This bill aims to strengthen cybersecurity measures in Florida by amending various sections of the Florida Statutes. Key provisions include the exemption of the state chief technology officer from the Career Service System, the establishment of the officer's roles and responsibilities, and the requirement for state agencies to report all ransomware and cybersecurity incidents to the Cybersecurity Operations Center. The bill also mandates that the Florida Digital Service support state agencies in utilizing electronic credentials and issue annual reports on alternative standards. Additionally, it revises the purpose of the Florida Digital Service to lead the creation of enterprise information technology and cybersecurity standards, while updating the membership of the Florida Cybersecurity Advisory Council and introducing new reporting requirements for both state and local governments.

Significant changes include the insertion of language that emphasizes the support for state agencies in utilizing electronic credentials and the requirement for timely reporting of cybersecurity incidents, reducing the notification window for ransomware and significant incidents from 48 hours to 12 hours. The bill also introduces a new requirement for local governments to notify the President of the Senate and the Speaker of the House of Representatives of certain incidents within 12 hours. Furthermore, it revises the composition of the Florida Cybersecurity Advisory Council, adding new members and designating the Chief Inspector General as an ex-officio, nonvoting member. The act is set to take effect on July 1, 2025.

Statutes affected:
S 770 Filed: 110.205, 282.0051, 282.3185, 282.319