SB70,183
21Section
183. 16.973 (3) of the statutes is amended to read:
SB70,259,422
16.973
(3) Facilitate the implementation of statewide initiatives, including
23development and maintenance of policies and programs to protect the privacy of
24individuals who are the subjects of information contained in the databases of
25agencies
or security operations centers and regional security operations centers
1under s. 16.978, and of technical standards and sharing of applications among
2agencies
, security operations centers and regional security operations centers, and
3any participating local governmental units
or other eligible entities, as defined in s.
416.978 (1) (c), or entities in the private sector.
SB70,184
5Section
184. 16.973 (8) of the statutes is amended to read:
SB70,259,156
16.973
(8) Offer the opportunity to local governmental units
and other eligible
7entities, as defined in s. 16.978 (1) (c), as determined by the department, to
8voluntarily obtain computer or supercomputer services from the department
or a
9security operations center or regional security operations center under s. 16.978 10when those services are provided under s. 16.972 (2) (b) or (c)
or 16.978, and to
11voluntarily participate in any master contract established by the department
or a
12security operations center or regional security operations center under s. 16.972 (2)
13(h)
or 16.978 or in the use of any informational system or device provided by the
14department
or a security operations center or regional security operations center 15under s. 16.974 (3)
or 16.978.
SB70,185
16Section
185. 16.978 of the statutes is created to read:
SB70,259,17
1716.978 Security operations centers.
(1) Definitions. In this section:
SB70,259,1818
(a) Notwithstanding s. 16.97 (1m), “agency” includes each authority.
SB70,259,1919
(b) “Division” means the division of enterprise technology in the department.
SB70,259,2020
(c) “Eligible entity” means all of the following:
SB70,259,2121
1. An agency.
SB70,259,2222
2. A local governmental unit.
SB70,259,2323
3. An educational agency, as defined in s. 16.99 (2g).
SB70,259,2424
4. A federally recognized American Indian tribe or band located in this state.
SB70,259,2525
5. A critical infrastructure entity, as determined by the division.
SB70,260,1
16. Any other entity identified by the department by rule.
SB70,260,32
(d) “Managed security services” means services intended to reduce the impact
3of cybersecurity threats.
SB70,260,7
4(2) Establishment of security operations centers. (a) The department shall
5establish one or more security operations centers or one or more regional security
6operations centers, or both, to provide for the cybersecurity of information technology
7systems maintained by eligible entities.
SB70,260,128
(b) All security operations centers, including regional centers, established by
9the department shall be under the supervision and control of the division. The
10department shall include the centers in carrying out its responsibilities, powers, and
11duties under ss. 16.971 (2) (b), (c), (cm), (g), (h), and (k), 16.972 (2) (d) and (e), and
1216.973 (1), (3), (4), and (5), as determined by the department.
SB70,260,1413
(c) The department may coordinate with any of the following entities in the
14establishment of a security operations center or regional security operations center:
SB70,260,1515
1. A campus, as defined in s. 36.05 (3).
SB70,260,1616
2. A college campus, as defined in s. 36.05 (6m).
SB70,260,1717
3. An institution, as defined in s. 36.05 (9).
SB70,260,1818
4. A university, as defined in s. 36.05 (13).
SB70,260,22
19(3) Duties of the division. (a) The division shall manage the operation of each
20security operations center and regional security operations center established under
21sub. (2), including by establishing managed security services guidelines and
22standard operating procedures for the operation of the centers.
SB70,261,223
(b) As appropriate and in coordination with participating eligible entities, the
24division may provide, and if provided, shall oversee the provision of, managed
1security services and other support through each security operations center and
2regional security operations center, including all of the following:
SB70,261,43
1. Real-time security monitoring to detect and respond to cybersecurity events
4that may jeopardize this state or the residents of this state.
SB70,261,65
2. Continuous, 24-hour alerts and guidance for defeating cybersecurity
6threats.
SB70,261,87
3. Immediate incident response to counter cyber activity that exposes this state
8or the residents of this state to cybersecurity risks.
SB70,261,99
4. Educational services regarding cybersecurity.