The project list, which is based on recommendations from a Florida Cybersecurity Task Force report, is contingent on House Bill 1297 being passed by the state's Legislature, which would revise the duties and responsibilities of the FDS.
FDS, which was created last legislative session as a replacement for the Division of State Technology, is currently responsible for maintaining state data, setting up testing environments to test state software and facilitating data sharing between government agencies.
HB 1297 would require FDS to provide an updated statewide cybersecurity plan by Feb. 1 of each year and require all state IT employees to receive cybersecurity training that “develops, assesses and documents competencies by role and skill level,” according to the bill.
The cybersecurity plan would outline “security goals and objectives for cybersecurity, including the identification and mitigation of risk, proactive protections against threats, tactical risk detection, threat reporting and response and recovery protocols for a cyber incident.”
If the bill is passed, projects including creating a cybersecurity operations center, assessing the state’s current cybersecurity assets and developing security information and event management software could come to fruition.
“This effort started before I got here,” Rep. Mike Giallombardo, the primary sponsor of HB 1297, said. “James Grant, the CIO of Florida, initially spearheaded this effort.”
However, Giallombardo said, “as we continue to move forward and evolve, it’s more important than ever that we address the state’s cybersecurity needs.”
One of the main reasons is an increase in cybersecurity incidents affecting the state.
“We’ve recently seen several breaches and ransomware cases,” he said. “We want to address these issues and have input from experts to figure these things out.”
The bill would achieve this, he said, by creating a Florida Cybersecurity Advisory Council within the state’s Department of Management Services. It would also open up a line of communication between law enforcement, the council and the state’s chief information security officer’s office to address incidents.
“We are hoping that by working with law enforcement that they can assist us with cybersecurity investigations,” Giallombardo said. “Especially in a forensics capacity.”
Other projects within the House’s proposed budget includes three $2.4 million appropriations for .gov domain protection software; $2.25 million for endpoint protection software; $1.8 million for IT audit findings; $1.6 million for cybersecurity intelligence software and services; $1 million for auditing resources for agency inspectors general; $400,000 for governance repository software; and $320,000 for centralized service delivery tracking software.
