Florida officials are poised to spend $37 million on cybersecurity in the upcoming fiscal year, including on new investments in hardening industrial control defenses, identity management, migrations of government websites to the .gov domain and the creation of a new cybersecurity operations center.
The budget Gov. Ron DeSantis signed this week largely follows the recommendations of a 15-member task force that filed its final report in January. Among the suggestions by the group, which was led by Lt. Gov. Jeannette Nunez, was an increase in the number of full-time cybersecurity professionals in the Florida Digital Service, the state’s year-old IT agency. Florida lawmakers passed legislation earlier this year unanimously endorsing the recommendations of the task force, which included representatives of law enforcement, academia and the state’s tourism industry.
Florida, like all states, has endured its share of cybersecurity incidents, including ransomware and denial-of-service attacks against public schools, to the February breach of a water-treatment plant in the Gulf Coast town of Oldsmar that temporarily changed the facility’s sodium-hydroxide setting to a potentially dangerous level.
The Florida Digital Service will receive funding to increase its full-time cybersecurity staff to 15, according to the budget. Meanwhile, about $31 million will be used to implement the task force’s suggestions. The single-biggest expenditure is $4.3 million for security event-management software and services, followed by $4 million for vulnerability management and $3.2 million for a statewide inventory of cybersecurity assets.
Lawmakers also appropriated $3.2 million for a new cybersecurity operations center. According to Florida House Bill 1297, which approved the task force’s recommendations, the new center will be a largely virtual “clearinghouse” which will coordinate with the Florida Department of Law Enforcement on responses to cybersecurity incidents that affect state agencies. The operations center is to be led by the state’s chief information security officer, a position that’s been vacant since last December when then-CISO Thomas Vaughn quit state government to take a similar role with the City of Tallahassee.
The budget also includes smaller expenditures for endpoint protection software, industrial control systems defenses and cybersecurity training resources.
In a press release, Florida Chief Information Officer James Grant said the budget makes “first-of-its-kind investments” for the state government’s cybersecurity operations.
Aside from the new programs recommended by Nunez’s task force, Florida’s budget for the 2021-22 fiscal year also lays out nearly $6.5 million for the Florida Center for Cybersecurity, a research group at the University of South Florida.