Florida budget adds $37 million in cybersecurity spending

The state's new budget follows recommendations issued earlier this year by a 15-member task force.
MIAMI GARDENS, FLORIDA - JANUARY 06: Florida Governor Ron DeSantis leaves after holding a press conference about the opening of a COVID-19 vaccination site at the Hard Rock Stadium on January 06, 2021 in Miami Gardens, Florida. The governor announced that the stadium's parking lot which offers COVID-19 tests will begin to offer COVID-19 vaccinations for residents 65 and older to drive up and get vaccinated. The vaccination site opened today for a trial run but it was not known when it will be open to the general public. (Photo by Joe Raedle/Getty Images)

Florida officials are poised to spend $37 million on cybersecurity in the upcoming fiscal year, including on new investments in hardening industrial control defenses, identity management, migrations of government websites to the .gov domain and the creation of a new cybersecurity operations center.

The budget Gov. Ron DeSantis signed this week largely follows the recommendations of a 15-member task force that filed its final report in January. Among the suggestions by the group, which was led by Lt. Gov. Jeannette Nunez, was an increase in the number of full-time cybersecurity professionals in the Florida Digital Service, the state’s year-old IT agency. Florida lawmakers passed legislation earlier this year unanimously endorsing the recommendations of the task force, which included representatives of law enforcement, academia and the state’s tourism industry.

Florida, like all states, has endured its share of cybersecurity incidents, including ransomware and denial-of-service attacks against public schools, to the February breach of a water-treatment plant in the Gulf Coast town of Oldsmar that temporarily changed the facility’s sodium-hydroxide setting to a potentially dangerous level.

The Florida Digital Service will receive funding to increase its full-time cybersecurity staff to 15, according to the budget. Meanwhile, about $31 million will be used to implement the task force’s suggestions. The single-biggest expenditure is $4.3 million for security event-management software and services, followed by $4 million for vulnerability management and $3.2 million for a statewide inventory of cybersecurity assets.


Lawmakers also appropriated $3.2 million for a new cybersecurity operations center. According to Florida House Bill 1297, which approved the task force’s recommendations, the new center will be a largely virtual “clearinghouse” which will coordinate with the Florida Department of Law Enforcement on responses to cybersecurity incidents that affect state agencies. The operations center is to be led by the state’s chief information security officer, a position that’s been vacant since last December when then-CISO Thomas Vaughn quit state government to take a similar role with the City of Tallahassee.

The budget also includes smaller expenditures for endpoint protection software, industrial control systems defenses and cybersecurity training resources.

In a press release, Florida Chief Information Officer James Grant said the budget makes “first-of-its-kind investments” for the state government’s cybersecurity operations.

Aside from the new programs recommended by Nunez’s task force, Florida’s budget for the 2021-22 fiscal year also lays out nearly $6.5 million for the Florida Center for Cybersecurity, a research group at the University of South Florida.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed is the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He has written extensively about ransomware, election security, and the federal government's role in assisting states, localities and higher education institutions with information security.

Latest Podcasts