Skip to content
    October 14, 2024

    State of Florida Cybersecurity: Local Governments Must Comply by Jan. 1, 2025

    Local governments in every state across the U.S. have become the target of cyberattacks. Government facilities were the third largest critical infrastructure sector targeted by ransomware attacks, according to the FBI's Internet Crime Complaint Center (IC3) 2023 annual report (PDF). Government impersonation scams are also up 63%, according to the number of complaints and associated financial losses.

    Business email compromise (BEC) and phishing attacks are another common vector, resulting in wire fraud and major financial loss – totalling $2.9 billion in adjusted losses in 2023, according to the FBI. One example is when the City of Fort Lauderdale paid $1.2 million to criminals that impersonated one of their contractors, Moss Construction, by sending an invoice to the city for a new police department building (the funds were later recovered by the city police department).

    To help prevent the impact of these types of cyberattacks and ensure data security, Florida has passed bills requiring local governments to adopt cybersecurity standards. These standards must be consistent with the NIST generally acceptable best practices. For cities with less than 25,000 in population, they must be compliant by January 1, 2025. 

    See the Florida Digital Service Local Government Cybersecurity Resource Packet (PDF) to learn more.

    How Blumira Helps Florida Local Governments With Cybersecurity & Compliance

    Easy, Fast Threat Detection and Response

    Blumira's security platform enables local government agencies to easily and quickly detect and respond to cybersecurity attacks, protecting against ransomware and data breaches while helping them meet Florida state requirements for cybersecurity.

    Deploy in Hours With the Team You Have Today

    With a deadline of compliance coming up soon – January 1, 2025 for cities with less than 25,000 population – Blumira can secure your environment in hours, not days. The average organization takes 4 hours to fully implement Blumira’s platform, while other providers can take 3-4 months to get operational. Many organizations can deploy the platform with their 1-3 people IT teams, with the assistance of a dedicated Solutions Architect to guide you through onboarding.

    Blumira’s Support for NIST CSF

    In the Florida 2024 statutes, section 282.3185(4)(a) requires local governments to adopt cybersecurity standards consistent with NIST (National Institute of Standards and Technology) generally acceptable best practices. 

    Blumira helps agencies with multiple NIST CSF 2.0 and NIST 800-53 controls:

    • Detect: security continuous monitoring; and adverse event analysis
      • DE.AE-02: Potentially adverse events are analyzed to better understand associated activities
      • NIST implementation example: Use security information and event management (SIEM) or other tools to continuously monitor log events for known malicious and suspicious activity.
    • Respond: incident analysis; incident response reporting and communication; and incident mitigation
    • Audit & accountability: event logging; audit record review, analysis and reporting; audit record retention; and more
    • System monitoring: external and internal monitoring; observe audit activity in real time; unauthorized use of the system and more

    Blumira collects event logs from your applications, systems, and devices. By analyzing logs in real-time, Blumira’s SIEM platform provides continuous security monitoring. The platform identifies adverse events, notifies agency teams, and provides guidance on how to respond to incidents. For immediate threat containment, Blumira’s platform automatically isolates affected devices from the rest of the network to stop the spread of malware until further investigation.

    Ransomware Attack Reporting

    The bill also calls for local governments to report ransomware attacks within 12 hours of an incident to the Florida Dept. of Law Enforcement's Cybersecurity Office and the Cybersecurity Operations Center (CSOC).

    Blumira helps local governments with the incident reporting timeline by identifying and alerting them to potential cyberattacks, including ransomware, within minutes of initial detection to enable faster response and reporting times. Blumira also retains a year of all event logs to give agencies a clear picture of what happened in the event of an attack, helpful for incident investigation and response.

    Local Gov. Must Notify Florida DS of NIST Compliance

    Information Security Program Requirements

    The Florida Digital Service has also provided a cybersecurity resource to guide local governments through the information security program requirements (see page 19). Local governments must notify the Florida Digital Service of its compliance with NIST by filling out a standards attestation form.

    Florida Local Gov. Cybersecurity Funding

    Pending enactment of the Florida FY 2024-25 General Appropriations Act, The Florida Local Government Cybersecurity Grant Program is a $40 million competitive grant providing local governments with software, services, and solutions that enhance their cybersecurity posture, in order to protect their infrastructure and Floridians’ data. 

    According to the grant website, active grant recipients can re-apply for the same solutions. Any remaining funding will be used for new applicants and existing partners wishing to change providers or add solutions.

    Who is eligible?

    Local Governments including:

    • Board of County Commissioners
    • Cities/Mayor’s Office
    • Clerks of Courts
    • First Responders (Police/Sheriff or Fire Districts)
    • Property Appraiser’s Offices
    • Tax Collector’s Offices
    • Infrastructure (Utility, Aviation, Port Authority, etc.)
    • Supervisor of Elections Offices
    • Special Districts

    See the Florida Local Government Cybersecurity Grant Program website for more information.

    Blumira is on the MyFloridaMarketPlace approved vendor list for cybersecurity solutions; view our marketplace listing.

    Case Studies

    Many local governments use Blumira to gain visibility across their environment, detect threats faster, and respond quickly to prevent ransomware and data breaches. 


    City of Murrieta

    The City of Murrieta is a smaller city with a smaller budget, with their IT team managing both IT and security. After they were hit with a ransomware attack, IT Program Administrator Mike Amado turned to Blumira's Free SIEM to determine the scope of the incident.

    Immediate Time-to-Value

    "I turned on the free version of Blumira and put it into our Microsoft 365 environment, and immediately we started getting information within 10 minutes that revealed we had malicious logins from other IPs outside the United States; credentials being changed. We discovered that it was no longer just on prem. They were moving to our cloud environments as well.” -- Mike Amado, IT Program Administrator 

    Automation Saves on Resources

    It’s like having that extra person working for the city to help us with security. It makes it a pretty easy choice. Automation is huge, especially with Blumira, that’s where a lot of the automation comes in place. It’s ingesting billions of logs over the past six months. We don't have a dedicated person to actually look through and make determinations on that. It'll save time.” -- Mike Amado, IT Program Administrator 


    City of Bettendorf

    With limited security backgrounds, IT Manager Monte Sonksen’s IT team was in the market for a low-effort, high-value SIEM solution to help meet CJIS compliance and help with cyber insurance.

    Greater Security Value Than Splunk

    “Once I saw the curated toolset that Blumira offered, I thought, ‘hey now, I need that and I can get that without paying Splunk pricing. There’s a lot of value that we can get out of that service." – Monte Sonksen, IT Manager

    Effective & Cost-Efficient Solution

    I’m confident that if we were compromised, Blumira would find it. Had we not chosen this solution, we would likely have had to purchase something more expensive or hired somebody to manage our security.” – Monte Sonksen, IT Manager



    The City of Crescent City

    With limited IT and security resources, the City of Crescent City’s 1-person IT team needed an easy-to-deploy solution to provide network visibility and threat mitigation for ransomware.

     

    Cost-Effective for Small Municipalities

    “I was looking for a tool that would help automate security and fit the profile of our organization; a small municipality. I looked at a number of products, but they didn’t have the threat mitigation and reporting tools that Blumira had at an acceptable price point, which was a big negative for me.” – Fritz Ludemann, Information Systems Administrator

    Speedy Deployment

    “The one thing that really stood out right away was the ease of deployment – I had a working trial operational inside of an afternoon. The fact that I could get that level of insight in a cloud-based solution, with little infrastructure that I had to maintain was a great fit for our use cases and limited resources.” – Fritz Ludemann, Information Systems Administrator

     

    Ottawa County

    Ottawa County’s complex infrastructure and busy IT team required an affordable, easy-to-use, automated detection and response solution to reduce manual log reviews required for state and local government compliance regulations.

    Automation to Save IT Team Time

    “We’re required by CJIS and IRS Pub 1075 compliance to review our logs daily. Blumira has saved us time because we can’t monitor all of our logs — we would need a team of 100 to go through all of these logs manually.” – Mike Morrow, Technical Infrastructure Manager

    Surfacing Hidden Threats

    “Blumira was able to detect several executive users’ machines that were infected with potentially unwanted programs. Blumira is able to spot things that some of our other security tools don’t catch.” – Mike Morrow, Technical Infrastructure Manager




    Burcham Hills

    Trying to balance IT operations, virtualization and security goals, Burcham Hills needed to bring security in-house and find a SIEM to help meet HIPAA and PCI DSS compliance. Their IT manager leveraged NIST 800-53 as a framework to develop their security plan.

    Other solutions I was looking at — like Sophos and Splunk — seemed more enterprise and I felt that we would get lost trying to deploy and support them.” – Ronnie Baker, IT Manager

    “To be able to pay for a service and have pretty much a SOC team behind you to support you — it definitely gives me a good night’s sleep.” – Ronnie Baker, IT Manager

    Contact Blumira for Help

    Reach out to us if you would like to learn more about how Blumira can help you meet the Florida requirements for cybersecurity standard compliance: https://www.blumira.com/florida

    Resources

    Thu Pham

    Thu has over 15 years of experience in the information security and technology industries. Prior to joining Blumira, she held both content and product marketing roles at Duo Security, leading go-to-market (GTM) and messaging for the portfolio solution Cisco Zero Trust. She holds a bachelor of science degree in...

    More from the blog

    View All Posts