesota Statutes, chapter 16E.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:
Section 1.
[16E.36] STATE-FUNDED COUNTY AND CITY CYBERSECURITY
GRANT PROGRAM.
Subdivision 1.
Grant account established.
A state-funded cybersecurity grant account
is established in the special revenue fund. Money in the account is appropriated to the
commissioner to provide grants to counties and cities that currently lack the resources to
directly benefit from other federal and state cybersecurity plans and programs. Money in
the account is available until expended.
Subd. 2.
Authorized purchases.
A county or city may apply to the commissioner to
receive a grant for the following expenditures:
(1) general information technology services for cybersecurity;
(2) equipment to secure operational technology, including industrial control systems;
(3) storage and backup solutions;
(4) cloud-based backup and data storage services;
(5) data management and data archiving solutions;
(6) secure email hosting and productivity and collaboration software;
(7) email filtering solutions;
(8) web filtering and DNS security solutions;
(9) antivirus and endpoint detection and response software;
(10) firewalls, network switches, and other networking hardware;
(11) monitoring and log management solutions; and
(12) consulting or other professional services necessary to implement any of the
expenditures identified in clauses (1) to (11).
Subd. 3.
Application for grant; assessment of program priorities and local need.
The
commissioner must establish an application to be used for the purpose of awarding grants.
The commissioner must also establish standards for application review. At a minimum, the
review must assess each proposed expenditure with a focus on reducing overall risk across
all counties and cities in the state, targeting the availability of systems that underpin critical
infrastructure and public services; protect government data; and promote compliance with
applicable state laws, rules, executive orders, and industry best practices. The commissioner
must also prioritize applications based on their demonstrated degree of local need, including
whether the county or city employs dedicated staff with cybersecurity expertise, and whether
the county or city has the capacity to access other local resources to support the proposed
expenditure. The application must require the county or city to provide sufficient information
necessary for the commissioner to make these assessments. In considering whether to award
a grant, the commissioner must ensure that money is distributed equitably among geographic
regions of the state.
Subd. 4.
Amount of initial grant; supplemental grants.
(a) Upon submitting an
application for an eligible expenditure that meets the standards required under subdivision
3, each county or city may receive an initial grant for the full cost of that expenditure, up
to $25,000.
(b) In addition to grants under paragraph (a), the commissioner may award supplemental
grants, including for proposed expenditures that exceed $25,000, provided that the
supplemental grant amount may not exceed 75 percent of the total cost of a proposed
expenditure above $25,000. A county or city may not receive a total of more than $1,000,000
in grant money under this section. If the commissioner determines that an application for a
supplemental grant meets the standards required under subdivision 3 for an eligible
expenditure, the commissioner may approve the application, either in whole or in part. The
commissioner may collaborate with counties and cities to establish additional criteria for
the consideration of applications and the awarding of grants.
Subd. 5.
Grant accountability.
As a condition of receiving a grant, the commissioner
must require the receiving county or city to agree to annual reporting on its use of the grant
funds and other appropriate standards for grant tracking and accountability. These standards
must be determined by the commissioner, in consultation with the commissioner of
administration.
Subd. 6.
Report to legislature.
No later than January 15, 2025, and annually thereafter
until available appropriations have been exhausted, the commissioner must submit a report
to the legislative committees with jurisdiction over state government finance on the grants
awarded by this section. The report must detail each grant awarded, including the jurisdiction,
the amount of the grant, and a general description of the expenditure for which each grant
was used.
Sec. 2. STATE-FUNDED COUNTY AND CITY CYBERSECURITY GRANT
PROGRAM; APPROPRIATION.
$20,000,000 in fiscal year 2025 is appropriated from the general fund to the state-funded
cybersecurity grant account in the special revenue fund.