Florida Senate - 2024 CS for CS for SB 1662
By the Appropriations Committee on Agriculture, Environment, and
General Government; the Committee on Governmental Oversight and
Accountability; and Senator Collins
601-03514-24 20241662c2
1 A bill to be entitled
2 An act relating to cybersecurity; amending s.
3 1004.444, F.S.; providing that the Florida Center for
4 Cybersecurity may also be referred to as “Cyber
5 Florida”; providing that the center is established
6 under the direction of the president of the University
7 of South Florida, or his or her designee, and, subject
8 to the approval of the university’s board of trustees,
9 may be assigned by the president to a college that
10 meets certain requirements; revising the mission and
11 goals of the center; authorizing the center to take
12 certain actions relating to certain initiatives;
13 requiring the Department of Management Services to
14 contract with an independent verification and
15 validation provider for specified services for all
16 agency staff and vendor work to implement the
17 enterprise cybersecurity resiliency program; requiring
18 such provider to complete an assessment of the current
19 program by a specified date; requiring that the
20 assessment include recommendations based on certain
21 evaluations; requiring that the contract require that
22 monthly reports and deliverables be simultaneously
23 provided to specified entities and parties; providing
24 an effective date.
25
26 Be It Enacted by the Legislature of the State of Florida:
27
28 Section 1. Section 1004.444, Florida Statutes, is amended
29 to read:
30 1004.444 Florida Center for Cybersecurity.—
31 (1) The Florida Center for Cybersecurity, which may also be
32 referred to as “Cyber Florida,” is established within the
33 University of South Florida, under the direction of the
34 president of the university or the president’s designee. The
35 president may assign the center to a college of the university
36 if the college has a strong emphasis on cybersecurity,
37 technology, or computer sciences and engineering, as determined
38 and approved by the university’s board of trustees.
39 (2) The mission and goals of the center are to:
40 (a) Position Florida as the national leader in
41 cybersecurity and its related workforce primarily through
42 advancing and funding education and, research and development
43 initiatives in cybersecurity and related fields, with a
44 secondary emphasis on, and community engagement and
45 cybersecurity awareness.
46 (b) Assist in the creation of jobs in the state’s
47 cybersecurity industry and enhance the existing cybersecurity
48 workforce through education, research, applied science, and
49 engagements and partnerships with the private and military
50 sectors.
51 (c) Act as a cooperative facilitator for state business and
52 higher education communities to share cybersecurity knowledge,
53 resources, and training.
54 (d) Seek out research and development agreements and other
55 partnerships with major military installations and affiliated
56 contractors to assist, when possible, in homeland cybersecurity
57 defense initiatives.
58 (e) Attract cybersecurity companies and jobs to this the
59 state, with an emphasis on the defense, finance, health care,
60 transportation, and utility sectors.
61 (f) Conduct, fund, and facilitate research and applied
62 science that leads to the creation of new technologies and
63 software packages that have military and civilian applications
64 and that can be transferred for military and homeland defense
65 purposes or for sale or use in the private sector.
66 (3) Upon receiving a request for assistance from the
67 Department of Management Services, the Florida Digital Service,
68 or another state agency, the center is authorized, but may not
69 be compelled by the agency, to conduct, consult on, or otherwise
70 assist any state-funded initiatives related to:
71 (a) Cybersecurity training, professional development, and
72 education for state and local government employees, including
73 school districts and the judicial branch; and
74 (b) Increasing the cybersecurity effectiveness of the
75 state’s and local governments’ technology platforms and
76 infrastructure, including school districts and the judicial
77 branch.
78 Section 2. (1) In order to ensure the use of best practices
79 and seamless functionality within the enterprise, the Department
80 of Management Services shall contract with an independent
81 verification and validation (IV&V) provider to provide IV&V
82 services for all agency staff and vendor work needed to
83 implement the enterprise cybersecurity resiliency program.
84 (2) The IV&V provider shall complete an assessment of the
85 current program by December 1, 2024. The assessment must
86 include, but need not be limited to, recommendations based on
87 the evaluation of:
88 (a) The use of Cybersecurity Operations Center tools
89 relative to their inherent capabilities to enhance efficiency
90 and effectiveness;
91 (b) The existing processes to identify and address
92 inefficiencies and areas requiring improvement;
93 (c) The interoperability among different systems to ensure
94 compatibility and facilitate smooth data exchange;
95 (d) The alignment of strategic initiatives and resource
96 allocation with organizational objectives; and
97 (e) The effectiveness of established communication channels
98 to facilitate collaboration and dissemination of information
99 across state entities.
100 (3) The IV&V contract must require that monthly reports and
101 deliverables be simultaneously provided to the Department of
102 Management Services, the Executive Office of the Governor’s
103 Office of Policy and Budget, the chair of the Senate
104 Appropriations Committee, and the chair of the House of
105 Representatives Appropriations Committee.
106 Section 3. This act shall take effect July 1, 2024.