Attention Oklahoma high school and college-age students! Capture the Flag is a technology driven event designed to introduce and enhance cybersecurity skills. It is used throughout the industry to train and maintain proficiency. It is a highly engaging, fun event for those that are interested in going into the IT or Cybersecurity fields.
Click here to sign up!
The Oklahoma Office of Homeland Security (OKOHS) has a statutory obligation to protect the citizens of Oklahoma against acts of Cyber Terrorism. This protection begins with every one of us practicing sound cyber security in our homes and offices. Cyber security is important in protecting our personal data, ourselves and our children. With more and more people owning computers and using them for work, finances, and entertainment, the internet has evolved into a rich environment for unscrupulous individuals. As owners and users of this technology, it is important to learn both its advantages and disadvantages, as we would with any other product we own. Because the technology has advanced at such a break neck pace over the past several years, many of us have fallen behind the learning curve. This has allowed those that would use the technology for criminal activities to flourish. Resources are provided on this site that will help you secure your cyber space and make the use of your home computer and the internet a positive experience.
With the rise of cyber threats to Oklahoma, a practical approach was needed. To address that need, the Oklahoma Information Sharing and Analysis Center (OK-ISAC) was established as a multi-agency effort led and coordinated by the Office of Management and Enterprise Services (OMES). The main objective of this program is to mitigate cybersecurity risks across Oklahoma by providing real-time monitoring, vulnerability identification, incident response and threat intelligence to its members and partners. OK-ISAC is committed to ensuring the State of Oklahoma and its citizens are continuously educated and prepared to conduct day-to-day cyber activities in a safe and secure manner. OK-ISAC will include members from Oklahoma organizations, business leaders, and cybersecurity professionals. The OK-ISAC will enhance information sharing across Oklahoma and improve cyber resilience at all levels of participation—local, regional and national.
Our vision for the OK-ISAC is to be a trusted hub for information-sharing and analysis on cybersecurity issues in the State of Oklahoma. This will be done by promoting an environment in which OK-ISAC members can work together to address those cybersecurity issues specific to the State of Oklahoma.
- To reduce the risk of cyber threats to the State of Oklahoma.
- To reduce the overall cost of cybersecurity for all state agencies by centralizing resources and providing a mechanism for leveraging large-scale purchases.
- To provide centralized services with highly specialized and skilled resources.
- To develop a cybersecurity ecosystem through public-private partnerships involving local entities, leading technology companies and other strategic private sector partners.
OK-ISAC Services and Capabilities
- Provide members:
- A platform to encourage member-to-member collaboration
- A secure online repository for sharing threat intelligence with members
- Participation in conferences, workshops, and tabletop exercises
- Support efforts to develop cyber workforce by partnering with Higher Education
- Develop and maintain relationships with industry partners
- Supports members through implementing best practices and establishing a culture of cybersecurity and compliance
To join or request access to the OK-ISAC. - email@example.com
Oklahoma Cyber Command is developing the Oklahoma Civilian Cyber Corps (OKC3) The OKC3 is a response team initiative that is the first of its kind in Oklahoma. The OKC3 is a public grant funded project that integrates public and private cybersecurity experts into event-response focused teams that are capable of Identifying a cyber event, Assessing and update the consequences of a cyber event, Advising on the countermeasures of a cyber event, and Assisting with the appropriate requests for support to minimize or mitigate the impact of a cyber event.
The OKC3 initiative is currently in the recruitment phase of implementation. Selected members will be cybersecurity leaders in the public and private sector. The intent of Cyber Command is to build teams of trained volunteers with technical cybersecurity expertise, build a diverse pool of skilled cybersecurity professionals utilizing a whole community approach, and develop cyber experts into surge capable response teams.
The overall goal of OKC3 is to build multiple surge capable, rapid regional response teams that will located throughout the State of Oklahoma to bolster cyber security defense and response capabilities within our communities.
Benefits of being a part of the OKC3
- Unique Training & Certification Opportunities
- Cyber security boot camp
- NIMS training opportunities
- Unique grant funded training opportunities
- Networking & Relationship Building Opportunities
- Enhance professional relationships, through networking and collaboration opportunities with other IT security professionals.
- Provides an opportunity for technically oriented professionals to perform a civic duty by aiding the State in a time of crisis.
- Assist in raising the security culture throughout the state.
Minimum Membership Requirements of OKC3
- Residents of the State of Oklahoma.
- Have at least 2 years of direct involvement with information security, preferably security operations, incident response and/or digital or network forensics.
- Pass a series of tests to demonstrate basic knowledge of networking and security concepts.
- Provide employer support/sponsorship of the program due to the time commitment of the OKC3 member (up to 10 days/year for training and exercises)
- Pass a background screening
- Complete a confidential non-disclosure agreement.
For more information
Oklahoma Civilian Cyber Corp – OKC3@omes.ok.gov
Oklahoma Cyber Command - firstname.lastname@example.org
Oklahoma Cyber Command website - https://cybersecurity.ok.gov/
On September 16, 2022, the Department of Homeland Security (DHS) announced a $185 million cybersecurity grant program specifically for state, local, and territorial governments across the country. This grant will be distributed by DHS and FEMA over the next four fiscal years.
The State of Oklahoma has submitted, and received approval, for the maximum available amount available to Oklahoma for FY 22 (approximately $3.2 million) to improve cybersecurity and cybersecurity programs throughout the state. Many Oklahoma agencies, cities and towns have expressed interest in participating in the program. For FY 22, grant recipients will have a cost share of 10% of the grant award by direct funding or in-kind contributions.
To insure equity and fulfill the requirements of the grant, the State of Oklahoma has established a Cybersecurity Planning Committee (CPC) to develop a State Cybersecurity Plan that will be used as a basis of distribution of the FY 22 funds. The CPC is comprised of IT professionals, administrators, and subject matter experts from around the state of Oklahoma with a passion and interest in security the IT infrastructure of the state. The next open meeting of the CPC will be on March 30, 2023 at 2:30 PM. In accordance with the requirements of the grant, funding will become available to state and local communities once the state submits and receives approval of the State of Oklahoma Cybersecurity Plan. For additional information on the SLCGP, please visit www.cisa.gov/cybergrants or CyberGrants FAQ | CISA.
*Referencing the FY22 SLCGP NOFO, the November 15 deadline for submission only applied to the State of Oklahoma. An application submission deadline for sub-recipients has not been established.
CPC meeting minutes from October
CPC meeting minutes from December
No-Cost FEMA-Funded Cybersecurity Training from the NCPC
TEEX is pleased to offer mobile, instructor-led training courses developed by the National Cybersecurity Preparedness Consortium that are available now for your state or territory. Act quickly—Only a limited number of deliveries are available!
See more information below about:
- Demystifying Cyber Attacks (AWR-421) ** NEW COURSE **
- Cyber Resiliency in Industrial Control Systems (PER-398)
Texas A&M Engineering Extension Service (TEEX)
979.431.4837 | CyberReady@teex.tamu.edu
Agency Training Manager
TEEX Business and Cyber Solutions
AWR-421 – Demystifying Cyber Attacks (** NEW COURSE! **)
This 8-hour instructor-led course provides non-technical students a better understanding of various cyber attacks and how they occur. Cyber attacks will be demonstrated through discussion, videos, pre-recorded attacks, and live example attacks. Students will be introduced to the Cyber Kill Chain and the common process cyber criminals use when conducting cyber attacks. Through a better understanding of the Cyber Kill Chain, students will learn how to mitigate, disrupt, and stop cyber attacks. This course is designed for non-technical federal, state, local, regional, tribal, and territorial government officials; business leaders; managers; and employees who have an interested in improving cybersecurity at their organizations.
PER-398 – Cyber Resiliency in Industrial Control Systems
This 8-hour instructor-led course is designed to enhance understanding of the critical nature of Industrial Control System environments and the associated risks, threats, and defenses within an organization, business, or government entity. The course utilizes hands on simulations to demonstrate attacks on ICS/SCADA devices. This course is designed for state, local, regional, tribal, and territorial government officials; owners and operators of businesses and non-profits; and community members and other individuals interested in developing a greater understanding of developing cybersecurity resiliency in ICS.
The Oklahoma Office of Homeland Security is available to conduct risk-free, non-attributable risk and vulnerability assessments to state, local, tribal and territorial governments that identify vulnerabilities that adversaries could potentially exploit to compromise security controls. At the conclusion of the assessment, we provide the customer with the data along with tailored risk analysis and ways they can improve the cybersecurity posture. Potential SLCGP grant applicants are highly encouraged to request a risk and vulnerability assessment. Contact Ty Bremerman at email@example.com to set up your IT risk assessment today!
The Oklahoma Office of Homeland Security has created a new program that will provide risk-free, non-attributable risk and vulnerability assessments and tabletop exercises to state, local, tribal and territorial governments that will help identify vulnerabilities that adversaries could potentially exploit to compromise security controls.
Why has the program been created? It is unknown the overall cybersecurity posture for the state of Oklahoma; conducting the baseline risk assessment will help us establish a baseline cybersecurity posture for the State as a whole.
The assessment will be completed uses the toolset “CSET” created by the Department of Homeland Security. The Cyber Security Evaluation Tool (CSET®) is a stand-alone desktop application that guides asset owners and operators through a systematic process of evaluating Operational Technology and Information Technology. The assessment will focus on the Ransomware Readiness Assessment (RRA) framework, which consists of 10 different domains of cybersecurity, with each consisting of questions with responding “yes” or “no” answers.
At the conclusion of the assessment, we provide the customer with the data along with tailored risk analysis and ways they can improve the cybersecurity posture. The assessment data is secured and only viewable by the conducting risk assessor and the participating parties.
Once a basic risk assessment has been completed, we can then provide more in-depth, technology (technical) focused risk assessments.
Potential SLCGP grant applicants are highly encouraged to request a risk and vulnerability assessment.
Again, this is free of charge, non-attributable assessments. The data isn’t shared to anyone that wasn’t present at the time of the assessment or hasn’t been given authorization by the official party of the assessment.
Contact Ty Bremerman at firstname.lastname@example.org to set up your Cybersecurity Risk Assessment today!
All U.S. Government agencies are transitioning to .gov domains.
Why use .gov?
.gov is a ‘top-level domain’, or TLD, similar to .com, .org, or .us. Enterprises use a TLD to register a domain name (often simply called a domain) for use in their online services, like a website or email.
In many well-known TLDs, anyone can register a domain for a fee, and as long as they pay there aren’t many questions asked about whether the name they chose corresponds to their real-life name or services. While this can be a useful property for creative communication, it can also make it difficult to know whether the people behind a name are really who they claim to be.
It should be easy to identify governments on the internet, and using a .gov domain shows you’re official. The public shouldn’t have to guess whether the site they’re on or the email that hits their inbox is genuine.
CISA, the Cybersecurity and Infrastructure Security Agency, sponsors the .gov TLD and makes it available solely to U.S.-based government organizations and publicly controlled entities. For those that qualify for a .gov domain, it’s available without a fee.
Additionally, using .gov increases security:
- Multi-factor authentication is enforced on all accounts in the .gov registrar, different than commercial registrars.
- We ‘preload’ all new domains, which requires browsers to only use a secure HTTPS connection with your website. This protects your visitors’ privacy and ensures the content you publish is exactly what’s received.
- You can add a security contact for your domain, making it easier for the public to tell you of a potential security issue with your online services.
Check out the registration page to begin.
What does .gov do?
We make it easy to register a .gov domain name and ensure that the name resolves in the global domain name system (DNS). DNS maps easy-to-remember names on top of hard-to-recall numbers, allowing you to use okohs.ok.gov instead of something like 220.127.116.11 or okohs.org.
.gov domains are intertwined with access to public services. That makes the .gov TLD critical infrastructure for governments, citizens, and international internet users. We work to make .gov a trusted, secure space by:
- administering our domain requirements,
- publishing the complete list of .gov domains,
- recommending security best practices, and
- implementing key initiatives to protect the entire namespace.
- Tabletop exercise, cybersecurity presentations or conference training
OKOHS personnel are available to provide simple or robust cybersecurity tabletop exercise programs to city, county or state entities. These tabletop exercises can include personnel from the IT department all the way up to including the entire city or county staff divisions (including executive level staff and personnel.) The exercises are non-attributional and encourage action/reaction problems that are tailored to the customers pre-exercise expected coordinated outcomes or outputs. Contact email@example.com for more information.
OKOHS personnel are accomplished presenters and speakers with dozens of years’ experience in training and presenting material to audiences of all types and sizes. Contact firstname.lastname@example.org for more information or to schedule a presentation or conference training.
- Protect your private information online.