Florida to invest $37M in cybersecurity

By John Haughey
The Center Square
June 9, 2021

Ransomware attacks against municipalities, government agencies and utilities are a mushrooming concern with Florida institutions and individuals experiencing more than their share of criminal and nuisance cyber intrusions.

In February, a hacker remotely accessed a computer for the city of Oldsmar’s water treatment system and briefly increased the amount of sodium hydroxide, or lye, by a factor of more than 100. A supervisor saw the change and reverted it, avoiding catastrophe.

At least four Florida cities, a sheriff’s department and police department suffered ransomware attacks in 2019 alone. In addition, that same year the St. Lucie County Sheriff’s Office lost evidence following a ransomware infection and the State Attorney’s Office dropped 11 narcotic cases after evidence was lost in a ransomware attack against the Stuart Police Department.

In October, the state’s Department of Business and Professional Regulation (DBPR) was victimized by “malicious activity” that hampered its operations for weeks.

A class-action lawsuit lodged June 30 seeks $99 million in damages against a Tampa-based Florida Orthopaedic Institute healthcare for alleged negligence in a ransomware breach of 100,000 to 150,000 current and former patients exposed in an April ransomware attack.

These quick-hit examples don’t include last month’s ransomware shutdown of the Colonial Pipeline or revelations that Russian GRU military intelligence hackers planted malware into voter registration systems in at least two Florida counties – St. Lucie and Washington – prior to the November 2016 election.

Therefore, it’s no surprise that the $100 billion Fiscal Year 2022 budget signed by Gov. Ron DeSantis on Wednesday includes $37.5 million to dramatically boost the state’s cybersecurity systems.

According to the Governor’s Office, the money will be allocated to state agencies to enhance cybersecurity and protect Floridians from “cyber threats that can compromise critical state resources and sensitive information.”

More than $30 million of the overall $37.5 million cybersecurity allocation will implement the initiatives recommended by the Florida Cybersecurity Taskforce, including the establishment of the Florida Digital Service within the Department of Management Services (DMS) to address cyber threats and increase cybersecurity training and resources at state agencies.

Florida Chief Information Officer James Grant, a former state representative appointed in 2020 by DeSantis to direct the DMS, in a Wednesday statement praised the governor and lawmakers for “prioritizing key investments” to protect critical Florida digital infrastructure against cyber threats.

“Gov. DeSantis remains focused on creating a solid foundation of cybersecurity to help combat evolving threats against Florida’s digital infrastructure,” Grant said, praising Lt. Governor Jeanette Nuñez and the Florida Cybersecurity Task Force for offering “first-of-its-kind investments in cybersecurity will help protect critical state resources and sensitive information.”

During the legislative session, lawmakers unanimously passed House Bill 1297, The Information Technology (IT) Security Act, that enacts recommendations from the Florida Cybersecurity Task Force.

The 15-member task force convened in October to provide ways to improve the state’s cybersecurity infrastructure, governance and operations.

Its report outlining recommendations for technologies, processes and personnel needed to protect Floridians’ data was submitted to DeSantis and lawmakers in February.

Under HB 1297, the newly created Florida Digital Service, housed with the DMS, will analyze and remedy cybersecurity risks at state agencies, upgrade IT resources to align with federal guidelines and increase training for state agency IT professionals.

The new law also creates the Florida Cybersecurity Advisory Council within DMS and would fund 15 full-time cybersecurity positions.