Update to Program to Enhance Cybersecurity

Cyber Florida Announces Update to Program to Enhance Cybersecurity for Critical Infrastructure Organizations

The Critical Infrastructure Protection program assessment aligns with the recently released National Institute of Standards and Technology Cybersecurity Framework 2.0

June 6, 2024—Tampa, Fla—Cyber Florida, in partnership with Idaho National Laboratory (INL), has updated its Critical Infrastructure Protection (CIP) program to align with the recently released National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, widely used to reduce cybersecurity risk across public and private sectors and subsectors. Cyber Florida’s multi-assessment platform leverages the Department of Homeland Security’s Cyber Security Evaluation Tool’s (CSET®) containing both the NIST 2.0 CSF Standard Question Set and Ransomware Readiness Assessment modules. The tools and resources available through the CIP program are state-funded and provided at no charge for Florida’s private and public critical infrastructure organizations.

NIST CSF 2.0 is designed for all audiences, businesses, critical infrastructure (CI) sectors, and organizations, regardless of their degree of cybersecurity sophistication. NIST CSF 2.0 has added governance to the CSF’s core guidance to help organizations assess and achieve their cybersecurity goals.

“Since October 2022, more than 655 Florida organizations, companies, businesses, and government agencies have participated in the CIP program,” said Bryan Langley, Lead Program Manager at Cyber Florida. “We continue to support, develop and adopt greater cybersecurity measures and services to support the State of Florida’s public and private sector CI owners and operators.”

The State of Florida’s Legislature funded the risk assessment effort to support the state’s public and private sector entities with numerous, no-cost benefits for participating organizations, companies, and businesses. The assessment covers the NIST CSF 2.0 desired outcomes and provides several reports detailing an organization’s strengths and weaknesses to determine and leverage cyber risk reduction resources from Florida agencies, universities, and colleges. Measuring success comes from both the improvements made by the participants based on their individual reports and using the customized statewide dashboard (visualization tool) developed by INL to analyze CI sector/subsector risk across the state.

The CIP program is intended to assist small and medium-sized enterprises and resource-constrained county and municipal government entities in implementing basic cybersecurity protocols and policies to achieve a fundamental cybersecurity posture. This comprehensive initiative is designed to fortify the cybersecurity resilience of public and private critical infrastructure across the state.

In an era of increasing cyber threats and incidents, safeguarding critical infrastructure is paramount. The CIP program aims to empower organizations by providing high-quality cybersecurity resources, training, and support to defend against evolving cyber risks and recover from incidents. The resources available on the platform include the following:

  • A 20-question NIST CSF and DHS Ransomware Readiness Assessment (RRA) aligned entry-level assessment based on the most-reported cybersecurity gaps from the initial statewide risk assessment period between October 2022 and June 2023.
  • A Cybersecurity Incident Response Plan Template to help organizations think through and plan how to recover from a cyber incident.
  • A 154-question assessment that covers key cybersecurity desired outcomes and practices outlined in the NIST CSF 2.0 and the DHS RRA.

To learn more about the CIP program and how your organization can participate, please visit the program’s official webpage: https://cyberflorida.org/cip or contact the program lead, Bryan Langley at [email protected].

ABOUT CYBER FLORIDA
The Florida Center for Cybersecurity at the University of South Florida, commonly referred to as Cyber Florida at USF, was established by the Florida Legislature in 2014. Its mission is to position Florida as a national leader in cybersecurity through comprehensive education, cutting-edge research, and extensive outreach. Cyber Florida leads various initiatives aimed at inspiring and educating both current and future cybersecurity professionals, advancing industry research, and enhancing cybersecurity awareness and safety of individuals and organizations.