October 2022

Survey opens for Phase 1 organizations

December 15, 2022

Phase 1 deadline extended!

January 2023

Preliminary draft report submitted to the state

February 1, 2023

Survey opens for Phase 2 organizations

March 31, 2023

Phase 2 survey deadline

June 30, 2023

Final report submitted

The online risk assessment tool, CSET, is now LIVE!
Click here to begin your online risk assessment
.

ACCESS THE ONLINE RISK ASSESSMENT NOW

n

Welcome to the CyberSecureFlorida initiative, a first-of-its-kind effort to assess the cybersecurity strengths and weaknesses of Florida’s collective critical infrastructure. The information gathered through this effort will be critical to helping Florida’s elected leaders determine how best to allocate resources and enact appropriate legislation to create a more secure Sunshine State!

Led by Cyber Florida in consultation with the Florida Cybersecurity Advisory Council, this effort will:

  • Establish a baseline of current critical infrastructure cybersecurity protections
  • Provide actionable solutions to increase the state’s preparedness and resilience to cyberattacks
  • Reduce the vulnerabilities of critical systems, assets, and networks
  • Increase resiliency and security to protect the people, property, and prosperity of Florida

WHO SHOULD PARTICIPATE?

CyberSecureFlorida is open to all public- and private-sector critical infrastructure entities and we encourage any and all critical infrastructure entities to lend their voice to this important undertaking. Organizations providing services in the following sectors are encourages to participate:

Communications
Energy
Water and wastewater systems
Food and agriculture
Critical manufacturing
Commercial facilities
Dams
Defense industrial base
Financial services

Chemical
Healthcare and public health
Transportation
Emergency services
Government facilities
Information technology
Nuclear reactors, materials, and waste

We are asking as many critical infrastructure organizations as possible to participate to achieve the most comprehensive view we can.

NOTE ON HURRICANE IAN: Due to the impact of Hurricane Ian, Florida FLDE Region 6 (Fort Myers, Naples, Sarasota) is not expected to participate in the survey during Phase 1. Organizations in those regions are encouraged to join during Phase 2.

HOW WILL THE ASSESSMENT WORK?

The assessment is an online survey of about 150 questions addressing a range of cybersecurity concerns outlined by the NIST Cybersecurity Framework. The survey should be completed by your IT/cybersecurity lead and their team members. Responses are anonymous, confidential, and securely stored by the University of South Florida (see FAQs for details on security measures). For reporting, data will be in aggregate to further ensure privacy and security, and synthesized into a concise, actionable report to inform future resource allocation and legislation.

BENEFITS OF PARTICIPATING

In addition to receiving a free cyber risk assessment report for your organization, Cyber Florida will provide a select number of participants with information directly related to education and training courses that target the cybersecurity improvement areas identified from the risk assessment information submitted. The service will identify the knowledge and skills necessary to mitigate cyber risks within the submitter’s agency, organization, or company. Additionally, the selected participants will have access to a full suite of cyber workforce development toolsets that will identify skills gaps, display various training pathways for upskilling employees, and assist with finding the most qualified new cyber talent, if needed. To be considered for the no-cost analysis, interested participants must fully complete their CSET risk assessment and expressed interest in receiving the workforce development analysis service through email to Cyber Florida or selecting the follow-on cyber workforce service question in CSET.

Have a question or need help? Watch the video below or jump to the FAQs or contact us.

Biweekly Info Sessions

If you have questions about the initiative, are struggling with some aspect of the CSET tool, or need clarification on an assessment question, please join us for an Ask a CSET Expert webinar. The open-house style webinars will be held twice weekly from November 1 through January 5. Use the links below to register for an upcoming Tuesday or Thursday webinar.

Once registered, you will receive a link to access the webinar at any time during the 30-minute session.

If you have an urgent issue or need assistance to complete the assessment, please email us at cybersecure@cyberflorida.org.

Did you miss our Town Halls? Watch here:

Join the Community

We’ve created a LinkedIn Group to support and grow the CyberSecureFlorida initiative. Join the group and help us build a community of Florida cyber defenders!

VISIT THE LINKEDIN GROUP

PROGRAM PARTNERS

Frequently Asked Questions

Q. Why should my organization participate?

In addition to receiving a free risk assessment for your organization, the data gathered will establish a baseline to guide future planning, policies, and expenditures to strengthen the state’s critical infrastructure assets. This could yield additional state-provided resources and tools for your organization.

Q. We don’t have a cybersecurity person on staff. Can someone help us answer the questions?

Yes! Cyber Florida has a network of staff and volunteers available to assist organizations in completing the assessment. They can connect virtually or in person to help you submit your assessment. Complete the contact form above to request assistance.

Q. We’ve completed a risk assessment with a third-party vendor, why should we complete our CI risk assessment?

You may have completed a risk assessment with a third-party vendor, but you will not be included in the overall Florida critical infrastructure risk score, which may impact the policies and potential funding for Florida critical infrastructure. The survey is short and easy to use. You will not be asked to provide any information that will reveal protected company details, your information will be strictly protected as critical infrastructure information.

Q. We’ve completed a risk assessment with the CSET tool, why should we complete another one?

Within the CSET tool, there are a variety of options based on the type of standard being measured. For this reason, we ask all critical infrastructure owners/operators to participate in the survey to be counted and heard so the leaders of Florida can get as accurate a picture as possible to guide Florida’s future investments to make Florida a safe and secure state to live, work, and play.

Q. How is the data gathered protected?

The data is gathered anonymously and stored on physical servers at the University of South Florida. The University of South Florida uses the NIST Cybersecurity framework to manage its technical and administrative controls. The university has a complete set of security policies, procedures, and standards based on the NIST 800-171 security guidelines. In addition to these administrative controls, the university employs a great number of technical controls including but not limited to: A number of physical and cloud-based Pal Alto Firewalls, the complete Microsoft Defender Stack of products including EDR, Beyond Trust Privileged access management, Microsoft MFA, Splunk for Enterprise Security SIEM, and regular penetration tests and risk assessment performed by both internal staff, state auditors, and 3rd party companies.

The University of South Florida is a Carnegie Research-1 University with numerous federal grants dealing with Medical, Personal, and DoD restricted non-classified data that is secured and monitored 24/7 by USF staff as well as two external SOCs.

Still have a question or need assistance? Please submit the form below and a team member will contact you shortly.