The House budget would pump millions into cybersecurity efforts at the Florida Digital Service and state agencies.
All told, the chamber’s proposed budget sets aside $31.6 million for a suite of projects, audits and software procurements that were recommended in a Florida Cybersecurity Task Force report delivered to the Legislature earlier this year.
FDS was created last Legislative Session as a replacement for the Division of State Technology. It’s charged with maintaining state data, setting up testing environments to demo state software before it’s rolled out, and facilitating data sharing between government agencies.
Chief Information Officer James Grant, the chief architect of the bill creating FDS, left the House to lead FDS last year.
The 2021 bill calls for FDS to analyze and remedy cybersecurity risks at state agencies and develop rules to mitigate cybersecurity risks and protect state data.
FDS would be directed to deliver an updated statewide cybersecurity plan by Feb. 1 each year that includes “security goals and objectives for cybersecurity, including the identification and mitigation of risk, proactive protections against threats, tactical risk detection, threat reporting, and response and recovery protocols for a cyber incident.”
The bill would also require all of the state’s IT employees to receive cybersecurity training that “develops, assesses, and documents competencies by role and skill level.” The House budget includes about $700,000 for such training.
The budget item lists 14 projects in all, with the top-4 projects accounting for more than half of the funding.
The biggest project on deck is a $4.8 million assessment and inventory of the state’s current cybersecurity assets. Following that is $4.3 million for security information and event management software, $4 million for vulnerability management and $3.2 million for a “Cybersecurity Operations Center.”
According to HB 1297, sponsored by Reps. Cord Byrd and Mike Giallombardo, the operations center would be “primarily virtual and staffed with tactical detection and incident response personnel.” It would also “serve as a clearinghouse for threat information and coordinate with the Department of Law Enforcement to support state agencies and their response to any confirmed or suspected cybersecurity incident.”
Further down the project list are three $2.4 million appropriations that would pay for .gov domain protection software, identity management software, and critical infrastructure hardening. Nearly as much ($2.25 million) would be set aside for endpoint protection software, which is focused on securing connections to user devices such as laptops, tablets and smartphones, among other things.
The back half of the list includes $1.8 million for IT audit findings, $1.6 million for cybersecurity intelligence software and services, $1 million for auditing resources for agency inspectors general, $400,000 for governance repository software and $320,000 for centralized service delivery tracking software.