Subscribe for email notifications about WVOT outages and updates
The Security Office is responsible for establishing and leading cybersecurity strategy designed to ensure reasonable information security while empowering the State’s adoption, integration, and protected use of technology.
Vision
To empower the State of West Virginia’s adoption, integration, and protected use of technology.
Values
Leadership: As the State faces a significant challenge in the arena of cyber security, success will be achieved through empowering leadership.
Knowledge: Cyber security decisions must be based in risk management, ensuring adequate protection without unnecessary waste. Knowledge is the key component of successful risk management.
Service: Cyberspace is a fast-changing environment that requires dedicated experts willing to continually learn, teach, and lead.
The mission of the Cyber Security Office is to provide leadership, knowledge, and service, in order to safeguard the confidentiality, integrity, and availability of the information and information systems entrusted to the State of West Virginia.
Goals
Cyber Risk
Establish an executive-level cybersecurity steering committee to lead strategic cybersecurity initiatives
Implement an enterprise approach to cybersecurity, designed to leverage shared resources and economies of scale
Make change recommendations of State law and policy, adapting to the advancing cyber threat, and changing legal landscape resulting from technological advancements
Cyber Outreach
Engage internal and external organizations, both private and public, seeking synergistic partnerships to foster innovation, collaboration, and information sharing
Engage Education (K-12 & Higher Ed) to drive further development of cyber education programs designed to develop a cyber workforce
Implement a comprehensive cyber outreach program designed to cultivate a cyber-aware culture
Cyber Protection
Adapting to an enterprise approach to cybersecurity, implement standardization policies governing procurement and configuration of broadly used hardware devices and software applications
Update cyber access management policies and procedures, by implementing advanced cybersecurity technology
Implement a cyber network architecture policy governing designed to standardize configuration and management of the Office of Technology’s network infrastructure
Implement the advanced cyber boundary protection plan designed to create visibility and provide control capabilities
Cyber Operations
Engage private and public critical infrastructure partners to develop, implement, and test a cyber disruption response plan
Invest technological resources to advance cybersecurity operations into proactive detection and response capability
Develop a proactive cyber operations response capability designed to improve the State’s cyber resiliency
Results
A risk-based approach to cyber security designed to ensure reasonable protection to that what matters most
A cyber-aware culture prepared and empowered to provide protected digital government services
To equip the State with the capabilities of supporting and protecting the cyber assets critical to government operations
The Security Operations Center (SOC) provides operational security services by proactively monitoring the enterprise for potential cyber threats. The SOC’s services include application layer firewall services, advanced threat detection services, Security Information and Event Management services, endpoint protection services, web filtering services, and investigation services. The SOC is involved in the configuration and segmentation of resources when appropriate (wireless networks) and reviews operational change requests for Networking, EOC, and System Management. The SOC is involved with multiple protocol and configuration enhancements including Sender Policy Framework (SPF) in the mail system, DNS firewall, public DNS migration and GPO configurations with System management group. The SOC processes threat intelligence from multiple sources including DHS, the Fusion center, MS-ISAC, and FireEye to assist in protection. Finally, the SOC serves in a lead role for cyber incident handling, by requesting additional information and providing response guidance.
These areas break down as follows:
Cyber Security Operations:
Application Layer Firewall Services (Palo Alto Networks Next Generation Firewall)
Application level filtering
Web URL filtering (in development)
Port/Protocol monitoring
Threat detection, containment, and mitigation
Advanced Threat Detection Services (Wildfire)
Dynamic threat detection leveraging advanced virtualization techniques used to determine if files or websites pose a malicious threat
Security Information and Event Management (SIEM Services)
Network monitoring tool
Endpoint Protection Services (Microsoft System Center Endpoint Protection)
Endpoint malware detection, containment, and remediation
Web Filtering Servers (Netsweeper)
Provide internet web filtering services
Digital Forensic
Investigations utilize several tools:
Internet Evidence Finder
Access Data E-Discovery and Forensics
Access Data Summation
Forensic Falcon Imaging Units (Hardware)
Cellular Phone Imaging and Investigation Tools
Spector360 –desktop recording
This group can be contacted via email at SOC@wv.gov
The Cyber Security Office's Cyber Admin Team is a very flexible team that deals with a wide variety of security issues. The goal of the team is to continually audit, assess, and assist WVOT and customer agencies with cybersecurity. The team accomplishes this by maintaining enterprise cyber security policy; conducting audits and risk assessments, providing vulnerability management services; maintaining cybersecurity metrics; and coordinating outreach activities. Additionally, the team works in close coordination with other state offices such as BRIM and the State Privacy Office.
Cyber Risk Assessments and Audits
•Risk assessments and audits are designed to identify areas presenting the highest degree of risk, and where risk mitigation will provide the greatest potential benefit to the Executive Branch. The Audit Program also reviews internal controls within the WVOT operations, and will conduct audits of selected 3rd party providers. Enterprise Policies:
•The WVOT has implemented enterprise-level cyber security policy, for the Executive Branch of West Virginia government. Agencies may establish more stringent policy supplements, but duplication of content should be avoided.
CyberSecurity Training
•The State of West Virginia utilizes a learning management system to deploy required and annual cyber security training to all employees of the Executive Branch. Electronic security tips and awareness training are released on a regular basis.
Vulnerability Management Program
•The Vulnerability Management Program currently scans over 95% of the Executive Branch's systems. Vulnerabilities are identified and agencies are guided on the process to test and update their systems in relation to risk.
Team’s Primary Responsibilities: All team members are responsible for helping with outreach activities. Outreach activities range from hosting conferences; organizing multi-agency group meetings to discuss security issues (GEIST, Cyber Counsel, etc.); presenting at conferences and agency events; and participating at cyber events.
This group can be contacted via email at WVOTITAudit@wv.gov