May 26, 2023

1. Wyebot Introduction and demonstration

2. Lunch

3. Technology Council Google Drive  https://drive.google.com/drive/u/0/folders/0ABAQ-zQDzPUsUk9PVA

4. Cybersecurity Grant

   1. Pertinent points:

   2. Year 1 grant ends Nov 30, 2023

      1. Year 1 grant spending ends Nov 30, 2026

   3. To participate in Year 1 grant

      1. LEA had to answer the survey of interest in Feb 2023

      2. LEA has to sign the agreement letter that came out on 5/11.

         • 1. • • 1.                                                               i.  Deadline 5/24

           2. If LEA can’t make the deadline, they must email PEMA and confirm the specific date you can sign the form

              • • 1.                                                              ii.  Note:  You only need to fill out the other forms (e.g. budget spreadsheet, cyber plan, etc.) if you decided to be a “subgrantee”.

   4. Know and understand supplanting rules, as it relates to your situation and how that ties to a possible Albert Sensor and/or Cofense Phishme grant opportunities.

   5. If there is any funding left over for Albert Sensors, the committee will determine an order or priority at a later time, should that be needed.

   6. Keep alert as Year 2 grant funding opportunity will be coming out in the upcoming months.

      1. We are told it will be competitive, but no details on what that means.

      2. They’re not sure what Year 2 plans will entail yet.

         • 2. • • 1.                                                               i.  Note: they could just repeat Year 1 and in theory, could do that for the four years of the grant.

5. Vendor relation updates

6. Summer projects

7. Open Discussion

Attached are 2 upcoming training opportunities we are hosting here in Washington County. Both courses are being instructed by Texas A&M Extension(TEEX). Below is a short description of both courses. Registration is on TrainPA and there is also an additional registration link for TEEX. When you complete the TEEX registration you will have to provide a FEMA SID number. I have attached a PDF on creating a TrainPA account and a FEMA SID number.

6/20-6/21 MGT 384, Community Preparedness for Cyber Incidents, is designed to provide organizations and communities with strategies and processes to increase cyber resilience. During this 12-hour course, participants will analyze cyber threats and initial and cascading impacts of cyber incidents, evaluate the process for developing a cyber preparedness program, examine the importance and challenges of cyber related information sharing and discover low to no-cost resources to help build cyber resilience.

https://my.teex.org/TeexPortal/Default.aspx?MO=mCourseCatalog&D=EC&C=MGT384&S=393

6/20 AWR 136, The Essentials of Community Cybersecurity (ECCS) course provides individuals, community leaders, and first responders with information on how cyber-attacks can impact, prevent, and/or stop operations and emergency responses in a community. The course also provides a cursory introduction to cybersecurity vulnerabilities, risks, threats, and countermeasures.

https://my.teex.org/TeexPortal/Default.aspx?MO=mCourseCatalog&D=EC&C=AWR136&S=664

The Commonwealth of Pennsylvania (Commonwealth) announces that the Federal Emergency Management Agency (FEMA) and the Cybersecurity and Infrastructure Security Agency (CISA) approved the Commonwealth’s implementation of the Federal Fiscal Year (FFY) 2022 State and Local Cybersecurity Grant Program (SLCGP).  The Commonwealth obligates 80% of the FY 2022 SLCGP, or $4,164,051.20 in federal funds, to support the two projects in the Commonwealth Cybersecurity Plan, which were approved by the Commonwealth’s Cybersecurity Planning Committee (Committee), FEMA and CISA.

You are receiving this communication based on your participation in the Commonwealth’s SLGCP Baseline Survey (Survey) conducted in February 2023.  In the Survey, you expressed an interest in the cybersecurity shared services outlined in the Commonwealth Cybersecurity Plan.

The Committee has agreed to implement the following projects:

Project 1 (Intrusion Detection Service – MS-ISAC Albert Sensors) shall be provided to all counties. Project 1 may later be expanded to include additional Local Government Entities (LGEs) provided that FY 2022 SLCGP funding remains available following the counties’ implementation of Project 1.

Project 2 (Security Awareness Service – Cofense) shall be provided to all LGEs that participated in the Survey and indicated a desire to participate in the Cofense service.

The Commonwealth encourages participation to achieve economies of scale for all participants. Through the use of the FY 2022 SLCGP funds noted above, the Commonwealth will provide two projects to those eligible LGEs as follows:

Project 1 (COUNTIES ONLY) Intrusion Detection Service (MS-ISAC Albert Sensors): Intrusion detection services increase information security capabilities through the deployment of a turnkey network security monitoring and management service.  An Albert Sensor provides network security alerts from both traditional and advanced network threats, helping organizations identify malicious activity.  The service includes a 24x7 security operations center (SOC) that provides enhanced monitoring and notification of malicious activity. It is critical that such a service be managed centrally, to provide collaborative insight and to offer an enhanced, correlated perspective into events that are happening state-wide – but which would have otherwise gone un-noticed without a central view.

1.              OPT IN – Service participation - Counties who wish to receive Project 1 must choose between one of the two following pathways:

1. 1. OPT-IN: Service Provided (Commonwealth procures MS-ISAC Albert Sensor on behalf of the County):

                                      i. County must review, sign, and return the Local Consent Agreement (attached), which is available for digital signature, by 4:00 PM EST, Wednesday, May 24, 2023, via email to slcgp-pa@pa.gov. Scanned original signature submissions will also be accepted. . If the County cannot execute the LGE Consent Agreement by May 24, 2023, the County must confirm its intention to participate by 4:00 PM EST, Wednesday, May 24, 2023, via email to slcgp-pa@pa.gov, along with a date certain that the LGE Consent Agreement shall be executed and returned to the Commonwealth.

                                    ii. Services are cost-free for the entities—the Commonwealth will provide the required 10% match.

                                  iii. The County will be required to execute a formal agreement with the Commonwealth at a later time prior to receipt of the MS-ISAC Albert Sensor.

1. 2. OPT-IN: Subgrant (County procures MS-ISAC Albert Sensor on its own):

                                      i. Any County submitting a grant application is eligible to receive a subgrant of FY 2022 SLCGP funds in an amount equal to the amount they would otherwise receive if they were to opt-in to the Commonwealth procuring the MS-ISAC Albert Sensors on the County’s behalf, minus the required 10% match.

                                    ii. Complete the LGE Application and Local Project Worksheet (attached) and submit via email to slcgp-pa@pa.gov  by 4:00PM EST, Wednesday, May 24, 2023.

                                  iii. The County must provide the required 10% match.

                                   iv. If the Grant Application meets the requirements of the Commonwealth Cybersecurity Plan and is approved by the Committee, the Commonwealth shall subgrant a portion of the FY 2022 SLCGP funds (as noted above) to the County to procure an MS.ISAC Albert Sensor on its own behalf. 

2.              OPT OUT – Eligible counties who do not wish to participate in Project 1 may OPT-OUT by declining to respond by 4:00PM EST, Wednesday, May 24, 2023.

Project 2 (All Survey Participating LGEs) Security Awareness Service (Cofense):  Security awareness services ensure that all end users receive and complete security awareness training.  This service provides for social engineering (phishing) exercises.  These exercises help to benchmark the overall awareness and risk posture our end users.  Mock phishing campaigns reinforce training concepts and quantify the effectiveness of the training and the overall risk level for this type of attack.  Additional testing can be conducted as needed to further reinforce the concepts from this training.  Recorded metrics help drive continuous improvement and identify the level of risk.

1.              OPT IN – Service participation - Eligible LGEs, which includes counties, who wish to receive Project 2, must choose between one of the two following pathways:

1. 1. OPT-IN: Service Provided (Commonwealth procures Cofense on behalf of the LGE):

                                      i. LGE must review, sign, and return the Local Consent Agreement (see attached), which is available for digital signature, by 4:00 PM EST, Wednesday, May 24, 2023, via email to slcgp-pa@pa.gov. Scanned original signature submissions will also be accepted. If the LGE cannot execute the LGE Consent Agreement by May 24, 2023, the LGE must confirm its intention to participate by 4:00 PM EST, Wednesday, May 24, 2023, via email to slcgp-pa@pa.gov, along with a date certain that the LGE Consent Agreement shall be executed and returned to the Commonwealth.

                                    ii. Services are cost-free for the entities—the Commonwealth will provide the required 10% match.

                                  iii. The LGEs will be required to execute a formal agreement with the Commonwealth at a later time to access the Cofense service.

1. 2. OPT-IN: Subgrant (LGE procures the Cofense service on its own):

                                      i. Any LGE submitting a grant application is eligible to receive a subgrant of FY 2022 SLCGP funds in an amount equal to the amount they would otherwise receive if they were to opt-in to the Commonwealth procuring the Cofense service on the LGE’s behalf, minus the required 10% match.

                                    ii. Complete the LGE Application and Local Project Worksheet (attached) and submit via email to slcgp-pa@pa.gov by 4:00PM EST, Wednesday, May 24, 2023.

                                  iii. The LGE must provide the required 10% match.

                                   iv. If the Grant Application meets the requirements of the Commonwealth Cybersecurity Plan and is approved by the Committee, the Commonwealth shall subgrant a portion of the FY 2022 SLCGP funds (as noted above) to the LGE to procure the Cofense service on its own behalf.

2.              OPT OUT – Eligible LGEs who do not wish to participate in Project 2 may OPT-OUT by declining to respond by 4:00PM EST, Wednesday, May 24, 2023.

Please address any questions to slcgp-pa@pa.gov. 

Best Regards,

Commonwealth’s Cybersecurity Planning Committee