Continue to StateScoop.com

Florida cyber chief: 'You cannot protect everything'

Risk assessments and expertise from the Florida National Guard’s cyber range direct state cyber policy into 2017 and beyond.

Jake Williams
Bio
Jake Williams Associate Publisher & Director of Strategic Initiatives

Jake Williams is currently the Associate Publisher & Director of Strategic Initiatives for StateScoop, based in Washington, D.C., where h...

Last year, the Florida legislature authorized the state’s Agency for State Technology to run cyber assessments on half its executive branch agencies. With those results in hand, state Chief Information Security Officer Danielle Alvarez said the state will develop future strategy focused on remediation.

“We’re making sure we have an accurate picture of our risk posture and security posture in the state,” Alvarez said. “We’re going to be working very heavily on that and aligning our future strategies on remediation.”

In 2016, the agency also partnered with the Florida National Guard to participate in their cyber range activity. The collaboration around the range enabled state employees to focus on training. The partnership will renew early 2017, Alvarez said, this time with an incident command system component that will enable the state to test emergency response efforts.

“We’re really excited about our ability to expand our training base and the capability of the training that occurs,” Alvarez said.

Even with assessments and training, cybersecurity preparedness still comes with a huge focus on risk, Alvarez said. With resource constraints and systems too broad to fully lock down, state officials need to take a risk-based approach to cyber.

“You cannot protect everything,” Alvarez said. “Florida’s a large state, and we have a lot of assets. In order to do that, we have to take a risk-based approach and protect our most critical assets primarily, and then work into the other assets as we can.”

That protection is especially important amid evolving motivations of bad cyber actors, Alvarez said. In the past, motivations were predominantly focused on identity theft. Now, with nation states and other organizations involved in cyber espionage, the stakes are raised.

“The threat landscape continues to evolve, but there are motivations that are very different than they were years ago,” Alvarez said. “[Now] there’s a loss of life facet that drives the motivation to a whole other level. … The attackers are getting bigger, they’re getting stronger in their skill set and in their techniques and tactics. That’s my biggest concern.”

Join the Conversation