Earlier this year, the Tampa Bay region landed in the national spotlight when a hacker infiltrated the city from Oldsmar’s water treatment system.
Now, the state center for cybersecurity education and outreach located on the campus of the University of South Florida wants Tampa Bay and, more broadly, the state of Florida, to establish itself on the national stage as a leader in the field of cybersecurity.
The Florida Center for Cybersecurity, or Cyber Florida, was created in 2014 with the mission of working with the 12 institutions of the Florida state university system to advance academic education and research programs. In the last twelve months, it has focused on increasing these efforts.
“Until last year, the focus was primarily on launching the USF program,” says Ron Sanders, Cyber Florida’s director of personnel. “When USF President Currall (Steven C. Currall) hired Mike (J. Michael McConnell) as executive director to take Cyber Florida to the next level and focus on the involvement and involvement of the 12 schools SUS “.
In fact, Cyber Florida’s programs and initiatives now begin with students starting in kindergarten and going all the way through an online certificate program for adults who want to enter the field.
Cyber Florida also uses its voice to highlight the need for more federal and state support to help local communities protect key infrastructure from cyber threats. In a piece published early in the recent legislative session in Tallahassee, McConnell, chief executive of Cyber Florida and former director of the National Security Agency, described the cyberattack on Oldsmar as an “alarm call” and urged lawmakers to support cybersecurity funding requests to government budget proposal Ron DeSantis and policy changes proposed by a Florida cybersecurity working group that met over a one-year period. In his column, McConnell noted that Oldmar hacking, while fortunately unsophisticated and ultimately failed, “underscores once again the reliance we have made on information technology to provide public services … and the vulnerability that we have become as a result “.
An even more discordant memory of this dependency and vulnerability affected millions of people on the east coast in May.
Expose a real threat
A similar chain of events often follows a major cyber attack or data breach. A first round of alarm and intense media attention, the event will end up disappearing from public discussion until the next big one arrives.
But the Russian malware attack through the SolarWinds software system, which even infiltrated the Federal Security and Cybersecurity Agency, hacking the Oldsmar water system and then the May cyberattack on Colonial pipeline, the country’s largest gas pipeline, has maintained the significant cyber threats that exist against corporations, governments and utilities and key infrastructure in the face of public attention and concern.
Tony Urbanovich, chief technology officer of Cyber FloridaCyber Florida officials and local experts in Tampa Bay’s growing cybersecurity industry say the alarm is legitimate and that solutions must include front-line defenses against cyberattacks, increased state and federal support for utility companies, particularly smaller ones like Oldsmar, and a focus on education and training of the workforce to address the country’s shortage of cybersecurity professionals.
“These threats are real and have the potential to cause great damage to critical infrastructure,” says Tony Urbanovich, chief technology officer of Cyber Florida. “Local public services and municipalities like Oldsmar are especially vulnerable because they do not have the technical resources, experience or funding to support cybersecurity. Their technical knowledge focuses on the water or electricity of their main service providers ”.
James McQuiggan, advocate for security awareness at global cybersecurity firm KnowBe4, based in ClearwaterJames McQuiggan, a security awareness advocate for the global cybersecurity firm Clearwater, based in Clearwater, makes critical infrastructure, such as a water system, a fuel pipe or a power grid, particularly appealing targets. The ability to control or shut down a system we rely on for needs like gasoline, electricity, or water is striking and has the ability to wreak havoc on society, says McQuiggan, who is also a professor of cybersecurity at Valencia College of Orlando.
This ability to wreak havoc was shown with Colonial Pipeline hacking, which caused panic in the purchase of the pump and gas shortages in many places.
Simon Ou, professor of Computer Science and Engineering at USF, investigates the issue of the security of the cyber-Korean system, which focuses on the systems used to control and control water treatment plants, power plants, manufacturing facilities and other types of industrial uses.
Simon Ou, Professor of Computer Science and Engineering at USFOu says many of these computer systems date back decades, before widespread use of the Internet, and have not been updated with proper security measures and applications. They often use a mixture of different hardware components and a collection of different software systems, which means that almost all components can be a contributing factor to a cyberattack.
“These systems tend to be very vulnerable because when they were built they were not aware of this cybersecurity threat,” says Ou. “The challenge here is to cost to upgrade or replace these systems.”
Frontline responses to the threat
McQuiggan claims that multifactor authentication is a key line of defense to protect against a cyberattack. It uses the analogy of a medieval castle, where the king and queen are protected by multiple layers of defense such as a drawbridge, a moat and the castle wall.
Urbanovich, who previously worked in the field of cybersecurity in the military, at the national security level and in the private sector, says his current role with Cyber Florida makes him routinely talk to local government officials about the need to practice good “cyber hygiene”.
This includes a firewall, strong and up-to-date passwords, limited access, periodic updates of computer applications and software systems, and a routine cybersecurity assessment.
“Small organizations and local governments need funding and skills to mitigate these risks,” Urbanovich says. “This is where federal and state governments need to step in and help.”
With the ongoing debate and discussion in Washington DC about a massive investment to fix and modernize the country’s aging infrastructure, Urbanovich says cyberinfrastructure should be part of the plan.
Advancing in the right direction
While there is much more work to be done, Sanders says some positive steps this year in Tallahassee included the $ 30 million legislative passage to improve state agencies ’cybersecurity and protect state data. Politically, the legislature passed recommendations from the previous Florida Cybersecurity Working Group, including the establishment of the Florida Digital Service within the Department of Management Services to address cyber threats and increase cybersecurity training and resources in state agencies. . The legislature has also established a Florida cybersecurity working group to provide experience on how to deal with cyber threats.
Aiming to address the issue at the local level, the Florida League of Cities and the Florida Association of Counties had sought $ 5 million at last year’s session to help municipal governments improve their defenses against cyber threats. Funding did not arrive that year. In his column at the start of this year’s legislative session, McConnell, the executive director of Cyber Florida, says he expects the request to return in 2022.
At the federal level, President Joe Biden has appointed an NSA veteran, Chris Inglis, as the nation’s first cyber director, a position designed to better coordinate and organize cyber threat protection efforts spread across various federal agencies.
Cyber Florida’s plans
Right now, the country has more than 500,000 uncovered cybersecurity jobs. Cyber Florida takes a global, multifaceted approach to help fill that gap. Support for state universities includes funding for academic research grants and some innovative partnerships to grow the field. Sanders says they include working with the University of West Florida on a cyber-employment training program for the military and working with the University of Central Florida and Mohawk Valley Community College in New York on a regional and national competition for “cyber ninjas.” university students. ”
Cyber Florida also works with the State University System Governing Board to better identify the full range of seniors who produce workers for the field of cybersecurity. He says the review previously focused only on the main cybersecurity. Sanders says expanding it can help attract companies to Florida by showing them that there is talent here for jobs.
Educating and training the next generation of cyber citizens and cyber professionals is another area of focus. He says it includes organizing cyberfields for elementary students, working with school districts to develop cybersecurity curricula, as well as educational programs to help detect online misinformation.
“We have a whole inventory of things to get kids in the K-12 space,” Sanders says. “It’s one of our top priorities.”
For more information, visit the USF Cybersecurity, Computer and Engineering, or online academic programs.