With the passage of FL House Bill 7055, public safety IT professionals and agency leaders must take extra precautions to ensure their cybersecurity readiness to help prevent and respond to attacks like ransomware. In this blog post, we will explore what this bill means for public safety agencies in Florida and how it could impact other states going forward.
What Does FL House Bill 7055 Do?
Florida Governor Ron DeSantis signed House Bill 7055 into law in April 2021.The bill amends the state’s Cybersecurity Act that requires the Florida Digital Service (FLDS) and state agencies to meet various cybersecurity standards, and provides for additional funding for the FLDS.
One of the most important provisions is that it prohibits agencies from paying or otherwise complying with ransomware demands. This could leave state and local agencies with no choice but to rebuild their entire network, which could be far more costly and time consuming than paying the ransom. It could also lead to the permanent loss of critical data and extended downtime for systems, amongst other problems.
Additionally, many Florida agencies will be required to create a cybersecurity plan that outlines their objectives and processes for protecting themselves from cyber threats by 2024. They’ll also be required to take steps to identify and mitigate vulnerabilities in their systems as well as implement measures to ensure the integrity of data stored on those systems.
The bill also calls for state and local government agencies to develop incident response plans on how they will respond if they are ever subject to a cyber attack or breach. If they are hit with a ransomware attack, they’ll be required to report it to a range of other organizations — including the to notify the Florida Department of Law Enforcement’s Cybersecurity Office as well as the Cybersecurity Operations Center (CSOC) within 12 hours of an incident, depending on the severity. This will no doubt prove to be very challenging, particularly for smaller agencies.
Finally, the bill includes cybersecurity training requirements for technology employees who have access to sensitive information within 30 days of employment and annually thereafter, and that agencies have access to adequate technical expertise when responding to any potential cyber incident.
What Questions Should Agencies Consider?
With the passage of FL HB 7055, there are many questions agencies should be prepared to address, such as:
- When was the last time you had a thorough risk assessment conducted by a vendor experienced in public safety?
- Are there any gaps in your visibility or security structure that need to be addressed and closed?
- When was the last time your incident response was updated, and how confident are you about your capacity to react quickly?
- How can you effectively handle your routine operations while being mindful of complying with new requirements and implementing related processes demanded by this bill?
This is just a small sampling of the many issues agencies will be grappling with, and no doubt there will be many more as they evaluate their preparedness.
How Could FL House Bill 7055 Impact Other States?
The implications of this new law could extend well beyond Florida. While many other states already have laws in place that require similar cybersecurity measures, this legislation serves as an example of how state governments can take proactive steps towards protecting sensitive information and systems from threat actors, in addition to federal mandates.
Pennsylvania, North Carolina, New York, Texas, New Jersey and Arizona are among those that have already passed or are considering passing laws against state and local government agencies paying ransoms. As more states strengthen their cybersecurity protocols, it is likely that they’ll look towards Florida’s example when crafting new regulations.
In summary, FL House Bill 7055 sets higher standards for how state governments should be approaching cybersecurity within their public safety agencies. By requiring them to develop comprehensive plans outlining how they will protect themselves from cyber threats, and prohibiting ransom payments, this bill provides a model for other states looking at revamping their own regulations on cybersecurity.
Ultimately, this could lead to better defenses being put in place across the entire country, thereby making our communities safer. However, it may also have unexpected results in terms of real-world application. If and how agencies will be able to meet these requirements with the resources they have — or potentially with funds from cyber grants — and how effective bans on ransomware payments will be in stopping attacks remains to be seen. Though FL House Bill 7055 brings important protections, there are many potential pitfalls. Those in charge of ensuring these critical services are secure should plan accordingly.
At Motorola Solutions, we understand the importance of protecting mission-critical systems. Our team has deep expertise in staying ahead of evolving threats and remaining compliant with emerging regulations such as FL HB 7055. With our comprehensive suite of Managed Detection and Response and Advisory Services, you can rest assured your mission-critical systems and networks are secure against cyberattacks while being compliant with requirements. Whether it’s monitoring systems or patch management, creating a robust incident response plan or pentesting, you can rely on our solutions to provide peace-of-mind when it comes to risk management and mission-critical system defenses. We’ve also established the Public Safety Threat Alliance (PSTA), which provides a cyber threat intelligence sharing, collaboration and information hub. Membership in the PSTA is open to all public safety agencies, and there is no cost to join for public sector organizations.
Contact us today to discuss the potential impact of this bill and how we can help relieve the burden of managing cybersecurity, or visit our Cybersecurity Resource Center.
January 31, 2023
This sure is a complex situation. I appreciate you going into the implications in this blog.