Florida Cyber Legislation: What it Means and How to Comply


Effective July 1, 2022, state organizations in Florida are constrained to new legislation that prevents them from paying ransomware and requires reporting of incidents to the Department of Law Enforcement’s Cybersecurity Office and the Cybersecurity Operations Center (CSOC). The level of severity of the cybersecurity incident, defined by the National Cyber Incident Response Plan of the U.S. Department of Homeland Security, also dictates the timeline in which specific incidents must be reported to authorities. Florida is now the second state to prohibit state and local governments from complying with ransomware demands, following North Carolina.

Understanding the requirements

Under the legislation, state agencies must notify the Florida Department of Law Enforcement’s Cybersecurity Office and the CSOC within 12 hours of a ransomware attack, and within 48 hours of other cybersecurity incidents.

Similarly, the local government must report all ransomware incidents and any cybersecurity incident determined by the local government to the CSOC, the Cybercrime Office of the Department of Law Enforcement, and the sheriff who has jurisdiction over the local government within 48 hours after discovery of the cybersecurity incident and no later than 12 hours after discovery of the ransomware incident.

Additionally, agencies must “Annually provide cybersecurity training to all state agency technology professionals and employees with access to highly sensitive information which develops, assesses, and documents competencies by role and skill level. The cybersecurity training curriculum must include training on the identification of each cybersecurity incident severity level.”

Impact on the organizational and individual level

While this legislation is a major step toward improving our nation’s security posture and aligns with other cybersecurity initiatives and executive orders from the White House, some feel that the confinements within the legislation may be challenging. JDSupra states, “Some requirements will be impossible to meet, requiring either a change in the law or constant violations of the law,” referring to the potential loss of data and significant operational interruptions.

Alternatively, this legislation pushes for more transparency around cybersecurity incidents and addresses data privacy concerns of citizens. Lastly, and perhaps most importantly, it forces organizations to upscale their security measures to ensure incidents don’t happen in the first place. This is essential especially for critical infrastructure organizations as they must protect both the IT and OT sides of the business to eliminate the risk of threats propagating into the ICS environments, and the subsequent operational and physical disruption that would result.

History has also taught us what happens when organizations do comply with ransomware requirements; there is no guarantee they will regain access to data, or that the data has not already been leaked or stolen. Payment also encourages and funds future and more sophisticated attacks. So, what can organizations do to protect themselves before it’s too late?

How OPSWAT Can Help

OPSWAT offers a suite of products to protect critical infrastructure organizations from falling victim to cyberattacks.

OPSWAT MetaDefender Email Security is an email protection solution that protects organizations from the initial access of ransomware using Deep Content Disarm and Reconstruction (Deep CDR) - a unique technology that has been developed by OPSWAT that sanitizes each and every potentially malicious attachment sent to the organization. Deep CDR technology is a preventative solution that sanitizes incoming attachments, rendering them safe, so unknown and zero-day attacks would fail to run on an organization’s network. Deep CDR is accompanied by OPSWAT’s multiscanning technology that provides increased detection capabilities for known malware (>99.8% detection rate).

In addition, it is always good advice to be prepared for such an attack in advance. Utilizing OPSWAT’s MetaAccess solution, organizations can ensure all machines are configured and hardened so attacks would not be able to run on end-user devices, with enforced compliance with Patching, Firewalls, and Anti-malware.

Cybersecurity training is also a major component of this legislation. With the cybersecurity skills gap, let alone the critical infrastructure protection cybersecurity skills gap, at an all-time high, organizations need to effectively upskill existing staff or find talent that understands the complexities of protecting both IT and OT environments. OPSWAT Academy offers free training for these professionals to learn the best cybersecurity practices and practical approaches successfully implemented in the most secure critical infrastructure environments.

Want to learn more about how OPSWAT solutions can prevent ransomware attacks? Contact one of our experts today.

Sign up for Blog updates!
Get information and insight from the leader in advanced threat prevention.