Strengthening Florida’s Cybersecurity with the Cyber Risk Assessment
Cybersecurity has become a critical priority for organizations across public and private sectors. Recognizing this need, Cyber Florida has developed the Florida Cyber Risk Assessment (FCRA), a no-cost, confidential cybersecurity risk assessment aligned with NIST Cybersecurity Framework (CSF) 2.0. The FCRA is designed to assist critical infrastructure (CI) organizations in identifying and mitigating cybersecurity risks, complying with best practices outlined in the Florida Cyber Act (Statute 282.318), and building resilience against cyber threats.
What is the Florida Cyber Risk Assessment?
The FCRA is a Florida-specific adaptation of the Cyber Security Evaluation Tool (CSET®) developed by Idaho National Lab. It incorporates 106 NIST CSF questions and 48 Ransomware Readiness Assessment (RRA) questions, providing a structured approach for organizations to strengthen their cybersecurity frameworks. Participants can generate customized reports to enhance their cyber defense strategies and align with legal and regulatory requirements.
Addressing Gaps in Florida’s Critical Infrastructure Sectors
Recent FCRA assessments have revealed significant cybersecurity gaps within Florida’s CI sectors:
- Lack of Response and Recovery Plans: 50% of CI providers lack robust response and recovery plans.
- Weak Authentication Practices: Half of CI organizations do not use Multi-Factor Authentication (MFA).
- Inconsistent Partner Audits: While 39% conduct response planning with third-party providers, only 48% regularly audit these partners’ cybersecurity practices.
- Limited Training Programs: 49% lack formal cybersecurity training programs beyond basic awareness.
- Unclear Management Responsibilities: Nearly half of providers do not have assigned cyber-management responsibilities, with 49% lacking a Chief Information Security Officer (CISO).
- Infrequent Incident Response Exercises: Only 48% of organizations conduct biannual incident response tabletop exercises.
- Undefined Risk Tolerance: Just 53% of CI providers have clearly defined their risk tolerance, highlighting a critical gap in risk management strategies.
Enhancements and Tools to Support Cybersecurity
To address these challenges, Cyber Florida has implemented or is developing several tools and initiatives:
- Entry and Mid-Level Assessments:
- A 20-question entry-level assessment evaluates organizations’ protections based on the top 20 areas of concern.
- A 38-question mid-level assessment measures cybersecurity maturity against CISA Cybersecurity Performance Goals (CPGs).
- Maturity Modeling: A maturity index based on the Multi-State Information Sharing and Analysis Center (MS-ISAC) template helps organizations benchmark their cybersecurity practices.
- AI-Driven Resource Mapping Tool: In development, this innovative tool generates summaries from NIST 800-53 for all 106 CSF questions. Users will be able to efficiently create comprehensive cyber plans, including governance, incident response, and recovery plans.
- Workshops: A series of cybersecurity presentations aimed at raising awareness and educating CI organizations in both the public and private sectors.
New Tools and 2025 Initiatives
Cyber Florida continues to innovate and expand its efforts to enhance cybersecurity across the state. Notable initiatives include:
- Florida CI Mapping Pilot Project (Cyber-Bulls-I): A first-in-the-nation resource to help CI sectors address cyber risks, meet legal requirements, and build future compliance capacity. This tool provides risk reduction resources tailored to Florida’s sectors, risks, needs, and vulnerabilities.
- Enterprise Data Management Platform: A forthcoming platform designed to identify grant, research and development, and policy opportunities for Florida’s CI sectors.
- Visualization and Dashboard Tools: New tools for state leadership to monitor and address cybersecurity challenges effectively.
- Workforce Development Initiatives: These include a new mapping tool to support small business and defense industry growth.
The Path Forward
With its comprehensive approach and cutting-edge tools, the Florida Cyber Risk Assessment is paving the way for a stronger cybersecurity posture across Florida’s critical infrastructure sectors. Organizations adopting the FCRA’s recommendations and utilizing its resources will be better equipped to protect themselves against evolving cyber threats and ensure compliance with industry standards and legal mandates.
Cyber Florida remains committed to fostering a secure, resilient, and innovative cyber environment for Florida. For more information or to participate in the FCRA, visit https://cyberflorida.org/cip/ today.