The online risk assessment tool is LIVE!
Click here to begin your online risk assessment.

ACCESS THE ONLINE RISK ASSESSMENT NOW

n

Cyber Florida Executive Director General (Ret.) Frank McKenzie discusses the critical importance of this initiative

Commissioned and funded by the Florida Legislature in 2023, CyberSecureFlorida is a first-of-its-kind statewide effort to assess and strengthen the cybersecurity posture of Florida’s collective critical infrastructure through overarching two lines of effort:

ASSESSMENT

A no-cost, confidential, online cyber risk assessment for any Florida-based public or private sector critical infrastructure organization

TRAINING

No-cost cybersecurity awareness  and upskilling training for all State of Florida state and local public-sector employees (coming soon!)

WHO CAN PARTICIPATE?

CyberSecureFlorida risk assessment effort is open to all public- and private-sector critical infrastructure entities at no cost, and we encourage any and all critical infrastructure entities to lend their voice to this important undertaking. Organizations providing goods and services related to the following sectors are eligible and encouraged to participate:

Communications
Energy
Water and Wastewater Systems
Food and Agriculture
Critical Manufacturing
Commercial Facilities
Dams
Defense Industrial Base
Financial Services
Chemical
Healthcare and Public Health
Transportation
Emergency Services
Government Facilities
Information Technology
Nuclear Reactors, Materials, and Waste

HOW DOES IT WORK?

The assessment is provided by Idaho National Laboratory (INL) through a customized instance of their established and highly regarded Cyber Security Evaluation Tool (CSET). It consists of an online survey of about 155 questions addressing a range of cybersecurity concerns outlined by the NIST Cybersecurity Framework. The survey should be completed by your IT/cybersecurity lead and their team members. Responses are confidential and securely stored by the University of South Florida (see FAQs for details on security measures). For reporting, data will be anonymized and presented in aggregate to further ensure privacy and security, then synthesized into a concise, actionable report with recommendations presented to the Florida Legislature, the Governor, and other state government stakeholders. If your organization doesn’t have on-staff expertise, Cyber Florida will connect you with an expert who can help you complete the assessment.

THE CYBER SECURITY EVALUATION TOOL (CSET)

  • No-cost, confidential, and secure
  • About 155 questions
  • Roughly two hours to complete
  • Start, save, and return
  • Help available for those with no on-staff cyber expertise
  • Receive a free set of seven reports customized for your organization

WHAT ARE THE BENEFITS?

For no-cost and a reasonable time commitment, the Florida CSET assessment allows you to evaluate your organization’s critical information technology, operational technology, and ransomware readiness using a systematic, disciplined, and repeatable approach. The tailored outputs – 7 customized reports – provide prioritized, actionable information to mitigate the risks revealed by your assessment. Your assessment data will support Cyber Florida’s development of an interactive visualization capability to compare cyber risks across infrastructure sectors as well as an anonymized state-wide summary report, two resources that will provide valuable intelligence to the critical infrastructure community and state decision-makers.

Additionally, selected participants will have access to a full suite of cyber workforce development toolsets that identify skills gaps, display training pathways for upskilling employees, and assist with finding the most qualified new cyber talent. To be considered for the no-cost analysis, interested participants must fully complete their CSET assessment and express interest in receiving the workforce development analysis service through email to Cyber Florida or selecting the follow-on cyber workforce service question in CSET.

FREE BENEFITS

  • A set of confidential reports provide prioritized, actionable information to mitigate your organization’s cyber risks
  • Supporting a statewide effort that may yield improved legislation and funding to assist your organization
  • Up to 150 participants will get access to the CyberKnights skills gap assessment and mitigation program.
  • Up to 150 participants will get access to Cyber-CHAMP, a framework that empowers employers to identify and establish security training programs within their organization.

BE HEARD: JOIN A FOCUS GROUP

In addition to the online assessment, organizations can participate in live focus groups. Conducted by our partners at MITRE, the focus groups sessions are a critical component of the CyberSecureFlorida effort, giving organizations a chance to

  • Talk about needs, interests, and concerns regarding cyber critical infrastructure
  • Discuss cyber critical infrastructure topics of interest in greater depth
  • Contribute to the body of knowledge that will be analyzed and reflected in recommendations to the legislature
  • Offer differing perspectives about cyber critical infrastructure in Florida
  • Allow for clarification and questions dynamically as the conversation unfolds
  • Generate potential options for future engagement

Upcoming Focus Groups

Please register by emailing ejallen@mitre.org with your preferred date.

Microsoft Teams Meeting: Click here to join the meeting

Meeting ID: 268 129 472 753; Passcode: Mppac3

Or call in (audio only): +1 540-492-5664

Phone Conference ID: 286 628 253#

Microsoft Teams Meeting: Click here to join the meeting

Meeting ID: 212 996 802 785; Passcode: wSGc9G

Or call in (audio only): +1 540-492-5664,

Phone Conference ID: 317 428 98#

Microsoft Teams Meeting: Click here to join the meeting

Meeting ID: 226 849 976 340; Passcode: vvcxnr

Or call in (audio only): +1 540-492-5664

Phone Conference ID: 620 232 412#

Microsoft Teams Meeting: Click here to join the meeting

Meeting ID: 299 941 226 688; Passcode: CE5JsR

Or call in (audio only): +1 540-492-5664

Phone Conference ID: 289 957 846#

Helpful Videos

Watch an Information Session

n

See How the Assessment Tool Works

FREQUENTLY ASKED QUESTIONS

In addition to receiving a free risk assessment for your organization, the data gathered will establish a baseline to guide future planning, policies, and expenditures to strengthen the state’s critical infrastructure assets. This could yield additional state-provided resources and tools for your organization. Additionally, up to 150 participating organizations will get free access to the CyberKnights and Cyber-CHAMP programs, which use the assessment data to help your organization identify and improve cyber skills gaps in your workforce.

Yes! Cyber Florida has a network of staff and volunteers available to assist organizations in completing the assessment. They can connect virtually or in-person to help you submit your assessment. Complete the contact form to request assistance.

You may have completed a risk assessment with a third-party vendor, but that information will not be included in the overall Florida critical infrastructure risk score, which may impact the policies and potential funding for Florida critical infrastructure. The survey is short and easy to use. You will not be asked to reveal protected company details, your information will be strictly protected as critical infrastructure information.

Within the CSET tool, there are a variety of options based on the type of standard being measured. For this reason, we ask all critical infrastructure owners/operators to participate in the survey to be counted and heard so the leaders of Florida can get as accurate a picture as possible to guide Florida’s future investments to make Florida a safe and secure state to live, work, and play.

The data is gathered anonymously and stored on physical servers at the University of South Florida. The University of South Florida uses the NIST Cybersecurity framework to manage its technical and administrative controls. The university has a complete set of security policies, procedures, and standards based on the NIST 800-171 security guidelines. In addition to these administrative controls, the university employs a great number of technical controls including but not limited to: A number of physical and cloud-based Pal Alto Firewalls, the complete Microsoft Defender Stack of products including EDR, Beyond Trust Privileged access management, Microsoft MFA, Splunk for Enterprise Security SIEM, and regular penetration tests and risk assessment performed by both internal staff, state auditors, and 3rd party companies.

The University of South Florida is a Carnegie Research-1 University with numerous federal grants dealing with Medical, Personal, and DoD restricted non-classified data that is secured and monitored 24/7 by USF staff as well as two external SOCs.

Yes, it’s really free! Florida is serious about cybersecurity, and the Florida Legislature provided funding for this initiative so they could gain a better understanding of Florida’s critical infrastructure cyber strengths and weaknesses. The information gathered will help inform future legislation and funding opportunities to help organizations throughout the state, while helping your organization immediately identify potential risks.

HELP IS HERE

We recognize that not every organization has a cybersecurity person on staff. If you have a question or would like assistance in completing the CSET, please submit the form below. You can also email us at cybersecure@cyberflorida.org.