Skip to main content

Cybersecurity

The Oklahoma Office of Homeland Security specializes in preparing city, county, and state entities for the ever-evolving landscape of cybersecurity threats. We offer a range of services aimed at enhancing the resilience and readiness of our communities. We believe in the power of collaboration and actively engage with the community to share knowledge and insights. Through partnerships with local entities, we work together to create a united front against cyber threats.

Goal Statement

Our goal is to empower city, county, and state entities with the knowledge and skills necessary to safeguard their digital infrastructure. We are committed to fostering a cyber-resilient community through proactive training, engaging tabletop exercises, and insightful cybersecurity presentations.

The Oklahoma Office of Homeland Security has created a new program that will provide risk-free, non-attributable risk and vulnerability assessments and tabletop exercises to state, local, tribal and territorial governments that will help identify vulnerabilities that adversaries could potentially exploit to compromise security controls. 

Why has the program been created? It is unknown the overall cybersecurity posture for the state of Oklahoma; conducting the baseline risk assessment will help us establish a baseline cybersecurity posture for the State as a whole.

The assessment will be completed uses the toolset “CSET” created by the Department of Homeland Security. The Cyber Security Evaluation Tool (CSET®) is a stand-alone desktop application that guides asset owners and operators through a systematic process of evaluating Operational Technology and Information Technology. The assessment will focus on the Ransomware Readiness Assessment (RRA) framework, which consists of 10 different domains of cybersecurity, with each consisting of questions with responding “yes” or “no” answers.

At the conclusion of the assessment, we provide the customer with the data along with tailored risk analysis and ways they can improve the cybersecurity posture. The assessment data is secured and only viewable by the conducting risk assessor and the participating parties.

Once a basic risk assessment has been completed, we can then provide more in-depth, technology (technical) focused risk assessments.

Potential SLCGP grant applicants are highly encouraged to request a risk and vulnerability assessment.

Again, this is free of charge, non-attributable assessments. The data isn’t shared to anyone that wasn’t present at the time of the assessment or hasn’t been given authorization by the official party of the assessment.

Our presentations cover a wide range of cybersecurity topics, tailored to the specific needs and concerns of city, county, and state entities. From the latest threat landscapes to best practices in cybersecurity, our presentations aim to educate and raise awareness among diverse audiences.

On September 16, 2022, the Department of Homeland Security (DHS) announced a $185 million cybersecurity grant program specifically for state, local, and territorial governments across the country. This grant will be distributed by DHS and FEMA over the next four fiscal years.

The State of Oklahoma has submitted, and received approval, for the maximum available amount available to Oklahoma for FY 22 (approximately $3.2 million) to improve cybersecurity and cybersecurity programs throughout the state. Many Oklahoma agencies, cities and towns have expressed interest in participating in the program. For FY 22, grant recipients will have a cost share of 10% of the grant award by direct funding or in-kind contributions.

To insure equity and fulfill the requirements of the grant, the State of Oklahoma has established a Cybersecurity Planning Committee (CPC) to develop a State Cybersecurity Plan that will be used as a basis of distribution of the FY 22 funds. The CPC is comprised of IT professionals, administrators, and subject matter experts from around the state of Oklahoma with a passion and interest in security the IT infrastructure of the state. The next open meeting of the CPC will be on March 30, 2023 at 2:30 PM. In accordance with the requirements of the grant, funding will become available to state and local communities once the state submits and receives approval of the State of Oklahoma Cybersecurity Plan. For additional information on the SLCGP, please visit www.cisa.gov/cybergrants or CyberGrants FAQ | CISA

*Referencing the FY22 SLCGP NOFO, the November 15 deadline for submission only applied to the State of Oklahoma. An application submission deadline for sub-recipients has not been established.

CPC meeting minutes from October

CPC meeting minutes from December

CPC Agenda March 30, 2023

With the rise of cyber threats to Oklahoma, a practical approach was needed. To address that need, the Oklahoma Information Sharing and Analysis Center (OK-ISAC) was established as a multi-agency effort led and coordinated by the Office of Management and Enterprise Services (OMES). The main objective of this program is to mitigate cybersecurity risks across Oklahoma by providing real-time monitoring, vulnerability identification, incident response and threat intelligence to its members and partners. OK-ISAC is committed to ensuring the State of Oklahoma and its citizens are continuously educated and prepared to conduct day-to-day cyber activities in a safe and secure manner. OK-ISAC will include members from Oklahoma organizations, business leaders, and cybersecurity professionals. The OK-ISAC will enhance information sharing across Oklahoma and improve cyber resilience at all levels of participation—local, regional and national.

Our vision for the OK-ISAC is to be a trusted hub for information-sharing and analysis on cybersecurity issues in the State of Oklahoma. This will be done by promoting an environment in which OK-ISAC members can work together to address those cybersecurity issues specific to the State of Oklahoma.

MISSION

  1. To reduce the risk of cyber threats to the State of Oklahoma.
  2. To reduce the overall cost of cybersecurity for all state agencies by centralizing resources and providing a mechanism for leveraging large-scale purchases.
  3. To provide centralized services with highly specialized and skilled resources.
  4. To develop a cybersecurity ecosystem through public-private partnerships involving local entities, leading technology companies and other strategic private sector partners.

OK-ISAC Services and Capabilities

  • Provide members:
    • A platform to encourage member-to-member collaboration
    • A secure online repository for sharing threat intelligence with members
    • Participation in conferences, workshops, and tabletop exercises
    • Support efforts to develop cyber workforce by partnering with Higher Education
    • Develop and maintain relationships with industry partners
    • Supports members through implementing best practices and establishing a culture of cybersecurity and compliance

To join or request access to the OK-ISAC. - okisac@omes.ok.gov

Oklahoma Cyber Command is developing the Oklahoma Civilian Cyber Corps (OKC3) The OKC3 is a response team initiative that is the first of its kind in Oklahoma. The OKC3 is a public grant funded project that integrates public and private cybersecurity experts into event-response focused teams that are capable of Identifying a cyber event, Assessing and update the consequences of a cyber event, Advising on the countermeasures of a cyber event, and Assisting with the appropriate requests for support to minimize or mitigate the impact of a cyber event.

The OKC3 initiative is currently in the recruitment phase of implementation. Selected members will be cybersecurity leaders in the public and private sector. The intent of Cyber Command is to build teams of trained volunteers with technical cybersecurity expertise, build a diverse pool of skilled cybersecurity professionals utilizing a whole community approach, and develop cyber experts into surge capable response teams.

The overall goal of OKC3 is to build multiple surge capable, rapid regional response teams that will located throughout the State of Oklahoma to bolster cyber security defense and response capabilities within our communities.

Benefits of being a part of the OKC3

  • Unique Training & Certification Opportunities
  • Cyber security boot camp
  • NIMS training opportunities
  • Unique grant funded training opportunities
  • Networking & Relationship Building Opportunities
  • Enhance professional relationships, through networking and collaboration opportunities with other IT security professionals.
  • Provides an opportunity for technically oriented professionals to perform a civic duty by aiding the State in a time of crisis.
  • Assist in raising the security culture throughout the state.

Minimum Membership Requirements of OKC3

  • Residents of the State of Oklahoma.
  • Have at least 2 years of direct involvement with information security, preferably security operations, incident response and/or digital or network forensics.
  • Pass a series of tests to demonstrate basic knowledge of networking and security concepts.
  • Provide employer support/sponsorship of the program due to the time commitment of the OKC3 member (up to 10 days/year for training and exercises)
  • Pass a background screening
  • Complete a confidential non-disclosure agreement.

For more information

Oklahoma Civilian Cyber Corp – OKC3@omes.ok.gov
Oklahoma Cyber Command - cybercommand@omes.ok.gov
Oklahoma Cyber Command website - https://cybersecurity.ok.gov/

Recognizing the critical importance of proactively identifying and addressing potential vulnerabilities in your organization's cybersecurity posture, we provide Vulnerability Risk Assessment services. Vulnerability Risk Assessment involves a systematic evaluation of your systems, networks, and applications to identify weaknesses that could be exploited by cyber threats. By integrating Vulnerability Risk Assessments into our suite of services, we empower your organization/department to proactively manage and fortify its cybersecurity defenses, minimizing the potential impact of cyber threats. This comprehensive approach aligns with our commitment to providing holistic cybersecurity solutions tailored to the unique needs of city, county, and state entities.

Our interactive tabletop exercises are designed to simulate real-world cyber threats, providing participants with a hands-on experience with a gameboard style environment. Through these exercises, participants develop critical incident response skills, enhance collaboration among teams, and identify areas for improvement in their cybersecurity strategies.

No-Cost FEMA-Funded Cybersecurity Training from the NCPC

TEEX is pleased to offer mobile, instructor-led training courses developed by the National Cybersecurity Preparedness Consortium that are available now for your state or territory. Act quickly—Only a limited number of deliveries are available!

See more information below about:

  • Demystifying Cyber Attacks (AWR-421)  ** NEW COURSE **
  • Cyber Resiliency in Industrial Control Systems (PER-398)

Texas A&M Engineering Extension Service (TEEX)

979.431.4837 | CyberReady@teex.tamu.edu

www.teex.org/cyber

Chris Jett

Agency Training Manager
TEEX Business and Cyber Solutions

AWR-421 – Demystifying Cyber Attacks (** NEW COURSE! **)

This 8-hour instructor-led course provides non-technical students a better understanding of various cyber attacks and how they occur. Cyber attacks will be demonstrated through discussion, videos, pre-recorded attacks, and live example attacks. Students will be introduced to the Cyber Kill Chain and the common process cyber criminals use when conducting cyber attacks. Through a better understanding of the Cyber Kill Chain, students will learn how to mitigate, disrupt, and stop cyber attacks. This course is designed for non-technical federal, state, local, regional, tribal, and territorial government officials; business leaders; managers; and employees who have an interested in improving cybersecurity at their organizations.

Download the course brochure

PER-398 – Cyber Resiliency in Industrial Control Systems

This 8-hour instructor-led course is designed to enhance understanding of the critical nature of Industrial Control System environments and the associated risks, threats, and defenses within an organization, business, or government entity. The course utilizes hands on simulations to demonstrate attacks on ICS/SCADA devices.  This course is designed for state, local, regional, tribal, and territorial government officials; owners and operators of businesses and non-profits; and community members and other individuals interested in developing a greater understanding of developing cybersecurity resiliency in ICS.

Download the course brochure

All U.S. Government agencies are transitioning to .gov domains.

Why use .gov?

Moving to a .GOV Domain Guide

.gov is a ‘top-level domain’, or TLD, similar to .com.org, or .us. Enterprises use a TLD to register a domain name (often simply called a domain) for use in their online services, like a website or email.

In many well-known TLDs, anyone can register a domain for a fee, and as long as they pay there aren’t many questions asked about whether the name they chose corresponds to their real-life name or services. While this can be a useful property for creative communication, it can also make it difficult to know whether the people behind a name are really who they claim to be.

It should be easy to identify governments on the internet, and using a .gov domain shows you’re official. The public shouldn’t have to guess whether the site they’re on or the email that hits their inbox is genuine.

CISA, the Cybersecurity and Infrastructure Security Agency, sponsors the .gov TLD and makes it available solely to U.S.-based government organizations and publicly controlled entities. For those that qualify for a .gov domain, it’s available without a fee.

Additionally, using .gov increases security:

  • Multi-factor authentication is enforced on all accounts in the .gov registrar, different than commercial registrars.
  • We ‘preload’ all new domains, which requires browsers to only use a secure HTTPS connection with your website. This protects your visitors’ privacy and ensures the content you publish is exactly what’s received.
  • You can add a security contact for your domain, making it easier for the public to tell you of a potential security issue with your online services.

            Check out the registration page to begin.

What does .gov do?

We make it easy to register a .gov domain name and ensure that the name resolves in the global domain name system (DNS). DNS maps easy-to-remember names on top of hard-to-recall numbers, allowing you to use okohs.ok.gov instead of something like 104.16.178.124 or okohs.org.

.gov domains are intertwined with access to public services. That makes the .gov TLD critical infrastructure for governments, citizens, and international internet users. We work to make .gov a trusted, secure space by:


Get in Touch

Ready to enhance your cybersecurity readiness? Contact us today to discuss how the Office of Homeland Security’s services can meet the unique needs of your city, county, or state entity. Together, let's build a resilient and secure digital future.

Ty Bremerman


Cybersecurity & Planning Coordinator
(405) 365-2753


Related Links

Last Modified on Apr 03, 2024