News

CARE Lab 2024 Social Engineering Competition

The CARE Lab is hosting its 4th Social Engineering Competition virtually in April/May 2024!

SEC allows students to compete in a purely social engineering experience that is grounded in the social sciences. The competition offers a timely and unique platform for students to learn about social engineering in a hands-on, engaging, and ethical manner. The competition has a different theme each year to demonstrate the relevance of social engineering across various cybersecurity areas, and is open to high school, undergraduate, and graduate students.

This year’s theme, tax scams, is inspired by the IRS’ annual Dirty Dozen list of tax scams for 2023. According to IRS Commissioner Danny Werfel, scammers are “coming up with new ways all the time to try to steal information from taxpayers”. So, what exactly are these ways? Come find out how cybercriminals are using social engineering in employment and tax scams.

No technical experience is required. High school and college students (aged 14+) from all disciplinary backgrounds are welcome!

Details

Applications for the 2024 Social Engineering Competition are being accepted from NOW till Monday, February 19th, 2024 at 12pm ET

Orientation date (virtual): Saturday, March 23, time TBD (this is not optional – please hold this date on your calendar)

Competition dates (virtual, these are not optional – please hold these dates on your calendar):

Graduate Level: April 5, 6, 7, times TBD
Undergraduate: April 19, 20, 21, times TBD
High school Level: May 3, 4, 5, times TBD

Closing ceremonies (virtual): Wednesday, May 8, time TBD (this is not optional – please hold this date on your calendar)

Why a ‘pure’ social engineering competition?

There are MANY cybersecurity competitions already in existence (PicoCTF, PlaidCTF, CSAW, UCSB iCTF, US Cyber Challenge, Panoply, CPTC, CCDC, CyberPatriot, Cyber Academy, to name a few). While these are all excellent sources of hands-on training, they are primarily technical in nature and have specific focus areas, such as reverse engineering, hacking, cryptography, and exploitation. They do not emphasize the relevance of the human-socio-psychological aspects of cyberattacks and cybersecurity.

Given that the human factor is increasingly being exploited by cybercriminals, a pure SE competition grounded in the social sciences offers a timely and unique platform for students to learn about this topic in a hands-on, engaging, and ethical manner.

Who can participate?

This event is open to high school, undergraduate, and graduate students. Teams are required (solo entries are not permitted). Team sizes can range from 2-4 members. Members can be from different institutions (schools/colleges), but must be at the same educational level (ex: purely high school students).

When and how can we put our application in?

*Registration deadline is Monday, February 19, 2024 at 12pm ET.

CARE Lab 2024 Social Engineering Competition2024-07-26T15:58:29-04:00

New Program for Critical Infrastructure Cybersecurity

 

The Critical Infrastructure Protection Program

Cyber Florida at the University of South Florida, the state's leading cybersecurity resource, is pleased to announce a new effort under the CyberSecureFlorida program: the Critical Infrastructure Protection (CIP) Program. Stemming from the success of the recently completed Critical Infrastructure Risk Assessment (CIRA) program funded by the Florida Legislature in 2022, the CIP program takes the next step to provide no-cost resources, tools, and guidance to Florida's public and private critical infrastructure entities to help mitigate their cyberattack vulnerabilities.  

The CIP Program is intended to assist small and medium-sized enterprises and resource-constrained county and municipal government entities in implementing basic cybersecurity protocols and policies to achieve a fundamental cybersecurity posture. This comprehensive initiative is designed to fortify the cybersecurity resilience of public and private critical infrastructure across the state. 

In an era of increasing cyber threats, safeguarding critical infrastructure is paramount. The CyberSecureFlorida CIP program aims to empower organizations by providing high-quality cybersecurity resources, training, and support to defend against evolving cyber risks. Some of the new resources available include the following: 

  • A 20-question Entry-Level Assessment based on the most-reported weaknesses from the initial risk assessment program. The Entry-Level Assessment will help organizations immediately see how their cybersecurity protocols measure up in the high-risk areas. 
  • A Cybersecurity Incident Response Plan Template to help organizations think through and plan ahead for how to weather and recover from a cyber incident. 
  • A full, 156-question Risk Assessment that covers key cybersecurity protocols outlined in the NIST Cybersecurity Framework as well as ransomware readiness. Both this and the Entry-Level Assessment are provided by Idaho National Laboratory (INL) through a customized instance of their highly regarded Cyber Security Evaluation Tool (CSET)®. 

"CyberSecureFlorida: Critical Infrastructure Protection Program represents a significant step forward in our commitment to fortifying the cybersecurity defenses of government entities and critical infrastructure businesses," said Bryan Langley, Lead Program Manager at Cyber Florida. "By fostering collaboration, offering targeted training, and leveraging the expertise of our cybersecurity professionals, we aim to elevate the cybersecurity resilience of these vital sectors," he said. 

To learn more about the CyberSecureFlorida CIP program and how your organization can participate, please visit the program's official webpage: https://cyberflorida.org/cipp. For inquiries, please contact the program lead, Bryan Langley at bjlangley@cyberflorida.org.  

New Program for Critical Infrastructure Cybersecurity2023-11-28T10:57:41-05:00

Florida SUS Dominate 2023 DOE’s CyberForce Competition

Florida State University Institutions Dominate 2023 Department of Energy’s CyberForce Competition

In an extraordinary display of cybersecurity prowess, State University System of Florida teams dominated the 2023 Department of Energy (DOE) CyberForce Competition on November 4 in St. Charles, IL. Out of 95 participating teams, Florida’s top institutions claimed four of the top five positions, showcasing the state’s exceptional talent and commitment to cyber education.

The final top standings are as follows:

1st place: UCF – A Team With A Dream: Achieving a third consecutive win, this marks the fourth National Championship in CyberForce for the UCF team, adding to their victories in 2018, 2021, and 2022.

3rd place: UF – Darth Gator: Securing an impressive third position, the UF team showcased their exceptional cyber skills.

4th place: UCF – St. Dominic College: A nod to the Q Center’s original name, St. Dominic College for Women, this UCF team claimed the fourth spot, maintaining a tradition of excellence.

5th Place: USF CyberHerd: The USF team rounded off the top five, demonstrating their dedication to cybersecurity and contributing to Florida’s dominance in the competition.

The annual DOE CyberForce Competition attracted nearly 600 students from elite schools across the nation, emphasizing the high level of competition. Florida State Universities, particularly UCF, UF, and USF, proved their mettle by claiming four of the top five positions, solidifying their reputation as leaders in cybersecurity education.

During the all-day CyberForce Competition, the teams faced real-world cybersecurity issues surrounding distributed energy resources (DERs), including constraints like budget and ensuring uninterrupted power access. The ninth iteration of the competition emphasized not just technical knowledge but innovation, adaptability, and effective communication. Participants had to maintain the system, create defenses on tight budgets, and work with virtual users. A Team with a Dream from the University of Central Florida demonstrated excellence in handling challenges to their mini electric grid despite the scenario’s realistic constraints and cyber-attacks.

“I want to congratulate A Team with a Dream from the University of Central Florida on their success in the U.S. Department of Energy’s 2023 CyberForce Competition,” said Puesh M. Kumar, Director of CESER. “The competition focused on ensuring the cybersecurity of clean energy systems and the students did an exceptional job in executing the challenge. It’s vitally important that we continue to promote cyber workforce development to help us defend the energy sector of today, and tomorrow.”

Through this competition, DOE sought to inspire and strengthen the next generation of cybersecurity professionals. Given the high demand for such experts, the CyberForce Competition plays an important role in preparing students for the field’s real-world challenges and demands. For many participants, it’s a steppingstone towards a career in creating a more secure digital world.

See the full press release from the DOE Office of Cybersecurity. To learn more about the DOE CyberForce competition, go to https://cyberforce.energy.gov/cyberforce-competition/.

Florida SUS Dominate 2023 DOE’s CyberForce Competition2023-11-14T09:58:57-05:00

CyberPathway and CAE Training for SDPBC Teachers

Calling all teachers from the school district of Palm Beach County! Join Palm Beach State College on August 5-7, 2023 for a two-day training with intensive cybersecurity seminars, workshops and trainings. The event is designed to bring together teachers, faculty, computer science, IT, networking, cybersecurity, ethical hackers, industry speakers, practitioners and professionals.

Attend one day or both!

Saturday, August 5, 2023
10am – 4pm

Lake Worth Campus

Monday, August 7, 2023
3:30pm – 7pm

Virtual

CyberPathway and CAE Training for SDPBC Teachers2023-09-16T17:53:40-04:00

HCC 2023 Cybersecurity Summer Camp

In collaboration with Florida Department of Education, the Florida Center for Cybersecurity (Cyber Florida), and the University of South Florida, Hillsborough Community College is running their first ever FREE Cybersecurity Summer Camp! This camp is being offered to all Hillsborough County High School students in grades 9th – 12th. Come join us for a summer of fun and learning!

Have fun and learn all about cybersecurity from the faculty and staff of HCC’s Computer Science Department. No previous knowledge is required, just come with a passion for learning and an interest in meeting and collaborating with like-minded peers. This camp will focus on topics such digital footprint and open-source intelligence, networking, digital forensics, and more.

Students who attend all scheduled meetings will take home their very own Raspberry Pi 4!

HCC 2023 Cybersecurity Summer Camp2023-09-16T16:55:46-04:00

Cyber Florida Announces Start-Up Seed Fund Pilot Program

Cyber Florida today announced the Seed Fund Pilot Program launch, a new initiative to support Florida-based researchers and emerging entrepreneurs in commercializing their cybersecurity technical innovations, launching new businesses, and helping secure critical infrastructure.

Modeled after the federal Small Business Administration’s (SBA) Small Business Innovative Research (SBIR)/Small Business Technology Transfer Program (STTR) Phase I programs, the Seed Fund Pilot is intended to complement and amplify other statewide efforts to encourage innovation, such as the Florida High-Tech Corridor, I-Corps, and incubators and accelerators around the state, by filling in the missing pieces of seed funding and mentoring for commercialization.

The effort will focus on mentoring new entrepreneurs to help them establish businesses centered on cybersecurity technical solutions and services. The program will advance Cyber Florida’s legislative mission by facilitating research sharing between businesses and universities, attracting cybersecurity companies to Florida, and helping innovative cybersecurity businesses to emerge in Florida.

During the inaugural year, Cyber Florida will evaluate applications and grant approximately $240,000 in total seed funding to be distributed among four emerging companies that are registered and operating in Florida. Like SBIR programs, Cyber Florida will take no equity or realize any return from these investments. To learn more about this new program and download the application packet, please visit https://cyberflorida.org/seedfund.

Cyber Florida Announces Start-Up Seed Fund Pilot Program2024-07-26T15:54:50-04:00

Developing Cybersecurity Curriculum with Cyber Threat Intelligence and Honeypot Platform

Join UNF on June 26, 2023 for a workshop on cybersecurity curriculum development!

With the rapid development of attackers’ Techniques, Tactics, and Procedures (TTP), it is necessary for cybersecurity analysts to develop cyber defense knowledge to protect cyber assets. The field of cyber threat intelligence provides a broad range of techniques for collecting useful information to analyze the attacker’s TTP. In this workshop hosted by the University of North Florida, instructors will discuss the development of a Cyber Threat Intelligence course. Moreover, they will discuss how the deployment of a Honeypot server can be used to improve students’ understanding of cyberattacks. Finally, they will discuss issues and considerations related to the development of cybersecurity curricula.

This workshop is open to all – click the link below to register!

Developing Cybersecurity Curriculum with Cyber Threat Intelligence and Honeypot Platform2023-07-31T13:16:55-04:00

Tampa Bay Safety Summit

Port Tampa Bay and Tampa International Airport are proud to announce the 8th Annual Tampa Bay Safety Summit!

The 2023 Tampa Bay Safety Summit will include a vast range of local, state and federal representatives, as well as a variety of industry experts to engage you with presentations and panel discussions relating to safety, security and operational readiness, in an open forum setting.

This year’s keynote speaker will be General Kenneth F. “Frank” McKenzie, USMC, Retired. General McKenzie is the former Commander, United States Central Command (CENTCOM). His distinguished and highly decorated military career includes over 42 years of honorable service to our country. Today, General McKenzie serves as the Executive Director of Cyber Florida as well as USF’s Global and National Security Institute.

Additionally, Cyber Florida’s Emilio F. Salabarria will be presenting on the Critical Infrastructure Risk Assessment. If you want to learn more about this initiative and how your organization can help protect Florida, register now and ask your questions live!

Featured Speakers

  • General Kenneth F. “Frank” McKenzie, USMC, Retired – Executive Director USF Global and National Security Insitute & Executive Director Florida Center for Cybersecurity, aka Cyber Florida
  • Emilio F. Salabarria, Deputy Senior Executive Advisor, Cyber Florida
  • Paul Anderson, President and CEO, Port Tampa Bay
  • Dr. Yu Yu Zhang, Department of Civil and Environmental Engineering at University of South Florida (USF)
  • And more!

Agenda

  • Session 1 – Port Resiliencey (Maritime and Aviation)
  • Session 2 – Drones & Advanced Air Mobility
  • Session 3 – Current Challenges for CBP in the Maritime & Aviation Environment
  • Session 4 – Statewide Critical Infrastructure Risk Assessment

Event Details

  • When – Tuesday, June 06, 2023
    • Sign-in and Continental Breakfast starts at 7:45 AM
  • Where – Tampa International Airport, Main Terminal Event Space
    • Parking available in the Economy Parking Lot
    • Take SkyConnect Train to Main Terminal. Access station from elevators located on Level 1 of the garage
    • Event Space is located in between Airsides E & F on Level 3
    • Parking validation will be provided at sign-in
Tampa Bay Safety Summit2023-07-31T13:20:54-04:00

The Ferré Institute CLASS: A Conversation about Cybersecurity Culture

Join us on June 8, 2023 for a conversation on promoting Cybersecurity Culture in your organization.

The Ferré Institute’s Civic Leadership and Service Series (CLASS) offers engaging discussions with public service leaders in the areas of civic engagement and leadership, community infrastructure, and social justice.

Co-Sponsored by: FIU Jorge M. Pérez

Metropolitan Center Partners:

  • Jack D. Gordon Institute for Public Policy
  • Department of Public Policy and Administration
  • The Children’s Trust of Miami-Dade County
  • Broward County Children’s Services Council American Society for Public Administration – South Florida Chapter
The Ferré Institute CLASS: A Conversation about Cybersecurity Culture2023-07-31T13:16:55-04:00

Four States Passed Nearly Half of All New Cyber Laws in 2022

As employers in the private and public sectors adjust to the advent of flexible work over the last two years, they’re simultaneously trying to protect their organizations from attackers looking to steal and sell data.

2021 was a year defined by significant cyberattacks that crippled infrastructure and shut down hospitalsschools, and municipal governments. It’s the same year the Colonial Pipeline, which supplies gasoline to millions living in the Northeast U.S., was hobbled by a ransomware attack that triggered a gas panic and elevated prices for consumers.

And lawmakers were paying attention—passing dozens of laws in 2022 aimed at training workers, securing government agencies, and funneling money into cybersecurity education programs.

Drata analyzed legislation across all 50 states tracked by the National Conference of Legislatures to identify the states where the most cybersecurity regulations were enacted in 2022. At least 25 states enacted 43 laws that address cybersecurity concerns, out of more than 250 bills proposed and considered by legislatures, including in U.S. territories.

The Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, describes cybersecurity as the “art” of defending computers, electronic devices, and networks against malicious attacks seeking to compromise their function or data.

Companies and government organizations employ cybersecurity methods to keep people who aren’t authorized to see certain information out of those digital spaces and to secure private information or company trade secrets from prying eyes, including criminals.

The average cost of a data breach at a U.S. company in 2022 was $9.4 million, according to IBM’s annual report on cybersecurity threats. Ransomware is one of the most common forms of attack. In a ransomware attack, the offender gains access to a network, takes private information that can often be sensitive, and locks it up with a code only the attacker knows—demanding a ransom be paid to regain access. But access isn’t always granted after a ransom is paid.

Maryland and Florida passed the most new legislation of all states

Maryland’s newest cybersecurity-oriented laws expand on training programs and dedicate public money to protecting digital and information technology infrastructure throughout its state and local governments, including setting standards for its 911 emergency telephone system. It also places new requirements on health care and insurance providers.

In Florida, newly enacted laws will require municipalities to adopt cybersecurity standards, report incidents of ransomware, assess steep fines against perpetrators of attacks, and prevent government agencies from paying ransomware demands.

About half of the states in the U.S. did not enact any cybersecurity-related legislation in 2022. Some of those states may convene to make laws less frequently, like Texas, which has a state legislature that gathers every other year. Other states, including Oregon, proposed new laws but did not pass any of them through their legislatures.

Kentucky

– Enacted: 3
– Failed: None
– Vetoed: None

The Kentucky legislature passed three laws in 2022, one of which was a mostly ceremonial resolution urging Congress to take action to mitigate cyberattacks and specifically ransomware. The other two create cybersecurity regulations that apply to insurance firms and investment advisors.

Licensed insurers based in Kentucky will have to implement and report cybersecurity and data privacy standards annually to the state. It also requires organizations to report cybersecurity events to the state no less than three days from when they’re discovered. It carries a penalty of up to $10,000 per violation. The new law does not apply to any companies already in compliance with federal data privacy and breach laws like the Gramm-Leach-Bliley Act of 1999 or rules issued by the U.S. Department of Health and Human Services.

The other law simply requires all registered investment advisors to create and implement cybersecurity policies that “ensure the confidentiality, integrity, and availability of physical and electronic records and information.”

Virginia

– Enacted: 3
– Failed: 2
– Vetoed: None

In Virginia, lawmakers passed laws requiring public sector agencies to report all cybersecurity incidents to its Virginia Fusion Intelligence Center, and allocating funding to help employers in the state attract and retain cybersecurity professionals. The state is sending tens of millions to help recruit faculty at Virginia Tech.

Florida

– Enacted: 4
– Failed: 10
– Vetoed: None

Florida passed four laws related to cybersecurity in 2022, including a budget bill that allocates $20.5 million to higher education and workforce development in the industry. About half of that money was earmarked for the Florida Center for Cybersecurity at the University of South Florida while the other half will go to building a “Cyber Attack and Simulation Range” for “highly technical” training. The state is also dedicating $50 million to implement a 2021 task force’s recommendation for better cybersecurity protections for the state’s businesses and government agencies.

It also passed a law that exempted some aspects of cybersecurity attacks and data breaches from public records law, where the information would help criminals learn about “detection, investigation, or response practices.” It does not stop government agencies from reporting the number of incidents and general information about each.

A new Florida statute will also create a penalty for the perpetrators of attacks against government entities equal to twice the total of the ransom demanded.

Maryland

– Enacted: 8
– Failed: 17
– Vetoed: 2

The Modernize Maryland Act of 2022 included requirements for water and sewer systems to assess and report cybersecurity vulnerabilities to the government. It also created a commission and fund to support and implement state and local government cybersecurity investments before the end of 2030.

The state also passed a law setting cybersecurity standards for health care organizations, including most insurers and those that provide care to Medicaid patients. It requires organizations to issue thorough notifications about data breaches affecting more than 250 people in the state and carries a fine of up to $125,000 for each violation of the law.

Another bill revised and expanded the state’s Cybersecurity Public Service Scholarship Program for students interested in pursuing a cybersecurity career. Previously the program supported students who went on to work for state agencies. Now it includes those who go to work for schools and colleges as well as county and municipal governments.

Among the 17 measures that failed in Maryland was one that would have given small businesses a state tax break for spending on cybersecurity measures.

Source: https://stacker.com/government/4-states-passed-nearly-half-all-new-cybersecurity-laws-enacted-across-us-2022
Four States Passed Nearly Half of All New Cyber Laws in 20222023-09-16T17:38:36-04:00

CONTACT US

Cyber Florida at USF
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620

Office meetings by appointment only

PRIVACY POLICY

Copyright 2026 The Florida Center for Cybersecurity at the University of South Florida. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.