July 29, 2025
On Tuesday, July 29, 2025, Minnesota Governor Tim Walz issued an emergency executive order deploying the Minnesota National Guard's cyber protection team in response to a serious cyberattack on the City of St. Paul
What Happened:
- The incident reportedly began on Friday, July 25, and continued through the weekend
- Critical city systems—especially internal infrastructure and online services—were disrupted, handicapping public-facing operations like payment portals. Emergency response functions (e.g. 911) remain unaffected for now.
- The breach was not a system glitch—but a deliberate, coordinated digital assault by a sophisticated external threat actor.
- City leadership declared a state of emergency, giving them enhanced powers to respond fast.
- The scale and technical complexity of the breach exceeded the city's internal capacity—triggering a formal request for state support.
- The National Guard—long involved in state-level tech missions—has mobilized cyber specialists to collaborate with city, state, and federal agencies, including the FBI, to investigate and remediate.
- Though municipal buildings like libraries and recreation centers remain open, access to internal networks is limited. Some digital services—including online payments—are still offline. No late fees will be charged until resolutions are in place.
- 911 and other urgent services are still operational, but as systems get rebooted or restored, expect temporary slowdowns or delays.
- Shared Infrastructure Vulnerability
Even if your systems haven't been attacked directly, St. Paul's networks intersect with many public‑facing tools that businesses rely on—e.g. data exchanges, payments, permitting portals, and emergency alerts. - Elevated Cyber Threat Reality
This attack wasn't accidental—it was intentional, criminal, and external. It shows that threat actors are targeting public entities with increasingly sophisticated capabilities. - Opportunity to Strengthen Your Security Posture
As municipal efforts progress—backed by state cyber forces—businesses should take a moment to assess and reinforce their own security. What policies and plans do you have in place?
Advice from Harper Lane: What Your Business Should Do Now
- Conduct a Rapid Cyber Check
- Review your access controls, backups, and incident response protocols.
- Ensure your employees have received phishing awareness training.
- Create or Update Incident Plans
- Confirm roles, communication plans, and response playbooks are in place.
- Designate internal and external contacts (e.g. IT vendors or legal counsel).
- Talk to Your Provider
- If your IT services sit on city‑hosted or regional networks, ask providers about:
- their incident response capability,
- backup strategies,
- perimeter segmentation,
- and how they're preparing for cascading events tied to public infrastructure.
- If your IT services sit on city‑hosted or regional networks, ask providers about:
-
Leverage Community Resources
- The City and State will be conducting public briefings and sharing situational updates—keep an eye on official channels to stay informed as systems come back online.
- Consider joining local business or cybersecurity forums to exchange threat insights.
Key Takeaways
Insight
Why It Matters
External actor, high complexity
This was no small breach—it overwhelmed city systems
National Guard involvement
Signals state-level commitment and a rare escalation.
Proactive angle for you
Use it as a wake-up call to shore up your risk posture.
As your partner in outsourced IT, we're standing by to help you assess vulnerabilities or simulate tabletop exercises tailored to your organization's size and resources. St. Paul's challenges are a reminder: cyber risk isn't abstract—it's local and real.
