This ensures integration, security and long-term value for the state’s investment. With a clear statewide roadmap and budget aligned to a three-year plan, the Legislature and Governor’s Office of Policy and Budget (OPB) can make the right investments and avoid wasting state money on short-term fixes that don’t move the state forward. For decades, Florida's Department of Transportation has proven this approach works. The FDOT Work Program uses a rolling plan to fund, manage and deliver complex infrastructure projects with transparency and efficiency. Standardizing Cybersecurity or Risk Losing Control of Infrastructure to our Adversaries It’s not a matter of if, but when we’ll see more major cyberattacks on our state. Threat actors continue to steal personally identifiable information at unprecedented levels, often exploiting gaps in aging or unevenly secured IT infrastructure. This represents a clear and present danger. Beyond data theft, operational technology systems that support critical public services such as water, energy, transportation and health services increasingly face risk from outdated controls, limited visibility and inconsistent security practices. In the past five years, a ransomware attack by a Russia- based criminal group disrupted the nation’s largest fuel pipeline, triggering fuel shortages and panic
These events underscore that infrastructure resilience depends not only on defending against advanced attackers, but on modernizing systems and governance before failures occur. Today, cybersecurity maturity varies significantly across agencies, despite dedicated CIOs, CISOs and information security teams working hard within real resource and system constraints. This places a complex and asymmetrical burden on individual agency leadership to interpret evolving threats and security expectations on their own. Florida must operate from a unified cybersecurity foundation, built on a consistent zero trust posture, common identity and access management, standardized buying across the East Coast. In Florida, a widely reported incident at a municipal water treatment facility highlighted how legacy systems, weak access controls and human error can create serious operational risk even in the absence of a confirmed cyber breach. endpoint protection, and shared threat intelligence. These standards should be defined at the enterprise level and applied uniformly across state government.
Three-year plan for Florida’s large, complex government At minimum, must include: Cybersecurity and Digital trust Infrastructure
“
Enterprise Connectivity and Core Infrastructure Data, Application, and Platform Architecture
The answer is a three-year rolling plan, updated annually. A three- year plan allows for purposeful modernization with the flexibility to adapt to new challenges and emerging technology. It also aligns with the realities of election cycles and creates predictability for the Legislature, Executive Branch and agency teams who must manage complex changes while keeping daily operations running. Without Governance, a Plan is Just a Wish List Good governance turns ideas into real action and results. Governance isn’t about centralizing control, but about creating consistent standards. Think of it as a playbook where a lead agency outlines the game plan, from cybersecurity, technical baselines and procurement rules, while each team picks the plays that suit them best, all within a shared strategy.
Florida Technology Magazine – 2026 Legislative Edition – 31
Powered by FlippingBook