Florida Senate - 2024 CS for CS for SB 1662 By the Appropriations Committee on Agriculture, Environment, and General Government; the Committee on Governmental Oversight and Accountability; and Senator Collins 601-03514-24 20241662c2 1 A bill to be entitled 2 An act relating to cybersecurity; amending s. 3 1004.444, F.S.; providing that the Florida Center for 4 Cybersecurity may also be referred to as Cyber 5 Florida; providing that the center is established 6 under the direction of the president of the University 7 of South Florida, or his or her designee, and, subject 8 to the approval of the universitys board of trustees, 9 may be assigned by the president to a college that 10 meets certain requirements; revising the mission and 11 goals of the center; authorizing the center to take 12 certain actions relating to certain initiatives; 13 requiring the Department of Management Services to 14 contract with an independent verification and 15 validation provider for specified services for all 16 agency staff and vendor work to implement the 17 enterprise cybersecurity resiliency program; requiring 18 such provider to complete an assessment of the current 19 program by a specified date; requiring that the 20 assessment include recommendations based on certain 21 evaluations; requiring that the contract require that 22 monthly reports and deliverables be simultaneously 23 provided to specified entities and parties; providing 24 an effective date. 25 26 Be It Enacted by the Legislature of the State of Florida: 27 28 Section 1.Section 1004.444, Florida Statutes, is amended 29 to read: 30 1004.444Florida Center for Cybersecurity. 31 (1)The Florida Center for Cybersecurity, which may also be 32 referred to as Cyber Florida, is established within the 33 University of South Florida, under the direction of the 34 president of the university or the presidents designee. The 35 president may assign the center to a college of the university 36 if the college has a strong emphasis on cybersecurity, 37 technology, or computer sciences and engineering, as determined 38 and approved by the universitys board of trustees. 39 (2)The mission and goals of the center are to: 40 (a)Position Florida as the national leader in 41 cybersecurity and its related workforce primarily through 42 advancing and funding education and, research and development 43 initiatives in cybersecurity and related fields, with a 44 secondary emphasis on, and community engagement and 45 cybersecurity awareness. 46 (b)Assist in the creation of jobs in the states 47 cybersecurity industry and enhance the existing cybersecurity 48 workforce through education, research, applied science, and 49 engagements and partnerships with the private and military 50 sectors. 51 (c)Act as a cooperative facilitator for state business and 52 higher education communities to share cybersecurity knowledge, 53 resources, and training. 54 (d)Seek out research and development agreements and other 55 partnerships with major military installations and affiliated 56 contractors to assist, when possible, in homeland cybersecurity 57 defense initiatives. 58 (e)Attract cybersecurity companies and jobs to this the 59 state, with an emphasis on the defense, finance, health care, 60 transportation, and utility sectors. 61 (f)Conduct, fund, and facilitate research and applied 62 science that leads to the creation of new technologies and 63 software packages that have military and civilian applications 64 and that can be transferred for military and homeland defense 65 purposes or for sale or use in the private sector. 66 (3)Upon receiving a request for assistance from the 67 Department of Management Services, the Florida Digital Service, 68 or another state agency, the center is authorized, but may not 69 be compelled by the agency, to conduct, consult on, or otherwise 70 assist any state-funded initiatives related to: 71 (a)Cybersecurity training, professional development, and 72 education for state and local government employees, including 73 school districts and the judicial branch; and 74 (b)Increasing the cybersecurity effectiveness of the 75 states and local governments technology platforms and 76 infrastructure, including school districts and the judicial 77 branch. 78 Section 2.(1)In order to ensure the use of best practices 79 and seamless functionality within the enterprise, the Department 80 of Management Services shall contract with an independent 81 verification and validation (IV&V) provider to provide IV&V 82 services for all agency staff and vendor work needed to 83 implement the enterprise cybersecurity resiliency program. 84 (2)The IV&V provider shall complete an assessment of the 85 current program by December 1, 2024. The assessment must 86 include, but need not be limited to, recommendations based on 87 the evaluation of: 88 (a)The use of Cybersecurity Operations Center tools 89 relative to their inherent capabilities to enhance efficiency 90 and effectiveness; 91 (b)The existing processes to identify and address 92 inefficiencies and areas requiring improvement; 93 (c)The interoperability among different systems to ensure 94 compatibility and facilitate smooth data exchange; 95 (d)The alignment of strategic initiatives and resource 96 allocation with organizational objectives; and 97 (e)The effectiveness of established communication channels 98 to facilitate collaboration and dissemination of information 99 across state entities. 100 (3)The IV&V contract must require that monthly reports and 101 deliverables be simultaneously provided to the Department of 102 Management Services, the Executive Office of the Governors 103 Office of Policy and Budget, the chair of the Senate 104 Appropriations Committee, and the chair of the House of 105 Representatives Appropriations Committee. 106 Section 3.This act shall take effect July 1, 2024.