n
Cyber Florida Executive Director General (Ret.) Frank McKenzie discusses the critical importance of this initiative
Commissioned and funded by the Florida Legislature in 2023, CyberSecureFlorida is a first-of-its-kind statewide effort to assess and strengthen the cybersecurity posture of Florida’s collective critical infrastructure through overarching two lines of effort:
WHO CAN PARTICIPATE?
CyberSecureFlorida risk assessment effort is open to all public- and private-sector critical infrastructure entities at no cost, and we encourage any and all critical infrastructure entities to lend their voice to this important undertaking. Organizations providing goods and services related to the following sectors are eligible and encouraged to participate:
Communications
Energy
Water and Wastewater Systems
Food and Agriculture
Critical Manufacturing
Commercial Facilities
Dams
Defense Industrial Base
Financial Services
Chemical
Healthcare and Public Health
Transportation
Emergency Services
Government Facilities
Information Technology
Nuclear Reactors, Materials, and Waste
HOW DOES IT WORK?
The assessment is provided by Idaho National Laboratory (INL) through a customized instance of their established and highly regarded Cyber Security Evaluation Tool (CSET). It consists of an online survey of about 155 questions addressing a range of cybersecurity concerns outlined by the NIST Cybersecurity Framework. The survey should be completed by your IT/cybersecurity lead and their team members. Responses are confidential and securely stored by the University of South Florida (see FAQs for details on security measures). For reporting, data will be anonymized and presented in aggregate to further ensure privacy and security, then synthesized into a concise, actionable report with recommendations presented to the Florida Legislature, the Governor, and other state government stakeholders. If your organization doesn’t have on-staff expertise, Cyber Florida will connect you with an expert who can help you complete the assessment.
WHAT ARE THE BENEFITS?
For no-cost and a reasonable time commitment, the Florida CSET assessment allows you to evaluate your organization’s critical information technology, operational technology, and ransomware readiness using a systematic, disciplined, and repeatable approach. The tailored outputs – 7 customized reports – provide prioritized, actionable information to mitigate the risks revealed by your assessment. Your assessment data will support Cyber Florida’s development of an interactive visualization capability to compare cyber risks across infrastructure sectors as well as an anonymized state-wide summary report, two resources that will provide valuable intelligence to the critical infrastructure community and state decision-makers.
Additionally, selected participants will have access to a full suite of cyber workforce development toolsets that identify skills gaps, display training pathways for upskilling employees, and assist with finding the most qualified new cyber talent. To be considered for the no-cost analysis, interested participants must fully complete their CSET assessment and express interest in receiving the workforce development analysis service through email to Cyber Florida or selecting the follow-on cyber workforce service question in CSET.
HELPFUL VIDEOS
Watch an Information Session
n
See How the Assessment Tool Works
FREQUENTLY ASKED QUESTIONS
In addition to receiving a free risk assessment for your organization, the data gathered will establish a baseline to guide future planning, policies, and expenditures to strengthen the state’s critical infrastructure assets. This could yield additional state-provided resources and tools for your organization. Additionally, up to 150 participating organizations will get free access to the CyberKnights and Cyber-CHAMP programs, which use the assessment data to help your organization identify and improve cyber skills gaps in your workforce.
Yes! Cyber Florida has a network of staff and volunteers available to assist organizations in completing the assessment. They can connect virtually or in-person to help you submit your assessment. Complete the contact form to request assistance.
You may have completed a risk assessment with a third-party vendor, but that information will not be included in the overall Florida critical infrastructure risk score, which may impact the policies and potential funding for Florida critical infrastructure. The survey is short and easy to use. You will not be asked to reveal protected company details, your information will be strictly protected as critical infrastructure information.
Within the CSET tool, there are a variety of options based on the type of standard being measured. For this reason, we ask all critical infrastructure owners/operators to participate in the survey to be counted and heard so the leaders of Florida can get as accurate a picture as possible to guide Florida’s future investments to make Florida a safe and secure state to live, work, and play.
The data is gathered anonymously and stored on physical servers at the University of South Florida. The University of South Florida uses the NIST Cybersecurity framework to manage its technical and administrative controls. The university has a complete set of security policies, procedures, and standards based on the NIST 800-171 security guidelines. In addition to these administrative controls, the university employs a great number of technical controls including but not limited to: A number of physical and cloud-based Pal Alto Firewalls, the complete Microsoft Defender Stack of products including EDR, Beyond Trust Privileged access management, Microsoft MFA, Splunk for Enterprise Security SIEM, and regular penetration tests and risk assessment performed by both internal staff, state auditors, and 3rd party companies.
The University of South Florida is a Carnegie Research-1 University with numerous federal grants dealing with Medical, Personal, and DoD restricted non-classified data that is secured and monitored 24/7 by USF staff as well as two external SOCs.
Yes, it’s really free! Florida is serious about cybersecurity, and the Florida Legislature provided funding for this initiative so they could gain a better understanding of Florida’s critical infrastructure cyber strengths and weaknesses. The information gathered will help inform future legislation and funding opportunities to help organizations throughout the state, while helping your organization immediately identify potential risks.
HELP IS HERE
We recognize that not every organization has a cybersecurity person on staff. If you have a question or would like assistance in completing the CSET, please submit the form and we will connect you with someone that can help.