Contents:- Getting Started
- Incident Reporting
- Do You Know About CISA?
- Information Sharing and Analysis
- Multi-State Information Sharing and Analysis Center
- .gov Domains
- Plans and Policy
- Cybersecurity Grants
- Training
Getting Started
We know that improving cybersecurity can be confusing and intimidating when you don't know where to start. Should you purchase new equipment? Should you bring in a third party to tell you what you need to do? The Kentucky Office of Homeland Security (KOHS) has put together this guide to help you learn the basics and build a solid foundation.
Some of the things we list are no-cost. Others have an associated cost, but may be covered under one of the grants we manage.
Incident Reporting
Report cybersecurity incidents as soon as possible. Reporting lessens statewide impact of these incidents by identifying phishing trends, indicators of compromise, and potential vulnerabilities in similar environments. If you have cybersecurity insurance, that should be your first call. After that, we recommend reporting to the following:
Fraud Incidents
Protect yourself from personal fraud by freezing your credit before you become a victim. Report online, phone, or messaging based fraud, both personal and business-related, to the following organizations:
· FBI Internet Crimes Complaint Center (IC3) - https://www.ic3.gov/
· KY Office of the Attorney General - Call 888-432-9257 or visit https://secure.kentucky.gov/formservices/AttorneyGeneral/ScamReport
· KY Intelligence Fusion Center - Suspicious Activity Reporting Tipline
If identity theft occurs as a stand-alone incident or as a part of a fraud scheme, report to:
· KY Office of the Attorney General - Call 888-432-9257 or visit https://secure.kentucky.gov/formservices/AttorneyGeneral/ScamReport
· Social Security Administration - Call 800-269-0271 or visit https://oig.ssa.gov
Phishing
If on your work email, report the incident to your IT department BEFORE considering if a link or attachment should be opened. If you have already clicked the link or opened the attachment, be sure to notify your office IT that you've done this. It may limit the impact to the network.
Organizations should report any phishing attempts that are deemed 'worth' reporting to the FBI Internet Crimes Complaint Center (IC3). https://www.ic3.gov/
Ransomware
Although cyber insurance is widely encouraged by most cybersecurity organizations, you should not rely solely on insurance to manage your risks. Remember that cybersecurity is mostly about safeguards and precautions prior to a security breach or intrusion. Cyber insurance should be a single layer of your security plan, but not the whole plan.
The Kentucky Office of Homeland Security recommends the following list as a basic ransomware defense:
- Know and be on speaking terms with your cyber insurance and IT shops, if you are fortunate enough to have them.
- Have redundant, immutable and tested backups.
- Have email protections in place and conduct phishing awareness training for your employees.
- Have a good inventory of your assets.
- Perform internal scans and keep patches and updates current.
- Monitor your incoming, outgoing and internal logs.
- Use MFA whenever possible.
- Don't treat administrative accounts like basic user accounts.
Every ransomware incident should be reported. If you are a victim of ransomware, the Kentucky Office of Homeland Security encourages you to report the incident to the following:
· Report to your internal IT department immediately.
· Report to your cyber insurance provider as soon as possible.
· FBI Internet Crimes Complaint Center (IC3) - https://www.ic3.gov/
· KY Intelligence Fusion Center - Suspicious Activity Reporting Tipline
Do you know about CISA?
The Cybersecurity and Infrastructure Security Agency (CISA) is a United States federal agency, an operational component under Department of Homeland Security oversight. CISA leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. What that means to you is CISA invests a great deal of effort into providing training, resources, and assessments to the Nation's state, local, tribal, and territorial (SLTT) critical infrastructure entities.
It's always nice to start with a checklist. CISA's Cyber Essentials is a great plain-language guide to get the conversation started. We recommend reviewing the document below with both IT and operations personnel. One of the cornerstones for establishing a strong cybersecurity strategy is ensuring that operations and IT are both speaking the same language and working from the same list of priorities.
CISA Cybersecurity Performance Goals
A plain language guide for best practices for most infrastructure sectors. This no-cost resource is based on the National Institute of Science and Technology (NIST) Cyber Security Framework (CSF). When you don't know where to start, or how your current practices stack up against the widely-accepted standards, this is a great reference. Learn more at the link below:
CISA Cross-Sector Cybersecurity Performance Goals
External Vulnerability Scanning and Reporting
CISA's external s canning is a great no-cost supplement to your existing security practices, or a good place to start if this is the beginning of your journey. Complete an application to:
https://www.cisa.gov
Information Sharing and Analysis Centers (ISACs)
Information Sharing and Analysis Centers help critical infrastructure owners and operators protect their facilities, personnel and customers from cyber and physical security threats and other hazards. ISACs collect, analyze and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency. ISACs reach deep into their sectors, communicating critical information far and wide and maintaining sector-wide situational awareness.
- National Council of ISACs Webpage
Learn more or join ISACs here - https://www.nationalisacs.org/members
Multi-State Information Sharing and Analysis Center (MS-ISAC)
Another KOHS recommendation is to join the MS-ISAC, a non-profit that is funded by CISA. This group can support the goals outlined in the Cross-Sector Cybersecurity Performance Goals in many ways. Here's a very brief overview of what they can do for you:
"The mission of the Multi-State Information Sharing and Analysis Center (MS- ISAC) is to improve the overall cybersecurity posture of the nation's state, local, tribal and territorial governments through focused cyber threat prevention, protection, response, and recovery."
-MS-ISAC Webpage
MS-ISAC services include but are not limited to the following:
· 24/7 remote cyber incident response via their security operations center
· Notification of emerging threats and known vulnerabilities actively exploited in the wild
· Training and webcasts
· Cybersecurity tools and assessments
o Malicious Domain Blocking and Reporting - No-Cost: DNS filtering service
o New Email Filtering Service - No-Cost: Join the waiting list. This opportunity may expand as need is expressed in the community.
You can contact them during a cyber incident if you are not a member, but you will be required to sign up before they can help. If you think that is the only service you are interested in, it is best to sign up now that way the process will not be delayed when time is of the essence.
Join MS-ISAC here - https://learn.cisecurity.org/ms-isac-registration
Get a .gov Domain.
Transitioning to a .gov is an outstanding way to improve your organization's cybersecurity regardless the size or complexity of your network. All U.S. government agencies and organizations qualify for a .gov top-level domain (TLD). This means your .com, .org, or other email/website can be switched over to a .gov. Why do this?
· It should be easy to identify governments on the internet and using a .gov TLD shows you are official.
· Using a .gov increases security.
.gov VS KY.gov – What's the Difference?
.gov
An organization can obtain a .gov domain for free at https://get.gov/domains/
· You only get the namespace. The namespace alone doesn't “do" anything by itself.
· You will need internal IT personnel or a third party contractor to manage and secure your email domain.
KY.gov
An organization can request a KY.gov domain at the Commonwealth Office of Technology (COT) webpage. Email management will be under “messaging services".
· This service is provided at cost.
· The fee is required for the management and security of all email accounts for your organization.
Learn More & Register
The KOHS knows that every organization's situation is different and if there are costs associated with the transition to .gov, KOHS may be able help manage those costs with the FEMA SLTT Cybersecurity Grant Program (a reimbursement grant).
Plans/Policy
Having a cybersecurity plan and a cyber incident response plan is an important first step to establishing a baseline for your program and maintaining that standard across your organization. An organization is never too large or small to adopt and use best practices and methodologies proven to enhance cybersecurity.
An important thing to note when developing these documents is cybersecurity should not fall squarely on one person's shoulders. Plans should be developed with input from multiple departments including IT, operations, administration, legal, and emergency planning/management.
There are many templates out there to help you get started with a policy for your organization. The document in the link below covers many aspects of the cyber planning process. Although it is a great starting point, it may not fit your specific needs exactly. We encourage you to collaborate with your organization partners and add to/take away from the contents of this document as you as you see fit.
Download the CISA Cyber Incident Response Plan Template here - https://www.cisa.gov/sites/default/files/publications/cyber-incident-detection-and-notification-planning-guide-for-election-security-templates-508.docx
Cybersecurity Grants
The Kentucky Office of Homeland Security provides many funding opportunities for the Commonwealth's critical infrastructure. Our office performs administration for the following grants that may be available to help your community reach cybersecurity goals in the coming years:
· State, Local, Tribal, & Territorial Cybersecurity Grant Program (SLCGP) - FEMA grant that supporting cybersecurity improvements since 2022.
· State Homeland Security Grant Program (SHSGP) - FEMA grant with a physical security focus that also supports a limited number of cybersecurity improvements.
· 911 Services Board Grant Program - State grant program with a focus on funding improvements to the Commonwealth's public safety answering points (PSAPs), also known as 911 dispatch centers.
SLTT Cybersecurity Grant Program
The State, Local, Tribal, & Territorial Grant Program (SLCGP) provides reimbursement funding to support cybersecurity improvements to Kentucky's critical infrastructure. We expect the grant will follow the usual FEMA grant cycles, but may vary slightly. It's never too early to start identifying potential projects for any grant program. This grant will support improvements such as:
· Vulnerability assessments and vulnerability assessment software
· Training for IT personnel
· Funding for the contracting of managed service providers
· Replacing consumer-grade routers and switches with business or enterprise-grade equipment
· Software or services that can help monitor incoming/outgoing network traffic
· Software or services that can help manage devices on the network
KOHS will share information about this grant on the LinkedIn group - KOHS LinkedIn Cyber Grant Group. Join the group to get notifications on updated information as we receive it.
Additional grant information and applications can be found on the KOHS grants page.
Training
Cybersecurity training is not just for IT personnel. Multiple departments should be involved in developing cybersecurity plans, and those departments should have a fundamental understanding of cyber threats, risks, and organizational priorities. The Kentucky Office of Homeland Security can provide training directly to your organization or your region. We can also coordinate FEMA or CISA cybersecurity training or exercises for your area.
The Kentucky Office of Homeland Security is proud to provide Kentucky's communities and critical infrastructure locations with many types of training. We offer a wide variety of no-cost cybersecurity training and exercises. We can also help schedule training performed by organizations such as DHS, CISA, and FEMA. Let us help you find the training that best fits the needs of your organization.
Technical or non-technical training
· Training for Threat or Risk Awareness, Resources, Social Engineering, AI Impact, and most anything else you could request.
· Custom tabletop exercises are also available.
· Online or in-person
· DLG or EM credit is usually available.
· No-cost.
· Tailored to your needs.
Request Training From KIFC
Request training from the Kentucky Intelligence Fusion Center Cybersecurity Team by emailing FusionCenter@KY.gov
National Initiative for Cybersecurity Careers and Studies (NICCS)
https://niccs.cisa.gov/education-training/federal-virtual-training-environment-fedvte
CISA Learning is now available! If you are an EXTERNAL (non-CISA) user, access the new system using this url: CISA Learning. The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users (staff and contractors) should access CISA Learning through the internal site. You should have received an email on December 4, 2024, titled “CISA Learning is LIVE!" with more information.