Critical Infrastructure Standards and Procedures
The bill requires asset owners to incorporate these cybersecurity standards beginning from July 1, 2022, including ensuring that all contracts for constructing or renovating critical infrastructure meet specific minimum security standards. This legislative move reflects a proactive approach toward safeguarding essential services such as public utilities, healthcare facilities, and transportation systems from potential cyber threats, thereby reinforcing the overall security stance of the state’s critical infrastructure.
House Bill 1147, titled the Critical Infrastructure Standards and Procedures Act, aims to establish a framework for the management of cybersecurity in critical infrastructure systems across the state of Florida. Recognizing the increasing frequency of cybersecurity incidents impacting vital services, the legislation mandates that both public and private asset owners adhere to established cybersecurity standards, particularly the ISA 62443 series, which is referenced by the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). This framework is intended to streamline the procurement and integration processes for technologies crucial to maintaining the security and reliability of operational systems.
While there is broad support for enhancing cybersecurity measures, there were concerns regarding the implications of the bill for liability in civil actions stemming from security incidents. The legislation provides immunity to defendants who can demonstrate a good faith effort to comply with the required cybersecurity standards. Critics argue that this could complicate legal recourse for those affected by security breaches, particularly if it leads to less accountability for companies failing to meet these standards. This aspect of the bill has sparked debate among stakeholders about the balance between encouraging compliance and ensuring adequate legal protections for affected parties.