The critical-infrastructure protection program assessment aligns with the recently released
National Institute of Standards and Technology cybersecurity framework 2.0

Cyber Florida, in partnership with Idaho National Laboratory (INL), has updated its critical
infrastructure protection program to align with the recently released National Institute of
Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, widely used to reduce
cybersecurity risk across public and private sectors and subsectors. Cyber Florida’s multi-
assessment platform leverages the Department of Homeland Security (DHS) cybersecurity
evaluation tool containing both the CSF 2.0 standard question set and ransomware readiness
assessment (RRA) modules. The tools and resources available through the program are state-
funded and provided at no charge for Florida’s private and public critical infrastructure
organizations.

The CSF 2.0 is designed for all audiences, businesses, critical infrastructure sectors, and
organizations, regardless of their degree of cybersecurity sophistication. The NIST has added
governance to the CSF’s core guidance to help organizations assess and achieve their
cybersecurity goals.

“Since October 2022, more than 655 Florida organizations, companies, businesses, and
government agencies have participated in the program,” said Bryan Langley, lead program
manager at Cyber Florida. “We continue to support, develop, and adopt greater cybersecurity
measures and services to support Florida’s public and private sector owners and operators.”

The Florida Legislature has funded the risk assessment effort to support the state’s public and
private sector entities with numerous, no-cost benefits for participating organizations,
companies, and businesses. The assessment covers the CSF 2.0 desired outcomes and provides
several reports detailing an organization’s strengths and weaknesses to determine and leverage
cyber risk reduction resources from Florida agencies, universities, and colleges. Measuring
success comes from both the improvements made by the participants based on their individual
reports and using the customized statewide dashboard (visualization tool) developed by INL to
analyze sector/subsector risk across the state.

The program is intended to assist small- and medium-sized enterprises and resource-constrained
county and municipal government entities in implementing basic cybersecurity protocols and
policies to achieve a fundamental cybersecurity posture. This comprehensive initiative is
designed to fortify the cybersecurity resilience of public and private critical infrastructure across
the state.

In an era of increasing cyber threats and incidents, safeguarding critical infrastructure is
paramount. The program aims to empower organizations by providing high-quality cybersecurity
resources, training, and support to defend against evolving cyber risks and recover from
incidents. The resources available on the platform include the following:

– A 20-question RRA based on the most reported cybersecurity gaps from the initial statewide
risk assessment period between October 2022 and June 2023.
– A cybersecurity incident response plan template to help organizations think through and plan
how to recover from a cyber incident.
– A 154-question assessment that covers key cybersecurity desired outcomes and practices
outlined in CSF 2.0 and the RRA.

To learn more about the program and how an organization can participate, please visit the
program’s official webpage at www.cyberflorida.org/cip or contact the program lead, Bryan
Langley, at bjlangley@cyberflorida.org.

The Florida Center for Cybersecurity at the University of South Florida, commonly referred to as
Cyber Florida at USF, was established by the Florida Legislature in 2014. Its mission is to
position Florida as a national leader in cybersecurity through comprehensive education, cutting-
edge research, and extensive outreach. Cyber Florida leads various initiatives aimed at inspiring
and educating both current and future cybersecurity professionals, advancing industry research,
and enhancing cybersecurity awareness and safety of individuals and organizations.

The U.S. Environmental Protection Agency (EPA) is urging municipalities across
the United States to take additional security precautions in the wake of recent
cybersecurity attacks.
The attacks were seemingly committed by hackers from foreign nations and
targeted small communities in Texas and Pennsylvania. This, in combination with
an EPA inspection of drinking water systems across the U.S., revealed
cybersecurity weaknesses and prompted their warning to utilities, including some
in Michigan.
Some of the actions EPA recommends drinking water systems take to strengthen
their security include:
 Reducing exposure to public-facing internet
 Conducting regular cybersecurity assessments
 Changing default passwords immediately
 Conducting an inventory of operational technology/information technology
(OT/IT) assets
 Developing and exercising cybersecurity incident response and recovery
plans.
 Backup OT/IT systems
 Reducing exposure to vulnerabilities
 Conducting cybersecurity awareness training
Along with steps laid out by EPA, there are many other critical questions that
community leaders need to ask themselves when it comes to evaluating how
vulnerable their water systems might be to a cyber attack.
Some security system failures identified by EPA in its inspections of utilities
included default passwords that had not been updated for some time, in addition
to single logins that could be easily compromised.
While attacks in some states were resolved quickly (despite one in Texas causing a
water system to overflow) a worst-case scenario could mean total contamination
of a water system, and EPA believes this is not the last time the U.S. will face this
kind of threat.

The EPA said it’s offering technical assistance, training, and educational resources
to any communities that might need them as they navigate potential security
system updates.
Along with discovering cybersecurity weaknesses, EPA inspections also revealed
that more than 70 percent of water systems studied do not meet the clean water
standards outlined in the Safe Drinking Water Act.
For that reason, it’s increasing planned inspections.

U.S. Environmental Protection Agency (EPA) announced that TPWR Developer, LLC, CBG Building Company LLC, and Bowman Consulting DC have settled alleged violations of regulations designed to protect America’s waterways from polluted stormwater runoff.

In an administrative consent agreement with EPA, the companies have agreed to pay a $27,000 penalty and implement a supplemental environmental project (SEP), to settle alleged Clean Water Act violations involving stormwater runoff from the Parks at Walter Reed construction site to Rock Creek and downstream waterways.

The Parks at Walter Reed is a multi-use development construction site in Washington, D.C., consisting of apartment and commercial spaces, located on the former Walter Reed Army Hospital grounds.

Uncontrolled stormwater runoff from construction and industrial sites often contains sediment, oil and grease, chemicals, nutrients, and other pollutants.  The Clean Water Act (CWA) requires owners of certain construction and industrial operations to obtain a permit before discharging stormwater runoff into waterways. These permits include pollution-reducing practices, such as runoff reduction measures, spill prevention safeguards, material storage and coverage requirements, and employee training.

In the consent agreement, EPA cited the companies for failing to have the required National Pollutant Discharge Elimination System (NPDES) permit coverage for stormwater discharges, in violation of the CWA. To correct these violations, the companies submitted notices of intent for coverage under EPA’s NPDES construction general permit, which were approved by EPA.

In addition to the penalty, the companies will also spend at least $40,000 to implement a SEP in Rock Creek Park that will help protect the Hay’s Spring amphipod, the only endangered species in the D.C. area.  The companies will help restore the amphipod’s spring habitats, revegetate social trail entrances, and plant trees and plants native to Rock Creek Park to provide stabilization and tree cover. This project will be performed with oversight from the National Park Service.

For more information about EPA’s stormwater program, visit www.epa.gov/npdes/npdes-stormwater-program.

The Global Water Center has received two grants worth a total of $499,439 from The Coca-Cola Foundation to support multiple initiatives that will utilize training, technology, and relationships to create sustainable, local solutions for water problems worldwide.

“The Coca-Cola Foundation’s generosity has significantly accelerated the Global Water Center’s ability, and that of our partners, to help more people have access to safe and reliable drinking water,” said Thomas Johnston, chief executive officer of the Global Water Center. “This grant will allow the Global Water Center to more-effectively share knowledge and resources with individuals, organizations, and governments that will strengthen their ability to deliver safe water where it is most needed.”

Initially, The Coca-Cola Foundation awarded the Global Water Center with a grant of $349,939 to provide solar-powered water systems (SPWS) training to government engineers and consultants from the Rural Drinking Water and Sanitation Department in Karnataka, India. The GWC’s training method involves equipping master trainers with the skills to train 300 to 500 engineers who will go on to train thousands of their colleagues in SPWS. This will support the government of Karnataka’s ability to achieve its goal of supplying safe water to the more than 60 million people in the state. Then The Coca-Cola Foundation gave the Global Water Center an additional $149,500 to support the delivery of online courses, create new capacity building material, and provide technical assistance. In 2024, the funding will expand the Global Water Center’s courses in three ways:

-The delivery of each solar-powered water system course (SPWS 101 and 201) in English and French.

– The translation of the two existing SPWS courses into Spanish, enabling these courses to reach new global audiences.

– The development and design of a SPWS operations and maintenance guide, which will equip operators with the ability to sustainably deliver safe and reliable water.

Additionally, the $149,500 grant will support technical assistance to The Coca-Cola Foundation’s implementing partners who are designing, installing, and operating rural water systems.

Through the partnership of The Coca-Cola Foundation, the Global Water Center will rapidly expand its courses and technical assistance to address water scarcity and energy challenges in regions where people have limited access to safe and reliable water. Ultimately, the funding will be used to help decrease water poverty worldwide.

About the Global Water Center

The Global Water Center believes everyone deserves access to safely managed water. As the go-to resource for the rural water sector, its safe water training courses have reached people in 81 countries. In addition to training, it also uses technology to make water projects effective and reliable. All of its efforts are rooted in collaboration with nonprofits, governments, and other entities to solve the global water crisis.

About The Coca-Cola Foundation

The mission of The Coca-Cola Foundation is to make a difference in communities around the world where The Coca-Cola Company operates and where its employees live and work. It support transformative ideas and institutions that address complex global challenges and that leave a measurable and lasting impact. Its giving is focused on sustainable access to safe water, climate resilience and disaster risk preparedness and response, economic empowerment, and causes impacting its hometown community. Since its inception in 1984, The Coca-Cola Foundation has awarded grants of over $1.5 billion in service of its mandate to strengthen communities across the world.