security

Florida hasn’t used $30 million in cybersecurity protection funding. Why not? – Tampa Bay Times


TALLAHASSEE — Florida lawmakers assigned $30 million this year for a host of cybersecurity measures in a one-time attempt to shore up the state’s defenses.

Months later, not a penny has been spent.

That’s according to Florida’s chief information officer, Jamie Grant, who told lawmakers Wednesday that his office is so short-staffed that it hasn’t come up with a plan to spend the money.

That means millions for training, threat assessments, infrastructure hardening and software remain on hold seven months after his office requested the money.

When asked by the Times/Herald when his office would have a plan in place, Grant declined to say.

The announcement comes after months of high-level departures in the office, which has alarmed observers who say the state was already short-staffed to defend against a rising number of cyberthreats.

Related: Florida lacks cybersecurity experts as state sees growing threats

Grant was Gov. Ron DeSantis’ pick last year to lead the Florida Digital Service, the state’s new technology office that is the first line of defense against cyberthreats for Florida’s $105 billion government. Grant is an attorney and former lawmaker from Tampa who had little experience or training in technology.

Since taking over, Grant has lost two chief information security officers, the chief data officer, the enterprise architect, the chief operations officer and half of the state’s new cybersecurity team.

Several quit abruptly without giving notice, and several told the Times/Herald last month that they bristled under Grant’s management style.

Like state and local governments across the country, agencies in Florida haven’t been immune from the rising number of cyberattacks driven, in part, from the decentralization of employees during the pandemic. The state’s licensing agency was brought down by a cyberattack last year, and at least 58,000 unemployment recipients had their personal information stolen by attackers this year.

A state cybersecurity task force was created by lawmakers in 2019 and in February, it recommended dozens of ways to shore up state security. In March, Grant’s office told lawmakers it needed $30 million to implement the recommendations, including $672,000 for cybersecurity training, $3.2 million for a new Cybersecurity Operations Center and $320,000 to buy an “incident tracking tool.”

Lawmakers signed off on the money but required him to submit detailed plans when drawing it down each quarter.

Instead of spending the money piecemeal, Grant said he believes he needs to request all $30 million at once. He can’t do that yet, he said, because the few people he has are busy responding to cyberthreats.

“One of the things our team’s challenged with is just, with the limited number of people, having to do incident response and coordinate with the policy team on the operational work plan,” he told a House committee.

He added that he wanted to prevent “putting something in writing that makes us look laughable later.”

The announcement occurred during a meeting of the House Government Operations Subcommittee, where lawmakers spent an hour questioning Grant about cyberthreats and the vacancies in his office. About a third of the 185 positions are vacant.

Republican and Democratic lawmakers asked Grant multiple times what he needed to fill the positions.

“It just seems like the office is struggling,” Rep. Carlos Guillermo Smith, D-Orlando, told Grant. “Do we just need more money to recruit people into these positions? Do we just need more money?”

Grant said a complicated budgeting problem in his office is preventing him from hiring some people.

Grant also criticized the Times/Herald’s reporting on his office, calling it “clickbait.”

“It’s unfortunate that some people try to make news salaciously,” he said. “The only thing worse than not having a conversation is having a misinformed conversation that just intentionally seeks to sow discord.”

After the meeting, Smith said it’s a “concern” the money hasn’t been spent “because it’s funding a critical need.”

“The departures and vacancies very clearly are impacting Florida Digital Service’s ability to achieve its mission,” he said. “All Floridians need him to succeed because the issue of cybersecurity and protecting Floridians’ data is of utmost importance.”

Grant assured lawmakers that the work is being done. He implied that some people had left for behavioral reasons, although his office did not respond when asked for details.

“Some turnover is good and very healthy,” he told lawmakers. “Sometimes you give opportunities for people to resign and to move on rather than protracting an HR event.”



READ SOURCE

Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.