House Bill 1293 amends various sections of Florida Statutes to strengthen cybersecurity measures and improve the management of information technology within state agencies. The bill introduces new definitions such as "As a service," "Cloud provider," and "Enterprise digital data," clarifying the responsibilities of state agencies in handling digital information. It designates the Florida Digital Service as the lead for enterprise IT and cybersecurity efforts, requiring independent oversight for projects costing $25 million or more and mandating quarterly reports on high-risk projects. Additionally, the bill establishes the role of a state chief technology officer, who will work with the state chief information officer to create an enterprise architecture framework and oversee IT initiatives.

The legislation also revises cybersecurity protocols, including the establishment of a Cybersecurity Operations Center led by the chief information security officer, responsible for incident response and risk assessment. It mandates that state agencies report cybersecurity incidents within specified timeframes, with a significant reduction in reporting time for ransomware incidents from 48 hours to 12 hours, and for other severe incidents from 12 hours to 6 hours. The bill enhances the Florida Cybersecurity Advisory Council by including representatives from local government and utility providers, ensuring better representation of critical infrastructure sectors. The act is set to take effect on July 1, 2025.

Statutes affected:
H 1293 Filed: 282.00515, 282.319