Security Awareness
Security Awareness oplinDNS Filtering with Cisco Umbrella
OPLIN provides a subscription to Cisco Umbrella for every Ohio public library. Cisco Umbrella filters content by passing DNS requests through their managed DNS servers. Configuring Cisco Umbrella as your library's public DNS servers improves security by filtering malicious domains. Learn how to get started.
Vulnerability Notification:
CISA Cyber Hygiene Vulnerability Scanning
OPLIN Participates in CISA's Cyber Hygiene vulnerability scans for OPLIN IP addresses. OPLIN will periodically send you the vulnerability report for your library's IP addresses. To update who receives the report, or for methodology details, please email security@oplin.ohio.gov.
MS-ISAC
The Multi-State Information Sharing & Analysis Center provides pro-active security advisories and other services for State and Local Government agencies, including incident response, weekly reports of malicious domains/IPs, tapletop exercses, education materials, webinars from other state agencies, and more.
OPLIN Port Scanning Service
On request, OPLIN can perform a port scan of your library's public IP addresses, and provide you with a report of the results. Get in touch with OPLIN at support@oplin.ohio.gov to discuss your project, needs and goals.
Best Practices:
CIS Security
The Center for Internet Security publishes a list of 18 controls, a set of best practices for managing organizational security practices. The CIS Controls comply with the NIST Cybersecurity Framework. The CIS Controls are an excellent place to start when designing security procedures or policy for your organization. A CIS SecureSuite membership is free to State and Local Government agencies who sign up for MS-ISAC. Resources include secure configuration benchmarks and hardened system images.
NCCoE: Protecting Data from Ransomware
The National Cybersecurity Center of Excellence and NIST collaborated on this brief, essential guide for IT and managed service providers to ensure adequate backup planning and solutions are in place to protect an organization's critical data from loss and destruction. "Protecting Data from Ransomware and Other Data Loss Events: A Guide for Managed Service Providers to Conduct, Maintain, and Test Backup Files."
CISA Ransomware Guide
The Cybersecurity & Infrastructure Security Agency and MS-ISAC publish a joint Ransomware Guide, a "one-stop resource with best practices and ways to prevent, protect and/or respond to a ransomware attack." Review and implement best practices for preventing a ransomware attack, and a detailed guide of how to respond to an active ransomware incident. The guide includes federal response contacts, free services provided by CISA, and links to best practices for securing common business-critical infrastructure.
CISA Cyber Essentials
The Cybersecurity & Infrastructure Security Agency is a federal entity that provides free resources to support cybersecurity in all government entities. CISA's Cyber Essentials framework is an accessible toolkit of best practices for small businesses and local government to help guide procedure and policy. CISA offers many services, including risk assessment, penetration testing, web application scanning, cyber infrastructure survey, and more.
NIST Cybersecurity Framework
The National Institute for Standards and Technology's Cybersecurity Framework is a comprehensive set of guidelines to help organizations manage the security of information, assets, and resources. The NIST cybersecurity framework provides guidance to help identify, protect, detect, respond, and recover from security threats. The NIST framework is broadly recognized as industry best practice.
Education:
TechCred
Ohio's TechCred program reimburses employers for the cost of technical training leading to certification for current and prospective employees. A broad range of technical training is eligible, and the application process is open frequently.
NIST NICE
The National Initiative for Cybersecurity Education maintains a list of free and low-cost resources for online cybersecurity training.
OCRI
The Ohio Cyber Range Institute is a partnership between higher education and state government to improve the cybersecurity awareness and education of Ohio's citizens and organizations. Part of the Ohio Cyber Collaboration Committee, the OCRI is available to libraries to host classes on the range's virtual environment. Sign up to gain access to detailed information.
FedVTE
Online, on-demand cybersecurity training program, free to employees of state and local government. Cybersecurity courses are organized according to the NICCS Cyber SEcurity Workforce Framework, and range from beginning to advanced.
Cybersecurity Funding
Cybersecurity Funding
CyberOhio Grant Program
CyberOhio has opened applications for a Cybersecurity Software and Services Grant for local government entities.
- Public libraries are eligible to apply for up to $20,000 to fund specific cybersecurity software and services.
- Grant recipients must contribute a 20% local match.
- Eligible projects include endpoint detection and response, multi-factor authentication, email security solutions, security operations center as a service, or consulting services to implement security controls. Example products and services are listed in the Grant Application Guidance, but other similar solutions are also eligible.
- Applicants can submit only one application, but may request funding for multiple projects.
- Applications are open from July 22 - September 16, 2024.
- Grant projects must be completed between December 1, 2024 through June 30, 2026.
More information, including guidance and a sample application, are available at CyberOhio
E-Rate Cybersecurity Pilot Program
The Federal Communications Commission (FCC) has designated a portion of the Universal Service Fund (USF) to establish a cybersecurity pilot program. The program will require an initial application, and a pilot program cohort will be selected from the initial applicant pool. Applicants may be individual libraries, library systems, or library consortia. Selected libraries are eligible for a pre-discount budget of $15,000 per site, up to $175,000 for a system or consortium consisting of 12 or more sites. That budget re-sets each year for the 3 years of the pilot program ($45,000 per site for the duration of the pilot program or $525,000 for an applicant with 12 or more sites).
A full overview of the pilot program can be found on the USAC website.
For all of the details from the FCC, you can read the published rule in the Federal Register or the full Report and Order.
Program Comparison
| CyberOhio Grant Program |
E-Rate Cybersecurity Pilot Program |
|
| Competitive Application Program |
Yes | Yes |
| Funding Period | 19 months | 3 years |
| Total Program Funding |
$6.84 million | $200 million |
| Program Scope | Ohio | United States |
| Max Funding | $20,000 per applicant entity for the entire program period |
$15,000 per library per year $175,000 max per system per year |
| Project Match Requirement |
20% | Varies by E-Rate discount matrix qualifications |
| Eligible Projects | Appendix A-B (pages 11-17) | Eligible Services List |
| Competitive Bidding Requirement |
No | Yes |
| Document Retention Requirement |
No | 10 years |
| UEI Number Requirement |
Yes | Yes |
| Rural Applicants Prioritized |
Yes | Not specifically |