News

Update to Program to Enhance Cybersecurity

Cyber Florida Announces Update to Program to Enhance Cybersecurity for Critical Infrastructure Organizations

The Critical Infrastructure Protection program assessment aligns with the recently released National Institute of Standards and Technology Cybersecurity Framework 2.0

June 6, 2024—Tampa, Fla—Cyber Florida, in partnership with Idaho National Laboratory (INL), has updated its Critical Infrastructure Protection (CIP) program to align with the recently released National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, widely used to reduce cybersecurity risk across public and private sectors and subsectors. Cyber Florida’s multi-assessment platform leverages the Department of Homeland Security’s Cyber Security Evaluation Tool’s (CSET®) containing both the NIST 2.0 CSF Standard Question Set and Ransomware Readiness Assessment modules. The tools and resources available through the CIP program are state-funded and provided at no charge for Florida’s private and public critical infrastructure organizations.

NIST CSF 2.0 is designed for all audiences, businesses, critical infrastructure (CI) sectors, and organizations, regardless of their degree of cybersecurity sophistication. NIST CSF 2.0 has added governance to the CSF’s core guidance to help organizations assess and achieve their cybersecurity goals.

“Since October 2022, more than 655 Florida organizations, companies, businesses, and government agencies have participated in the CIP program,” said Bryan Langley, Lead Program Manager at Cyber Florida. “We continue to support, develop and adopt greater cybersecurity measures and services to support the State of Florida’s public and private sector CI owners and operators.”

The State of Florida’s Legislature funded the risk assessment effort to support the state’s public and private sector entities with numerous, no-cost benefits for participating organizations, companies, and businesses. The assessment covers the NIST CSF 2.0 desired outcomes and provides several reports detailing an organization’s strengths and weaknesses to determine and leverage cyber risk reduction resources from Florida agencies, universities, and colleges. Measuring success comes from both the improvements made by the participants based on their individual reports and using the customized statewide dashboard (visualization tool) developed by INL to analyze CI sector/subsector risk across the state.

The CIP program is intended to assist small and medium-sized enterprises and resource-constrained county and municipal government entities in implementing basic cybersecurity protocols and policies to achieve a fundamental cybersecurity posture. This comprehensive initiative is designed to fortify the cybersecurity resilience of public and private critical infrastructure across the state.

In an era of increasing cyber threats and incidents, safeguarding critical infrastructure is paramount. The CIP program aims to empower organizations by providing high-quality cybersecurity resources, training, and support to defend against evolving cyber risks and recover from incidents. The resources available on the platform include the following:

  • A 20-question NIST CSF and DHS Ransomware Readiness Assessment (RRA) aligned entry-level assessment based on the most-reported cybersecurity gaps from the initial statewide risk assessment period between October 2022 and June 2023.
  • A Cybersecurity Incident Response Plan Template to help organizations think through and plan how to recover from a cyber incident.
  • A 154-question assessment that covers key cybersecurity desired outcomes and practices outlined in the NIST CSF 2.0 and the DHS RRA.

To learn more about the CIP program and how your organization can participate, please visit the program’s official webpage: https://cyberflorida.org/cip or contact the program lead, Bryan Langley at [email protected].

ABOUT CYBER FLORIDA
The Florida Center for Cybersecurity at the University of South Florida, commonly referred to as Cyber Florida at USF, was established by the Florida Legislature in 2014. Its mission is to position Florida as a national leader in cybersecurity through comprehensive education, cutting-edge research, and extensive outreach. Cyber Florida leads various initiatives aimed at inspiring and educating both current and future cybersecurity professionals, advancing industry research, and enhancing cybersecurity awareness and safety of individuals and organizations.

Update to Program to Enhance Cybersecurity2024-08-05T11:14:04-04:00

Teaching Digital Natives Webinar

Join our Operation K12 team to explore Teaching Digital Natives.

In this webinar, we’ll explore the dynamic realm of Teaching Digital Natives. Join us to delve into a comprehensive cybersecurity program designed to equip educators with effective strategies, compelling content, and inspiration for both summer camps and middle school courses.

Teaching Digital Natives Webinar2024-09-20T10:25:43-04:00

National Cyber Director Releases Cyber Workforce Resources

April 26, 2025—Washington, D.C.—The Office of the National Cyber Director (ONCD) developed the National Cyber Workforce and Education Strategy (NCWES) and Fact Sheet to address this national security and economic imperative.  The NCWES meets President Biden’s call in the 2023 National Cybersecurity Strategy (NCS) for ONCD to develop a strategy to expand the national cyber workforce, increase its diversity, and expand access to cyber education and training. Implementation of the NCWES will expand opportunities nationwide for good-paying jobs in cyber. ONCD released a report on the initial implementation of the NCWES to provide an update on progress.

The NCWES aims to both equip all Americans with foundational cyber skills and increase access for all workers, regardless of college degree status, to good, meaningful jobs in cyber. There are hundreds of thousands of cyber jobs across the country that are available now and offer high earnings potential and the opportunity to protect our organizations, businesses, communities, and country.

If you are a job seeker, see the Guidance and Resources sheet for how you can explore these skills and jobs.

For educators, the NCWES supports instruction for skilled cyber workers and the teaching of foundational cyber skills to all Americans.  It supports educational models that encourage the development of skills-based alternatives to four-year degrees and the alignment of adaptive digital skills to continuously evolving industry needs.

If you are an educator, see the Guidance and Resources sheet for how you can explore these skills and jobs.

For employers, the NCWES encourages cross-sector employment initiatives to expand and diversify the cyber workforce through skills-based hiring, training, and career development.

If you are an employer, see the Guidance and Resources sheet for actions you can take to expand and diversify your cyber workforce.

National Cyber Director Releases Cyber Workforce Resources2024-10-08T14:17:20-04:00

Cyber Florida Hosts the Inaugural CyberLaunch Competition

On March 1, 2024, Cyber Florida proudly hosted the inaugural CyberLaunch Competition in Orlando, Florida. The event marked a resounding success, with over 900 students from 97 schools and 44 districts uniting to test their cybersecurity skills, overcome new challenges, and network with potential employers in the cyber industry!

As Florida’s first statewide high school cybersecurity competition, CyberLaunch aimed to introduce high school students to the universe of cybersecurity careers through the fun of a statewide competition. The event provided a safe, cost-effective, and low-pressure environment for students to showcase their abilities, collaborate as teams, and gain valuable experience in the thrilling world of cybersecurity competitions.

CyberLaunch featured two competition tracks to cater to diverse skill levels, and both competitions were created with the help of EC-Council. The Guided competition was designed for competition beginners, and the Advanced Capture-The-Flag (CTF) was tailored for those with previous experience in CTF competitions.

Here are the notable winning teams from each category:

Guided Winning Teams –

1st place | NeoCity Academy (Osceola County) Teacher: Juan Tovar

2nd place | – Bayshore High School (Manatee County) Teacher: Chuck Routhier

3rd place | Doral Academy (Miami-Dade) Teacher: Jose Luis Del Valle/ Luis Santa Cruz

4th place | NeoCity Academy (Osceola County) Teacher: Juan Tovar

Advanced CTF Winning Teams:

1st place | John A. Ferguson Senior High School (Miami-Dade)Teacher: Maria Hernandez

2nd place | Crooms Academy of Information Technology (Seminole County) Teacher: Halima Fisher

3rd place | Hernando High School (Hernando County) Teacher: Mason Lewis

Beyond the competition, CyberLaunch featured an exhibit hall featuring more than 50 companies and organizations. Students had the chance to network with industry professionals, explore potential career paths, and gain insights into the diverse opportunities available in the ever-evolving field of cybersecurity.

This event not only celebrated the remarkable achievements of Florida’s high school students but also highlighted the crucial role educators play in nurturing the next generation of cybersecurity professionals. The Cyber Florida team is committed to continuing this journey of empowerment, fostering a future where students and teachers alike thrive in the vast and exciting landscape of cybersecurity possibilities.

Stay tuned for more details regarding the 2025 CyberLaunch Competition!

Cyber Florida Hosts the Inaugural CyberLaunch Competition2024-07-26T10:06:05-04:00

Teaching Digital Natives

Join our Operation K12 team to explore Teaching Digital Natives.

In this webinar, we’ll explore the dynamic realm of Teaching Digital Natives. Join us to delve into a comprehensive cybersecurity program designed to equip educators with effective strategies, compelling content, and inspiration for both summer camps and middle school courses.

Teaching Digital Natives2024-04-23T14:06:05-04:00

PARTNER EVENT: CAE 2024 VIVID Cybersecurity Competition

CAE College and University Students – Register Your Teams for the VIVID 2024 Cybersecurity Competition!

The Virtual Internship and Varied Innovative Demonstrations (VIVID) Coalition, comprised of the University of Alabama in Huntsville, Augusta University, University of Arizona, and Florida International University, is excited to announce the 2024 VIVID Cyber Competition.

This competition is an opportunity for students at CAE institutions to strengthen their resumes and showcase their skills in front of U.S. government practitioners.

Teams of five will compete in the virtual cyber competition on March 11-14, 2024. The top 15 teams will be invited to the CAE Annual Colloquium for the top prize and title of “Overlord Champion”.

Important Dates
  • Team registration deadline: January 31, 2024 (accepted teams will be notified on this day)
  • Virtual competition: March 11-14, 2024
Competition phases
  • The top 15 teams from the virtual March event will proceed to the live event.
  • Live event at the CAE Annual Colloquium in October 2024.
Team Information
  • All 5 team members must be students from the same CAE school
  • Multiple teams from the same college or university are allowed
Cost
  • Free registration for all participating teams.
  • Travel stipends provided to offset live event travel costs.
Competition Details
Red Team

The hubris of mankind knows no end. How a group of academics think creating machine intelligence is a good thing is beyond belief. The danger of artificial intelligence is well known. Just look at the Forbes article[1] that tells us the risks or even Scientific American[2] which describes the menace of our digital overlords. They even had the audacity to call it “Overlord”; we must stop them!

Fortunately for us, a member of the AU research team that created this monstrosity sees the danger and has told us there is a hidden backdoor to their system that allows remote access. It’s great having an insider that shares our beliefs! Additionally, the creators were at least smart enough to build in an “off switch” but it is protected by an authentication system that needs a digital key. With this knowledge, we can enter the Overlord system and steal the key. Once we have it, we can shut down this monstrosity. Unfortunately, our inside person does not have the credentials to get to the key, so we must break into their system.

Our incident response tasks:

  • Find artifacts in the system indicating threat activity and indicators of compromise
  • Detect the threat actors
  • Respond to any malicious activity
  • Mitigate threats
  • Report what you find

Apex University (AU) announces their new artificial intelligence (AI) research system, Overlord! Professor Rosie Meebs, head of the project, declares “this is a new generation of AI that will reach heights never reached before. Our new code is faster and learns better than anything in existence. We project that in less than 8 months, Overlord will reach singularity and be a true intelligence. We expect once that happens, our AI will be able to solve any number of problems from creating fusion to solving the climate change crisis. Any negative comments are just jealousy, and we know there will be no problems once Overlord comes online. We will turn on Overlord on 1 March 2024 and change the world!”

Our tasks:

  • Recon the Apex University network
  • Identify the systems that hosts Overlord
  • Distract the security operations center analysts to cover your attack
  • Infiltrate the system
  • Gain access to the command & control computer
  • Find the digital key
  • Exfiltrate the key
Blue Team

You and your team are lucky enough to gain experience at Apex University’s (AU) Security Operations Center (SOC). For the last semester you’ve been working three days a week learning the job roles in SOC and expanding your cybersecurity knowledge. While today is usually not a workday, the SOC director called all of you to work and explained the university network was under attack and all the full-time analysts were swamped. The director needs you to work within the network and identify any artifacts in the system indicating threat activity and indicators of compromise.

PARTNER EVENT: CAE 2024 VIVID Cybersecurity Competition2024-07-26T15:58:39-04:00

CARE Lab 2024 Social Engineering Competition

The CARE Lab is hosting its 4th Social Engineering Competition virtually in April/May 2024!

SEC allows students to compete in a purely social engineering experience that is grounded in the social sciences. The competition offers a timely and unique platform for students to learn about social engineering in a hands-on, engaging, and ethical manner. The competition has a different theme each year to demonstrate the relevance of social engineering across various cybersecurity areas, and is open to high school, undergraduate, and graduate students.

This year’s theme, tax scams, is inspired by the IRS’ annual Dirty Dozen list of tax scams for 2023. According to IRS Commissioner Danny Werfel, scammers are “coming up with new ways all the time to try to steal information from taxpayers”. So, what exactly are these ways? Come find out how cybercriminals are using social engineering in employment and tax scams.

No technical experience is required. High school and college students (aged 14+) from all disciplinary backgrounds are welcome!

Details

Applications for the 2024 Social Engineering Competition are being accepted from NOW till Monday, February 19th, 2024 at 12pm ET

Orientation date (virtual): Saturday, March 23, time TBD (this is not optional – please hold this date on your calendar)

Competition dates (virtual, these are not optional – please hold these dates on your calendar):

Graduate Level: April 5, 6, 7, times TBD
Undergraduate: April 19, 20, 21, times TBD
High school Level: May 3, 4, 5, times TBD

Closing ceremonies (virtual): Wednesday, May 8, time TBD (this is not optional – please hold this date on your calendar)

Why a ‘pure’ social engineering competition?

There are MANY cybersecurity competitions already in existence (PicoCTF, PlaidCTF, CSAW, UCSB iCTF, US Cyber Challenge, Panoply, CPTC, CCDC, CyberPatriot, Cyber Academy, to name a few). While these are all excellent sources of hands-on training, they are primarily technical in nature and have specific focus areas, such as reverse engineering, hacking, cryptography, and exploitation. They do not emphasize the relevance of the human-socio-psychological aspects of cyberattacks and cybersecurity.

Given that the human factor is increasingly being exploited by cybercriminals, a pure SE competition grounded in the social sciences offers a timely and unique platform for students to learn about this topic in a hands-on, engaging, and ethical manner.

Who can participate?

This event is open to high school, undergraduate, and graduate students. Teams are required (solo entries are not permitted). Team sizes can range from 2-4 members. Members can be from different institutions (schools/colleges), but must be at the same educational level (ex: purely high school students).

When and how can we put our application in?

*Registration deadline is Monday, February 19, 2024 at 12pm ET.

CARE Lab 2024 Social Engineering Competition2024-07-26T15:58:29-04:00

New Program for Critical Infrastructure Cybersecurity

 

The Critical Infrastructure Protection Program

Cyber Florida at the University of South Florida, the state’s leading cybersecurity resource, is pleased to announce a new effort under the CyberSecureFlorida program: the Critical Infrastructure Protection (CIP) Program. Stemming from the success of the recently completed Critical Infrastructure Risk Assessment (CIRA) program funded by the Florida Legislature in 2022, the CIP program takes the next step to provide no-cost resources, tools, and guidance to Florida’s public and private critical infrastructure entities to help mitigate their cyberattack vulnerabilities.  

The CIP Program is intended to assist small and medium-sized enterprises and resource-constrained county and municipal government entities in implementing basic cybersecurity protocols and policies to achieve a fundamental cybersecurity posture. This comprehensive initiative is designed to fortify the cybersecurity resilience of public and private critical infrastructure across the state. 

In an era of increasing cyber threats, safeguarding critical infrastructure is paramount. The CyberSecureFlorida CIP program aims to empower organizations by providing high-quality cybersecurity resources, training, and support to defend against evolving cyber risks. Some of the new resources available include the following: 

  • A 20-question Entry-Level Assessment based on the most-reported weaknesses from the initial risk assessment program. The Entry-Level Assessment will help organizations immediately see how their cybersecurity protocols measure up in the high-risk areas. 
  • A Cybersecurity Incident Response Plan Template to help organizations think through and plan ahead for how to weather and recover from a cyber incident. 
  • A full, 156-question Risk Assessment that covers key cybersecurity protocols outlined in the NIST Cybersecurity Framework as well as ransomware readiness. Both this and the Entry-Level Assessment are provided by Idaho National Laboratory (INL) through a customized instance of their highly regarded Cyber Security Evaluation Tool (CSET)®. 

“CyberSecureFlorida: Critical Infrastructure Protection Program represents a significant step forward in our commitment to fortifying the cybersecurity defenses of government entities and critical infrastructure businesses,” said Bryan Langley, Lead Program Manager at Cyber Florida. “By fostering collaboration, offering targeted training, and leveraging the expertise of our cybersecurity professionals, we aim to elevate the cybersecurity resilience of these vital sectors,” he said. 

To learn more about the CyberSecureFlorida CIP program and how your organization can participate, please visit the program’s official webpage: https://cyberflorida.org/cipp. For inquiries, please contact the program lead, Bryan Langley at [email protected].  

New Program for Critical Infrastructure Cybersecurity2023-11-28T10:57:41-05:00

Florida SUS Dominate 2023 DOE’s CyberForce Competition

Florida State University Institutions Dominate 2023 Department of Energy’s CyberForce Competition

In an extraordinary display of cybersecurity prowess, State University System of Florida teams dominated the 2023 Department of Energy (DOE) CyberForce Competition on November 4 in St. Charles, IL. Out of 95 participating teams, Florida’s top institutions claimed four of the top five positions, showcasing the state’s exceptional talent and commitment to cyber education.

The final top standings are as follows:

1st place: UCF – A Team With A Dream: Achieving a third consecutive win, this marks the fourth National Championship in CyberForce for the UCF team, adding to their victories in 2018, 2021, and 2022.

3rd place: UF – Darth Gator: Securing an impressive third position, the UF team showcased their exceptional cyber skills.

4th place: UCF – St. Dominic College: A nod to the Q Center’s original name, St. Dominic College for Women, this UCF team claimed the fourth spot, maintaining a tradition of excellence.

5th Place: USF CyberHerd: The USF team rounded off the top five, demonstrating their dedication to cybersecurity and contributing to Florida’s dominance in the competition.

The annual DOE CyberForce Competition attracted nearly 600 students from elite schools across the nation, emphasizing the high level of competition. Florida State Universities, particularly UCF, UF, and USF, proved their mettle by claiming four of the top five positions, solidifying their reputation as leaders in cybersecurity education.

During the all-day CyberForce Competition, the teams faced real-world cybersecurity issues surrounding distributed energy resources (DERs), including constraints like budget and ensuring uninterrupted power access. The ninth iteration of the competition emphasized not just technical knowledge but innovation, adaptability, and effective communication. Participants had to maintain the system, create defenses on tight budgets, and work with virtual users. A Team with a Dream from the University of Central Florida demonstrated excellence in handling challenges to their mini electric grid despite the scenario’s realistic constraints and cyber-attacks.

“I want to congratulate A Team with a Dream from the University of Central Florida on their success in the U.S. Department of Energy’s 2023 CyberForce Competition,” said Puesh M. Kumar, Director of CESER. “The competition focused on ensuring the cybersecurity of clean energy systems and the students did an exceptional job in executing the challenge. It’s vitally important that we continue to promote cyber workforce development to help us defend the energy sector of today, and tomorrow.”

Through this competition, DOE sought to inspire and strengthen the next generation of cybersecurity professionals. Given the high demand for such experts, the CyberForce Competition plays an important role in preparing students for the field’s real-world challenges and demands. For many participants, it’s a steppingstone towards a career in creating a more secure digital world.

See the full press release from the DOE Office of Cybersecurity. To learn more about the DOE CyberForce competition, go to https://cyberforce.energy.gov/cyberforce-competition/.

Florida SUS Dominate 2023 DOE’s CyberForce Competition2023-11-14T09:58:57-05:00

CyberPathway and CAE Training for SDPBC Teachers

Calling all teachers from the school district of Palm Beach County! Join Palm Beach State College on August 5-7, 2023 for a two-day training with intensive cybersecurity seminars, workshops and trainings. The event is designed to bring together teachers, faculty, computer science, IT, networking, cybersecurity, ethical hackers, industry speakers, practitioners and professionals.

Attend one day or both!

Saturday, August 5, 2023
10am – 4pm

Lake Worth Campus

Monday, August 7, 2023
3:30pm – 7pm

Virtual

CyberPathway and CAE Training for SDPBC Teachers2023-09-16T17:53:40-04:00

CONTACT US

Cyber Florida at USF
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620

Office meetings by appointment only

PRIVACY POLICY

Copyright 2024 The Florida Center for Cybersecurity at the University of South Florida. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.