We just received yet another cybersecurity wake-up call, but the good news is that the state of Florida is up early, wide-awake and — if the state Legislature is able to respond as Gov. Ron DeSantis recommends — poised to actually get ahead of the game.
On the heels of Russia’s historic SolarWinds cyberattack — which compromised the information systems of over 18,000 organizations, including many in the Federal government and the Fortune 500 — our Nation just got another warning about the state of our cybersecurity … someone tried to breach the water treatment plant of Florida’s own city of Oldsmar and manipulate it with malign intent. Fortunately, they failed (at the end of the day, that attempt was relatively unsophisticated), but it underscores once again how dependent we’ve become on information technology to deliver public services … and how vulnerable we’ve become as a result.
So, like the movie Groundhog Day, we just got a cyber wake-up call … again. But I am pleased to report that the state of Florida heard and heeded those wake-up calls months ago, and the Governor’s recent budget submission proposes as much as $40M to shore up the state’s cybersecurity infrastructure. It is part of a broader legislative package submitted from a yearlong effort by Florida’s Cybersecurity Task Force, chaired by Lt. Gov. Jeanette Núñez, and the steps the Task Force has proposed are spot on.
The Florida Center for Cybersecurity (aka, Cyber Florida) had a chance to interact with the Task Force members throughout their work and after analyzing their recommendations, as well as the Governor’s budget, we would like to offer our voice in full support of these efforts. As the Center’s relatively new Executive Director, I come from the classified U.S. national security world, and I can tell you that the cyber threats upon which the Task Force’s recommendations are based are real, the steps that the state proposes to take are critical, and those steps are well worth the proposed funding.
Indeed, I would argue that the investments recommended by the Task Force and DeSantis — not just in technology, hardware and software, but also in policy, procedure, training and education, even personnel — are ‘table stakes’ for the state … the least we should do to deal with growing cyber threats. Even as the state struggles with the budget implications of COVID-19, and we acknowledge that the Florida Legislature certainly has some difficult choices to make this year, now is not the time to underinvest when it comes to funding cybersecurity, especially with respect to the effective operation of our state government institutions.
However, those investments should not stop there. As we saw with the attempted Oldsmar hack, our local governments are also in need of help. Just like the state, they are budget-strapped and resource-constrained, and even the smallest of them provide critical public services that simply cannot be interrupted. Even as the state’s cyber defenses are bolstered, local governments remain relatively ‘soft targets’ for cybercriminals looking to profit from them.
In that regard, last year the Florida Center for Cybersecurity supported a legislative proposal championed by the Florida League of Cities and the Florida Association of Counties that would have provided $5.0M in grants and other forms of assistance to help the state’s municipal governments better defend against cyberattack. Those funds would have been allocated through the Department of Management Services to the Florida Center for Cybersecurity, with the latter in turn awarding grants to cities and counties based on relative need and threat.
While that legislation was favorably reported out by both House and Senate appropriations committees at the end of last year’s legislative session, it did not become law. Because of the state’s current budget woes — as well as the need to prioritize the cybersecurity proposals in the Governor’s budget submission — I understand that the League and the Association have decided not to pursue the bill this session. However, I also understand that it is their intention to submit that legislation in Florida’s 2022 legislative session, and because neither the need nor the threat will be going away any time soon, I wholeheartedly support it.
If readers need any convincing of that threat, they need only look at the disconcerting incidence of ransomware attacks on Florida’s cities and counties or even more recently, the attempted Oldsmar hack. While the Governor and the Task Force’s proposals are an important first step, and they must become law as soon as possible, it is abundantly clear that our cities and counties will continue to need help. Along with the state, it is local government’s job to ensure the uninterrupted delivery of critical public services to Florida’s citizens, as well as to protect all of the confidential personally identifiable information with which they are entrusted.
That’s why we fully support the legislative recommendations (and fiscal investments) proposed by the Governor and state’s Cybersecurity Task Force.
It’s a beginning, and it’s time to get started.
HON Mike McConnell (VADM USN-retired) is the current Executive Director of the Florida Center for Cybersecurity. Appointed by George W. Bush as the Nation’s second Director of National Intelligence, he also served as Director of the National Security Agency and Vice-Chairman of a multibillion-dollar technology and consulting firm. A graduate of Furman University and the National War College, he also holds an honorary doctorate from USF.