T H E
CYBER FLORIDA 2020
2023
S T R AT E G I C
P L A N
2 | Cyber Florida 2020-2023 Strategic Plan
Introduction The Florida Center for Cybersecurity, also known as Cyber Florida, was established by the state legislature in 2014 to “position Florida and its related workforce as a national leader in cybersecurity through education, research, and community engagement.” Assigning the center to the University of South Florida (USF), the state charged it to work with all 12 State University System of Florida (SUS) institutions to:
T F A R D • Assist in the creation of jobs in the state’s cybersecurity industry and enhance the existing cybersecurity workforce.
• Act as a cooperative facilitator for state business and higher education communities to share cybersecurity knowledge, resources, and training.
• Seek out partnerships with major military installations to assist, when possible, in homeland cybersecurity defense initiatives.
• Attract cybersecurity companies to the state with an emphasis on defense, finance, health care, transportation, and utility sectors.
These words, taken directly from Chapter 1004.444 of the Florida statutes, are the basis for our three primary mission areas—education, research, and community engagement—and we have developed the following strategic plan to achieve them.
For many, cyberspace is an abstract concept only accessible through a laptop or
computer screen. Cyberspace, however, touches almost every aspect of business,
government, and life in general. From banking, communications, travel, shopping,
What is Cyberspace?
and healthcare to automated systems, social media, and online resources, cyberspace is an integral component of the modern world. In this context, cybersecurity is
freedom from and resilience against potential harm or other unwanted coercive change
caused by others in and from cyberspace. Cybersecurity is the confluence of technology (systems, software, hardware, and infrastructure), people, and policy that protects our systems, data, and people in cyberspace
Accordingly, over the next three years, Cyber Florida will focus on: 1. Increasing the talent pool of graduates from the SUS and its feeder educational institutions with cybersecurity-related competencies that are ‘ready for hire’ by industry and government employers across the state and the nation; 2. Enabling and supporting, through funding and other means, transdisciplinary SUS faculty research that contributes to the ‘state of the art’ in cybersecurity; and
Cyber Florida 2020-2023 Strategic Plan | 3
3. Engaging with key demographic and community groups, such as the state’s businesses, local governments, and school districts, as well as the general public to educate them on cybersecurity threats and how they can best defend themselves against them. After describing our strategic planning assumptions, we elaborate on each of these three mission areas below, with detailed initiatives and key performance metrics proposed for each.
T F A R D
Strategic Planning Assumptions The nation has become increasingly reliant on digitized data, information systems, and
computer networks to sustain and improve our way of life. If anything, this reliance has been
accelerated by the current COVID-19 crisis, as
we must now live almost all of our lives online. However, we believe that even after that crisis passes, this trend will continue over the next
three years and beyond. In short, our society, our economy, and our very national security will depend on secure information technologies and systems.
However, as that dependence continues, so too
Strategic Planning Assumptions, 2020-2023
• Florida’s dependence on information technologies will continue to increase, along with the vulnerabilities associated with it. • We will see cyberattacks at all levels—targeting everything from critical infrastructure to individual citizens—that try to exploit those vulnerabilities.
• Cyber threats will come from nation-states and the criminal organizations they sponsor as well as from cybercriminals and hacktivists with a political agenda.
does our vulnerability to cybersecurity threats. For example, the depth and breadth of social
media-driven misinformation and disinforma-
tion campaigns aimed at influencing America’s political landscape and sowing discord among
the American people has become frighteningly apparent, and that trend will surely continue through 2023 and beyond.
• Florida (and the nation) will have to make continued investments in cybersecurity education, research, and community engagement to address those threats. • We cannot afford to relax our vigilance, even as the state and the US must make other critical public policy and fiscal decisions to sustain an economy bruised by COVID-19.
But whether those threats will come from other
nation-states intent on influencing our elections and stealing innovations, foreign companies stealing our intellectual property, or cybercriminals who just want to steal our money, we—our citizens, schools, businesses, and governments— will continue to struggle to keep pace. As a state and a nation, we simply do not have enough knowledge or resources to sufficiently address these vulnerabilities. Therefore, even as we continue to push technology for the betterment of our way of life, we incur more and more cybersecurity risks. This is the focus and purpose of Cyber Florida: through our efforts in cybersecurity education, research, and community engagement, our three-year strategic plan aims to help close the gap between digital dependence and risk.
4 | Cyber Florida 2020-2023 Strategic Plan
Strategic Vision USF President Dr. Steven Currall has charged us with taking Cyber Florida ‘to the next level’ when it comes to having a statewide and national impact, and now, in its sixth year, the center is poised to do so under the guidance of this strategic plan and a refocused and re-energized senior leadership team. Building upon the center’s accomplishments to date, the new vision is nothing less than to make Florida the nation’s most ‘cyber-secure’ state through
T F A R D investments in cybersecurity education, research, and community engagement.
It is noted that Cyber Florida cannot achieve that end-state on its own…we do not teach
students nor do we engage in cyber-related research; instead, we must address the cyber
threat indirectly, through others…most notably through the twelve institutions that comprise
the SUS. To that end, the center will seek to collaborate as an ‘enabler’ with those institutions and other key public and private stakeholders—like the state’s Departments of Management
Services and Education, the Florida League of Cities, the Chamber of Commerce, and others— to leverage all the resources that the state can bring to bear on the cybersecurity challenge.
Strategic Goals and Metrics
Cyber Florida has identified three overarching goals, each serving as a major ‘line of effort’ as we
work to achieve our vision. Each of the center’s goals links to one or more corresponding goals in the Florida Higher Education Board of Governors (BOG) 2025 System Strategic Plan1 in the areas of Teaching and Learning; Scholarship, Research and Innovation; and Community and Business
Engagement. Each of the center’s goals includes one or more specific objectives that will guide
our near- and medium-term activities, as well as proposed Key Performance Indicators (KPIs) to allow for continuous planning and the ability to adapt and remain dynamic. In so doing, we will
ensure transparency and accountability within our own organization, as well as provide insights
to USF leadership, the BOG, and our other stakeholders, so that they may gauge progress toward
our goals. However, we note that several of
2019 USF Cyber Camp
our proposed KPIs are untested, with data
sources that may prove difficult to identify
or collect; accordingly, we will evaluate our proposed KPIs during the first year of the
implementation to assess our ability to collect timely, accurate data, and revise those KPIs as necessary.
Cyber Florida 2020-2023 Strategic Plan | 5
T F A R D
2019 CodebreakHERS class
Goal 1 Education – Increase the number of cybersecurity professionals.
This goal corresponds to the BOG’s Teaching and Learning mission area, which embodies its commitment to enhancing
the quality and reputation of the SUS and focusing its academic resources to lead Florida’s efforts to expand the state’s knowledge and innovation economy. In that regard, the BOG has established three goals:2 • Strengthen the quality and reputation of academic programs and universities;
Current K-12 Initiatives
• Increase degree productivity and program efficiency, and
• Increase the number of degrees awarded in STEM/health fields and other areas of strategic emphasis
Our strategic plan is intended to help achieve each of these goals by
increasing the state’s cybersecurity pipeline. In that regard, cybersecurity is all about talent, and there is simply not enough of it. According to various sources, there are at least 500,000 vacant cybersecurity
positions in the US alone, with Florida’s share estimated to be at least 25,000. We think those numbers are understated, but whatever they
are, they make clear the first of our programmatic priorities: Increase the quantity and quality of Florida’s cybersecurity workforce by working with (and through) our SUS partners, the public and private sectors, and Florida’s educational institutions, from its Department of Education and its state colleges to vocational schools and local school districts and educators.
• Partnership with Florida Center for Instructional Technology (FCIT) • National K-12 curriculum model (funded by a National Cryptologic Museum Grant) • Cyber Hub Curriculum Sharing/Learning Platform
• Cyber Course Scope and Sequence for HS Seniors (with Hillsborough, Pinellas, other area school districts) • National Initiative for Cybersecurity Education K-12 Conference (with FIU) • Summer Cybersecurity Camps for Elementary/HS Students, Teachers (with area school districts)
6 | Cyber Florida 2020-2023 Strategic Plan
Sub-Goal 1.1 Increase Florida’s K-12 cybersecurity pipeline by helping to develop courses, curricula, students, and teachers
Sub-Goal 1.2 Increase the number and quality of cybersecurity and related degree programs and graduates
T F A R D Sub-Goal 1.3
Sponsor and support cyber professional/vocational education activities for practitioners and other working adults
Sub-Goal 1.1 Increase Florida’s K-12 cybersecurity pipeline.
The cybersecurity talent pipeline must begin with K-12 cybersecurity education, including not only basic/foundational STEM skills for those students who may choose cybersecurity as a career but also more foundational instruction in cyber hygiene and digital citizenship.
Means: To achieve this objective, we will sponsor, develop, and/or pilot key initiatives with the Florida Center for Instructional Technology (FCIT) , which is housed at USF; SUS colleges of education; Florida’s various public education stakeholders, to include the state’s Department of Education and local school district officials and educators; as well other industry and nonprofit stakeholders like the National Cryptologic Museum Foundation.4
Methods: Initiatives currently include the design of a model K-12 Cybersecurity Essentials curriculum, for high school
seniors and high-potential juniors, that can be exported across the state; professional development symposia for K-12
educators to increase the number and capacity of those able to teach cybersecurity; and cybersecurity summer camps to introduce K-12 students to this subject and foster their interest in it.
Sub-Goal 1.2 Increase the number and quality of cybersecurity degree programs and graduates.
This is perhaps the most critical part of the cybersecurity talent pipeline, and we will focus on increasing the number
and quality of undergraduate cybersecurity degree programs offered by SUS institutions. Note in this regard that only
two SUS institutions (USF and the University of West Florida) offer an undergraduate degree in cybersecurity, and this must improve. However, we also note that study in numerous other STEM majors can prepare students for careers in or related to cybersecurity. Accordingly, in addition to seeking to increase the number of students graduating in specific cybersecurity-focused degree programs, we will also focus on increasing the number of students enrolled in and graduating from programs that contribute to the cybersecurity workforce, such as electrical engineering, computer science and engineering, information systems management, and data science. Most SUS institutions offer degrees in these areas, and many may offer courses and/or concentrations in cybersecurity.
Cyber Florida 2020-2023 Strategic Plan | 7
Means: We will work through our new Cyber Florida Governing Council of deans and equivalents from the 12 SUS institutions, as well as our various contacts across the SUS, to develop and share curriculum. In addition, we will work with the BOG to better identify programs that contribute to the cybersecurity workforce so that we may better track the number of programs and the number of graduates completing such programs each year . Methods: We have partnered with the University of West Florida (UWF) to obtain a grant from the National Security Agency (NSA) to help other institutions—in Florida as well as the Southeast US—receive the coveted NSA/Depart-
T F A R D
ment of Homeland Security (DHS) Center of Academic Excellence5 certification regarding their cybersecurity course
offerings, and we have applied for a second grant from NSA to develop a national Cybersecurity Workforce Development Model (also with UWF).
Sub-Goal 1.3 Sponsor and support cyber professional/vocational education.
The rapidly evolving nature of cybersecurity threats demands ongoing education, not only for cybersecurity professionals but also for businesses in general and the employees who rely on digital resources to perform their jobs.
Every user is a potential target for social engineering attacks, and executives need to be aware of the threats facing
their organization to provide training, allocate resources and implement plans appropriately. Additionally, the ongoing
talent shortage in the field requires that we expand the potential pool of candidates by creating more avenues for career changers, veterans, women, minorities, and other groups who are underrepresented in the field. Fortunately,
many entry-level positions do not require a four-year degree, making rapid training bootcamps a viable option for bringing more professionals into the field.
Current Higher Ed/Professional Development Initiatives • Regional Hub for NSA/DHS Centers for Academic Excellence (with UWF) • Five-Year Review and Update of USF Interdisciplinary MS in Cybersecurity
• National Cybersecurity Student Competition (NSA grant, with USF and UCF) • Curriculum-sharing and support for undergraduate cybersecurity degree (currently offered by UWF and USF) • Student Security Clearance Initiative with Florida Defense Industry Leaders
• Cyber Florida Security Operations Center (SOC) Apprenticeship and Internship Programs
• Cyber Hub curriculum-sharing and research collaboration portal
• Cyber Hub Cyber Range and cyber laboratory/ exercise platform • Cybersecurity for C-Suite Execs, Board Members (with Muma College of Business) • Cybersecurity Scholarships Initiative
8 | Cyber Florida 2020-2023 Strategic Plan
Means: We will partner with SUS institutions, particularly colleges of business, to develop workshops and certificate programs for executives and board members to become more aware of the cyber risks facing their organizations and to learn cyber crisis preparation and management. We will evaluate our existing rapid-training program for entry-level cybersecurity analysts and seek funding and partnerships to support implementation at locations throughout the state. Methods: We currently work with USF’s Muma College of Businesses to deliver executive
T F A R D cybersecurity awareness training and have developed and delivered a workshop for local government leaders to learn cyber risk awareness and crisis preparation. We are creating
variations of that workshop to suit different industries, such as healthcare. Additionally, in
cooperation with UWF, we have applied for an NSA grant for Workforce Development that, if
selected, will support the expansion of our rapid training program. We are also in discussions with UWF’s Center for Cybersecurity and the state’s Center for Military and Veterans
Resources to share our curriculum with them to develop a rapid training program for veterans throughout Florida.
Goal 1 Key Performance Indicators
With the assistance of the BOG staff, USF’s Office of Decision Support, and Cyber Florida’s Governing Council, we will establish a baseline set of KPIs in FY 2021 and begin to track the following on an annual basis:
• Number of K-12 students, teachers, and/or classes in cybersecurity and related topics (like
basic coding and computer science), to include cyber hygiene, cyber citizenship, and basic/
foundational cybersecurity competencies, as well as basic/introductory courses in STEM and information technology (Sub-Goal 1.1)
• Number of undergraduate and graduate degree programs offered by SUS institutions and
(eventually) state colleges in cybersecurity and related academic disciplines (Sub-Goal 1.2)
• Number of students enrolled and graduating with cybersecurity-related degrees from SUS institutions and (eventually) state colleges (Sub-Goal 1.2)
• Number of initial student/graduate placements in cybersecurity-related positions in Florida and the US generally (Sub-Goal 1.2) • Number of practitioners and professionals participating in Cyber Florida classes, events, and related professional development activities (Sub-Goal 1.3) As noted above, these KPIs are aspirational. Some may be difficult to collect and capture, especially at first, and as a consequence, they will be evaluated in 12 months to determine their viability and revised if/as necessary. However, Cyber Florida remains committed to measuring our progress—and the state’s—towards our goals.
Cyber Florida 2020-2023 Strategic Plan | 9
Current Research Initiatives • SEED grants to support interdisciplinary. cross-SUS cyber research
• Expert grant proposal ‘closer’ support to SUS researchers
T F A R D
• Capacity-building grants to support cyber teaching and related efforts
• Expanded state-wide research symposia with other SUS institutions
• Expedited process to allocate grants awards to other SUS institutions
• Publication of student/faculty research papers and projects
• Cyber Hub curriculum-sharing and research collaboration portal
• Rapid research grants focusing on topical issues like cybersecurity implications of COVID-19 and election security
Goal 2 Research: Contribute to the state-of-the-art in cybersecurity research.
This goal corresponds to the BOG’s Scholarship, Research, and Innovation mission area, in
which the Board commits to more sharply focus the research agenda for the SUS by identifying the research strengths and priorities and by strengthening research collaboration among SUS universities to:
• Improve the quality and reputation of scholarship, research, and innovation
• Increase research activity and attract more external funding • Increase research commercialization activities
For our part, Cyber Florida aims to have a significantly greater
impact on cybersecurity research, within the state and across the nation, and in so doing, contribute to the ‘state of the art’
in the discipline. Given that Cyber Florida does not have a resident research capability of its own, it must play an enabling role, supporting scholars and researchers across the SUS as they undertake these efforts by:
Sub-Goal 2.1
Expanding, accelerating, and targeting Cyber Florida’s grant programs, and assisting scholars in attaining
initial and/or follow-on funding from major grant-making organizations, such as the National Science Foundation (NSF);
Sub-Goal 2.2 Encouraging and expanding statewide cybersecurity research collaboration and funding; and
Sub-Goal 2.3 Shaping the federal research agenda to create more grants and funding opportunities.
10 | Cyber Florida 2020-2023 Strategic Plan
Sub-Goal 2.1 Expand, accelerate, target Cyber Florida grant programs. While small, Cyber Florida’s Collaborative Seed Award program—up to ten $75,000 grants per year—has achieved an impressive return on investment (ROI), with almost $3.0M in grants awarded to date, yielding over $14M in follow-on funding from the NSF and other grant-making agencies, representing an ROI of more than 480%. Our intention is to continue this effort; however, we can improve upon it. We will also explore ways to issue ‘rapid research awards’ to
T F A R D address pressing cybersecurity issues like rampant ransomware.
Means: Our ability to quickly disburse Collaborative Seed Award funds to scholars at other universities has been
hampered by procedural delays that are being addressed. In addition, subject to fiscal constraints, we plan to restart a second award program to support the development of cybersecurity education capacity; that program was halted in FY 2020, but several stakeholders have expressed strong interest in resuming it, if funding permits.
Methods: We will work with USF’s Office of Sponsored Research to effect process improvements that will allow for more expeditious inter-institutional allocation of award monies, to include both Collaborative Seed and Capacity Building awards. In addition, we will learn from our first experiment in ‘rapid research awards’ (involving the
cybersecurity aspects of COVID-19) and continue to explore ways of improving both the process and the results.
Sub-Goal 2.2 Expand statewide cyber research collaboration and funding.
Heretofore, Cyber Florida has had only a nominal influence on grant applications originating from other SUS
institutions. Our current Cybersecurity Collaborative Seed awards require Principal Investigators (PIs) from two
or more SUS institutions, and that has been effective in encouraging cross-university collaboration; however, our grant program is relatively modest and may be too small to significantly influence behavior, so we will explore other alternatives, such as helping researchers obtain larger federal grants for cybersecurity research.
Means: We will continue to host and/or sponsor our own cybersecurity research symposium but will also partner with other SUS institutions in this regard; for example, the University of Florida also sponsors a prestigious annual research
forum, and it may be optimal to sponsor and expand it. We are also examining the feasibility of (1) providing more Cyber Florida resources to support statewide research efforts, to include a grant-writing expert and/or a tenured/tenure-track faculty member from one of the 12 SUS schools to identify relevant grant opportunities and coordinate grant
applications, and (2) establishing a ‘research portal’ on our CyberHub to encourage cross-SUS collaboration in this area. Methods: We will make this a priority of Cyber Florida’s new Governing Council and, in collaboration with its members and the BOG, we will develop a strategy to enable more and better cybersecurity research across the SUS, and we will look for opportunities to partner with other SUS institutions to model this. We achieved this with success (see inset) in applying for and winning grants awarded by the NSA, each successful bid made in partnership with one or more other SUS institutions. We also will work with USF’s Office of Sponsored Research and its SUS counterparts to identify other ways to enable ‘state of the art’ research.
Cyber Florida 2020-2023 Strategic Plan | 11
Sub-Goal 2.3 Shape Federal grant funding to create more SUS cybersecurity research opportunities. Finally, we believe that Cyber Florida—and the SUS more generally—must generate more cybersecurity-related grant and other funding opportunities at the federal level with the NSF; the Departments of Defense (DOD), Homeland Security, and Energy; and others. And to increase our chances of winning these grants, we must work proactively with relevant officials of these agencies, ‘shaping’ their research agendas to focus on the intellectual strength of SUS scholars and institutions.
T F A R D
Means: We will reach out to key officials of federal grant-funding agencies, as well as key congressional members and staff, to introduce Cyber Florida and the SUS ‘bench’ of cybersecurity-related researchers, research centers,
and institutions and their strengths and capabilities, and we will establish ongoing, working relationships with those officials—not just in Washington, but also in Florida’s key defense, energy, and other sectors (like DOD and DHS in
Pensacola) and the major ‘combat and commands’ housed in Florida (US CENTCOM and US SOCOM at MacDill AFB, or US SOUTHCOM in Miami)— to understand (and wherever possible, influence) their research appropriations and
agendas in advance. There also are opportunities to obtain research grants from interested businesses in Florida.
Methods: Ideally, we would like to see USF/Cyber Florida designated as a University Affiliated Research Center (UARC), which would flow significant federal funding for cybersecurity-related research into the state. In addition to working with key staff in the federal government’s Legislative and Executive Branches, we would work closely with the USF
College of Engineering’s Institute of Advanced Engineering, which is pursuing UARC status to coordinate and optimize our efforts in this area.
Goal 2 Key Performance Indicators
With the assistance of the BOG staff, USF’s Office of Decision Support, and Cyber Florida’s Governing Council, we will establish a baseline set of KPIs in FY 2021 and begin to track the following on an annual basis:
• Cyber Florida grant award timeliness, from announcement and application to award and disbursement of funds (Sub-Goal 1.1)
• Cyber Florida Collaborative Seed and Capacity Building awards ROI, to include the amount of follow-on funding generated (Sub-Goal 1.2)
• Number of publications in top-tier academic and/or professional journals resulting from Collaborative Seed and Capacity Building awards (Sub-Goal 1.2)
• Number of grants and total grant funding for cybersecurity research awarded to SUS scholars (Sub-Goal 1.2/1.3) • Number of cybersecurity-related articles published by SUS scholars in top-tier academic and professional journals, as well as relevant books/book chapters (Sub-Goal 1.3) • Number of cybersecurity-related patents applied for and/or awarded to SUS scholars (Sub-Goal 1.3)
As noted , these KPIs are aspirational. Some may
be difficult to collect and
capture, especially at first, and as a consequence,
they will be evaluated in 12 months to determine their viability and revised if/as necessary. However, Cyber Florida remains committed
to measuring our progress— and the state’s—towards our goals.
12 | Cyber Florida 2020-2023 Strategic Plan
Goal 3 Engagement: Make Florida the most ‘cyber-secure’ state This goal corresponds to the BOG’s Community and Business Engagement mission area, which encourages collaboration between “universities and their larger communities…for the mutually beneficial exchange of knowledge and resources.” The BOG has established three goals in this area, as follows7:
T F A R D • Strengthen the quality and recognition of commitment to community and business engagement • Increase levels of community and business engagement • Increase community and business workforce
Cybersecurity is a collective responsibility as any network or device can only be as secure as its users. Therefore,
Sub-Goal 3.1
to improve the state’s overall cybersecurity posture, we
Improve the cybersecurity of Florida’s
must work to improve the awareness and behaviors of its
public and private sectors
citizens—the users who represent the first line of defense
against cybercriminals and nation-states seeking intellectual
Sub-Goal 3.2
capital. We have initiated programs to help small businesses,
Improve the ‘cyber hygiene’ of Florida’s
local governments, and senior citizens improve their cyber
citizens
hygiene. We intend to continue to grow these initiatives
and expand to new audiences to build not only cyber hygiene awareness but also cyber career awareness among Floridians
statewide. To that end, we have established three sub-goals,
Sub-Goal 3.3
Develop, implement a public policy agenda
as follows:
Sub-Goal 3.1 Improve the cybersecurity of Florida’s public, private sectors
Many organizations view cybersecurity as “an IT problem,” and cybersecurity is often viewed as a cost center, not a profit center. It is this limited understanding that makes victims of far
too many businesses. Small organizations, in particular, often suffer from a lack of resources to train employees, hire cybersecurity staff, or employ third-party solutions. Beyond that, some organizations simply do not know where to start. This recent issuance of the Department of Defense Cybersecurity Maturity Model Certification (CMMC) standards8, which enumerates the cybersecurity protocols businesses must have in place to be eligible for
defense contracts, highlights the problem. Many smaller defense contractors know they are not in compliance, but do not know how to bring their businesses into compliance.
Cyber Florida 2020-2023 Strategic Plan | 13
Means: We will continue to expand our outreach and educational programs, connecting with smaller organizations in both the public and private sector, to provide awareness programs and resources to help them improve and maintain their cybersecurity posture. Additionally, we will continue to support SUS and other state and public entities with supplemental cybersecurity assistance through the Security Operations Center Apprenticeship Program and Technical Advisories.
T F A R D
Methods: We will work with our SUS partners, public entities, nonprofits, and trade organizations to reach Florida’s small- and medium-sized businesses, local governments, and other
vulnerable groups to provide cyber hygiene education and cyberattack preparation and mitigation
training through events and online resources. We will build a network of advocates in industries throughout the state to help us share our message and recruit organizations to participate in educational and outreach programs. We will continue to build the Security Operations Center
Apprenticeship Program (SOCAP), which provides hands-on experience for SUS students and
supplemental support services to SUS institutions and other public entities. We will also work with private sector partners to help fund the expansion of the SOCAP program.
Community Engagement Initiatives
• Tabletop exercises and simulations for Tampa General Hospital, Tampa International Airport. Federal Executive Institute, others
• Major conference on ‘Cybersecurity Competition Between the Great Powers’, with US Central Command
• Cyber Hub ‘Cyber Range’ Exercise and Simulation Platform
• Continuing series of local government workshops, with SUS partners (example: Alachua County, with University of Florida)
• Cybercrime workshops for Florida Department of Law Enforcement • Symposia for DOD contractors on its Cybersecurity Maturity Model Certification standards
• Establishment of Cybersecurity Employers Network (with UWF, as part of NSA grant)
• Continuing series of Webinars and Podcasts on cybersecurity topics of interest
14 | Cyber Florida 2020-2023 Strategic Plan
Sub-Goal 3.2 Improve the ‘cyber hygiene’ of Florida’s citizens. Creating a more secure state—and along with it a larger talent pool of cyber-savvy citizens and workers—starts with an informed citizenry. Social engineering tactics that target human psychology rather than technology have become the primary means by which criminals and nation-states engage in cybercrime and cyberattacks, and these days that even includes mis/disinformation campaigns bent on sowing discord. Sadly, many Floridians fall victim to these campaigns,
T F A R D online scams, fake social media reports, and other fraudulent online activity and, as a consequence, it is incumbent
upon Cyber Florida to help educate our fellow citizens to be safer online, and thus, create a more ‘cyber-secure’ state. Means: Cyber Florida will develop and execute targeted cyber hygiene campaigns for Florida citizens. These
campaigns will be prioritized by urgent threats and targeted demographics. For example, senior citizens are one of
the largest populations victimized by cybercrime, so we will leverage digital media targeting methods to ensure our messages reach this vulnerable group.
Methods: We will leverage digital outlets such as social media and through paid campaigns and organic reach.
Through our website, social media channels, and 5,000+ and growing email list, we will share cyber safety messages
and actionable steps for improving personal cybersecurity. We will conduct surveys and research to identify gaps in awareness and to guide our campaigns to address the greatest needs. Through our digital outlets, we will provide timely, actionable non-technical threat advisories and educational resources.
Sub-Goal 3.3 Develop, implement a public policy agenda
Connectivity is no longer a novelty nor a luxury. It has become a necessity for conducting business, education, and government affairs in the modern age. It is essential to modern information sharing and touches the lives
of virtually every American. To address the challenges that accompany our connected world, public policy must keep pace with and anticipate technological advancements. Legislation protecting citizens’ privacy, infusing
cybersecurity into public school curricula, and directing resources toward improving the critical infrastructure cybersecurity is fundamental to overcoming the challenges facing our nation in cyberspace.
Means: Cyber Florida will establish relationships with key public officials and other stakeholders to contribute to the conversation at the state level and influence decision-makers to work toward a more cyber-secure Florida.
Methods: Cyber Florida will leverage our SUS partners and existing relationships with organizations such as the
Florida League of Cities9 and the Florida Association of Counties10 to build relationships with state-level legislators and public officials. We will work with these organizations and individuals to develop and socialize legislation, secure additional appropriations, and introduce regulation recommendations to improve the state’s cybersecurity posture and support the growth of talent pipeline.
Cyber Florida 2020-2023 Strategic Plan | 15
Goal 3 Key Performance Indicators With the assistance of the BOG staff, USF’s Office of Decision Support, and Cyber Florida’s Governing Council, we will establish a baseline set of KPIs in FY 2021 and begin to track the following on an annual basis:
• Number and type of awareness events held, by topic, target audience, number of attendees (Sub-Goal 3.1)
T F A R D
• Number and type of partner organizations engaged, and tangible results achieved via those partnerships (Sub-Goal 3.2)
• Awareness Campaign traffic and analytics to track citizen engagement and learning
• Website traffic, social media, and other analytics that demonstrate increased community and business engagement (Sub-Goal 3.1/3.2)
• Number and type of major reported cybercrimes in the state, such as ransomware attacks, etc. (Sub-Goal 3.2) • Cybersecurity legislative accomplishments (Sub-Goal 3.3)
As noted above, these KPIs are aspirational. Some may be difficult to collect and capture, especially at first, and
as a consequence, they will be evaluated in 12 months to determine their viability and revised if/as necessary. However, Cyber Florida remains committed to measuring our progress—and the state’s—towards our goals.
Endnotes
https://www.flbog.edu/wp-content/uploads/2025_System_Strategic_Plan_2019.pdf
1
https://www.flbog.edu/wp-content/uploads/2025_System_Strategic_Plan_2019.pdf
2
https://fcit.usf.edu/
3
https://www.nsa.gov/about/cryptologic-heritage/museum/
4
https://www.nsa.gov/resources/students-educators/centers-academic-excellence/
5
https://www.flbog.edu/wp-content/uploads/2025_System_Strategic_Plan_2019.pdf
6
https://www.flbog.edu/wp-content/uploads/2025_System_Strategic_Plan_2019.pdf
7
https://www.cmmcab.org/
8
https://floridaleagueofcities.com/
9
https://www.fl-counties.com/
10
16 | Cyber Florida 2020-2023 Strategic Plan
The following pages illustrate how Cyber Florida’s strategic goals align to the strategic goals of our host institution, the University of South Florida, as well as to the goals outlined in the Florida Board of Governors’ 2025 System Strategic Plan.
SUS 2025 Strategic Plan Goals
T F A R D
Teaching & Learning
1- Strengthen Quality & Reputation of Academic Programs & Universities
2 - Increase Degree Productivity & Program Efficiency
3 - Increase the Number of Degrees Awarded Within Programs of Strategic Emphasis
Scholarship, Research, & Innovation
4 - Strengthen Quality & Reputation of Scholarship, Research, & Innovation
5 - Increase Research Activity & Attract More External Funding
6 - Increase Commercialization Activity
Community & Business Engagement
7 - Strengthen Quality & Recognition of Commitment to Community & Business Engagement
8 - Increase Community & Business Engagement
9 - Increase Community & Business Workforce
USF Mission and Goals
1. To promote the lifelong success of well-educated, highly skilled, and adaptable alumnae/alumni who lead enriched lives, are engaged citizens and thrive in a dynamic global market.
2. To conduct high-impact research and innovation to advance frontiers of knowledge, solve global problems and improve lives.
3. To be a major social and economic engine creating robust global, national and regional partnerships to build a prosperous and sustainable future for our regional communities and the State of Florida. 4. To provide a safe, inclusive and vibrant community for learning, discovery, creative activities and transformative experiences enabled through adaptive design of physical, social and digital environments. 5. To practice continuous visionary planning and sound management throughout USF to ensure a strong and sustainable financial base, and to adapt proactively to emerging opportunities in a dynamic environment.
Cyber Florida 2020-2023 Strategic Plan | 17
Cyber Florida Goals
Align with USF Strategic Plan Goals
Align with SUS 2025 Strategic Plan Goals
Goal 1: Education – Increase the number of cybersecurity professionals. Sub-Goal 1.1 – Increase Florida’s K-12 cybersecurity pipeline.
1, 3
2, 3
Sub-Goal 1.2 – Increase the number and quality of cybersecurity degree programs and graduates.
1, 3
1, 2, 3, 9
Sub-Goal 1.3: Sponsor and support cyber professional/ vocational education.
3
7, 9
Sub-Goal 2.1: Expand, accelerate, target Cyber Florida grant programs.
2
4, 5, 6
Sub-Goal 2.2: Expand statewide cyber research collaboration & funding.
2
4, 5, 6
Sub-Goal 2.3 – Shape Federal grant funding to create more SUS cybersecurity research opportunities.
2, 3
5
Subgoal 3.1: Improve the cybersecurity of Florida’s public, private sectors
3
7, 8
Subgoal 3.2: Improve the ‘cyber hygiene’ of Florida’s citizens
3
7, 8
Subgoal 3.3 Develop, implement a public policy agenda
3
7
T F A R D Goal 2 – Research: Contribute to the state-of-the-art in cybersecurity research.
Goal 3: Engagement: Make Florida the most ‘cyber-secure’ state
C Y B E R F LO R I D A . O R G | 8 1 3 - 9 74 -2 6 0 4 | 4 2 0 2 E . F O W L E R AV E . , TA M PA , F L 3 3 6 2 0