Cybersecurity
Incident Reporting

State and Local Governments

Per Florida Statute sections 282.318 and 282.3185, state and local governments are required to provide a report to the FL cybersecurity operations center (CSOC), their local Sheriff’s office (local governments only) and the Florida Department of Law Enforcement (FDLE) regarding any ransomware incident or a cybersecurity incident level 3, 4, or 5 within 12 hours of discovery.

Report an Incident

Florida Digital Service Cybersecurity Operations Center

Florida Department of Law Enforcement (FDLE)
Cybercrime Office

When reporting an incident you may request assistance from the Cybersecurity Operations Center, the Cybercrime Office of the Department of Law Enforcement, or the sheriff who has jurisdiction (for local governments only).

After Action Report

In addition, state and local governments are required to provide an after-action report within one week of remediation. To satisfy this post-incident reporting requirement, an after-action form is available for download. Completed forms must be submitted to CSOC@digital.fl.gov.

Cybersecurity Incident Severity Levels

The level of severity of the cybersecurity incident is defined by the National Cyber Incident Response Plan of the United States Department of Homeland Security as follows:

  • Level 5 an emergency-level incident within the specified jurisdiction that poses an imminent threat to the provision of wide-scale critical infrastructure services; national, state, or local government security; or the lives of the country's, state's, or local government's residents.
  • Level 4 is a severe-level incident that is likely to result in a significant impact in the affected jurisdiction to public health or safety; national, state, or local security; economic security; or civil liberties.
  • Level 3 is a high-level incident that is likely to result in a demonstrable impact in the affected jurisdiction to public health or safety; national, state, or local security; economic security; civil liberties; or public confidence.
  • Level 2 is a medium-level incident that may impact public health or safety; national, state, or local security; economic security; civil liberties; or public confidence.
  • Level 1 is a low-level incident that is unlikely to impact public health or safety; national, state, or local security; economic security; civil liberties; or public confidence.