In October of 2023, the (Cyber Florida) at the 国产短视频 (USF) and Florida Digital Service collaborated to launch the state鈥檚 first statewide assessment of both public and private critical infrastructure cybersecurity. The assessment was part of a significant investment by the Florida Legislature to enhance the state鈥檚 cyber resiliency, dubbed 鈥.鈥
Because the original task focused on risk and vulnerability of Florida鈥檚 critical infrastructure, there was also a need to analyze the threats in a cyber intelligence assessment.
The project leaders approached the School of Information (iSchool) at USF鈥攚hich is home to its cyber intelligence programs鈥攖o develop the threat/intelligence assessment.
Led by Dr. Stephen Gary, iSchool associate professor of instruction, and supported by iSchool colleagues, Dr. Randy Borum, director, and RJ Burney, a graduate of the iSchool鈥檚 cyber intelligence program and subject matter expert on securing critical infrastructure, the team worked at Cyber Florida鈥檚 request to fill the gap in the assessment.
鈥淲e worked closely with Cyber Florida and had some collaboration with Florida Department of Law Enforcement. By limiting collaboration with other entities, we could ensure an unbiased independent study,鈥 Gary said. 鈥淭his is the first cybersecurity intelligence report conducted for Florida's critical infrastructure, but we plan to produce annual reports going forward.鈥
Gary, who explained that their was added to the original report鈥檚 appendix, said that their assessment provides recommendations for addressing the evolving nature of cybersecurity threats and challenges.
鈥淐yber threats, actors and technology, have continuously increased over the years. Cyber threat actors have been improving their skills, to include using AI. We highlight the fact that we need to stay ahead of the cyber threat actors, especially in the field of AI. We are fighting AI with AI,鈥 Gary said.
鈥淢ost of the recommendations for securing a critical infrastructure (CI) network applies to all networks. We can tailor a cyber intelligence report/assessment to a specific network, but for this report we conducted a broad assessment of cyber threats to Florida's CI. Organizations and individuals can and should conduct cyber intelligence assessments specific to their networks,鈥 he explained.
Borum also highlighted the need for expanding the cyber intelligence and CI workforce.
鈥淕iven how vital, far-reaching (and often how vulnerable) our critical infrastructure is, there is a compelling need to build the workforce. Our recommendations include a critical infrastructure cyber threat/security lab to provide a platform for advanced training and an operational hub for the kind of analyses we did for this report.鈥
Other recommendations include a state cyber intelligence center and a statewide CI
cyber threat warning system.
Gary emphasized the importance of reassessing CI regularly.
鈥淐I will always be a target for cyber threat actors, whether for ransomware or for nation states to gain a foothold for possible future cyber-attacks. We need to understand the threats to CI and the CI vulnerabilities to determine the risk.鈥
鈥淏ottom line, cyber intelligence helps us to understand the cyber threats to organizations. The more we know about the cyber threats the better our cybersecurity will be.鈥