Whole-of-state program delivers security that’s ‘antivirus on steroids’

In Woodbury, Minnesota, the city’s 11-person IT department faced a difficult decision. The cybersecurity hardware and software they adopted three years ago was up for renewal, and the new price was more than they wanted to pay. 

For CrowdStrike's managed detection and response offering, the city had a 15% discount for the first year through a Center for Internet Security, or CIS, program. The city paid $51 for each of its 400 devices, “so our cost initially was $20,400 for the year,” said Robert James, Woodbury’s information and communications technology director. “When the renewal came around, it was without the initial discount, so it was $24,000 for the year.”

But the Minnesota Whole-of-State Cybersecurity Plan offered a way forward. Developed by the Minnesota Information Technology Services’ Cybersecurity Task Force, the plan offers managed detection and response capabilities through a whole-of-state cybersecurity plan. 

Announced in September 2023, the whole-of-state program uses $23 million in funding from the federal government’s State and Local Cybersecurity Grant Program and matching dollars from the Minnesota legislature to provide cybersecurity resources and tools, including CrowdStrike’s managed detection and response solution.

Under the plan, eligible entities, including localities, schools and tribal nations, get CrowdStrike technology and a subsidized three-year subscription for managed detection and response software. After that, they pay through a cost-sharing model.

Woodbury was one of the first localities to sign on.

“Through the Minnesota whole-of-state program, the cost will be $46 per device when the grant program runs out” in July 2027, James said. “We will save more than $14 per device and get more security deployment than with our deployment through CIS. Since we have added more devices in total, this will add up to almost $7,000 in savings for the city every year.”

About 125 Minnesota entities, including Woodbury, have been using the setup since February. Another 80 are coming online soon.

The plan “helps us build that mentality of ‘we are one Minnesota,’” said John Israel, the state’s chief information security officer. “It’s an opportunity for us to share threat intelligence, share information and help prevent these events…. We at the state have just as much of a duty to protect our residents and their data as all of the other government entities.”

Plus, the plan makes top-notch security accessible to all governmental units, regardless of size or budget, he added, because even when a school district, fire department or wastewater treatment plant has to pay, “they’re still getting a benefit in a discount because local governments simply can’t negotiate the pricing for these tools at the same level that the state can,” Israel said. The three years of free software also gives government entities “a chance to advocate and educate their boards and their councils and their leaders on the need for the investment, and build that investment over time vs. it being a cliff that they fall off.” 

Perhaps most importantly, the plan increases cybersecurity. Partners get security “that’s an antivirus on steroids with full vendor support,” said Israel, who’s also a co-chair of the state’s Cybersecurity Task Force. “If anything happens, the vendor steps in and blocks it and works with them to help remediate, so we’ve seen a significant risk reduction.” The anecdotal evidence suggests “the entities that are participating to date—knock on wood—are not having the impact from malware events that they were before.”

Since Woodbury started using the state-hosted managed detection and response solution, it has experienced only false positives, James said, but they show the benefits of the setup. When a problem is detected, alerts go to not only Woodbury’s system administrators, but also to CrowdStrike’s security operations center. 

That’s a far cry from the way things worked when the city used only an antivirus solution rather than the managed detection and response service it has now, James said. “I wouldn’t have gotten an alert … and we wouldn’t have had a security operations center behind us being alerted and then helping us figure out if this is a problem,” he said. “It gives me some assurance that I’m not alone with this. I’ve got the state and I’ve got CrowdStrike backing me up and helping me and my team out.”

The whole-of-state plan builds on Minnesota’s Statewide Security Monitoring Initiative, a decade-plus-old program that provides funding to local governments for cybersecurity improvements. “That program grew from a budget of I think it was only $100,000 the first year to now this year for 2024 has been renewed for $1.9 million,” Israel said. It gets support from U.S. Department of Homeland Security grants.

That monitoring initiative helped inform the whole-of-state plan, he said, adding that the state has essentially merged the two because it still gets funding for both. 

As part of the whole-of-state plan, Minnesota started a program called Cyber Navigators, which makes cybersecurity experts available to entities that need help. “We have four of them,” Israel said. “One is focused on counties, one’s focused on municipalities, so cities and townships, one is focused on schools, and then the fourth one on critical infrastructure.”

Next, the team will begin helping localities build their baseline security—another area that a 15-member task force identified last year as a priority. “Our target is to launch Version Two of the plan in September,” Israel said.

Editor's note: This story was changed May 15  and  May 16 to correct the description and pricing on the CrowdStrike subscription services. The software is not free, but the cost is subsidized for three years.