In The News

COVID-19 and IT Resources

5/21/2020

Hear from State partners on the impact of COVID on IT resources. Learn about new cyber attacks and ways to protect your organization. Contact CSO@wv.gov for more information.

Agenda is fluid.

AGENDA

• Welcome - Josh Spence, CIO, West Virginia Office of Technology

• Update by Federal Partners

• State Briefing, Danielle Cox, CISO, West Virginia Office of Technology

  • Securing Communications

    • Learn more about how to securely participate in video conferences here

  • COVID Scams and Other New Threats

    • Learn more about COVID-related phishing attacks here

  • Resurgence of Old Threats - Ransomware

  • Other Considerations for Government Entities

    • Read the latest situation report here

• Questions and Answers

COVID-19 Phishing

3/24/2020

The overwhelming amount of news coverage surrounding the novel coronavirus has created a new danger — phishing attacks looking to exploit public fears about the sometimes-deadly virus.

Click here to learn more about what phishing attacks may look like and what to do if you receive one.

December 17, 2019 - Competition for WV High School Girls

12/17/2019

Gov. Jim Justice announced today that West Virginia will once again be joining in on the innovative competition, known as Girls Go CyberStart, that is designed to encourage girls and women to explore careers in cybersecurity.

Click here to read the full press release.

Register Your Middle Schooler Now for the Cyber Robotics Coding Competition!

3/6/2019

​Your middle school student may have a knack for coding and not even know it! Here's an exciting opportunity for West Virginia youngsters — the Cyber Robotics Coding Competition is open for registration now through March 31! Details are here: https://crcc.io/west-virginia/

Competitive Robotics for All!

2/27/2019

​All middle school students in West Virginia are now able to engage in a robotics competition that is FREE, web-based, individualized, self-paced, educational, and extremely engaging!  

What is the CRCC?

The Cyber Robotics Coding Competition (CRCC) is an exciting online competition using a cloud-based simulation platform featuring a virtual, 3D animated robot. The competition focuses on code development and teams in grades 6-8 will compete from any Chrome computer browser to complete missions and challenges. Winners will be the schools who can best strategize, plan, and complete the challenges.

The objective of the CRCC is to introduce all students to STEM and specifically the world of coding in a friendly, easy-to-use, and multi-leveled approach suitable for all students. Leveraging familiar programming (Blockly) and virtual robotics (LEGO Mindstorms EV3) assets and a self-directed, scaffolded approach, CRCC reduces students’ and teachers’ fears around learning to code or facilitating learning-to-code efforts. Teachers and students can access the platform wherever they have an Internet connection; there is no need to buy, maintain, or store hardware.

Who Supports CRCC?

NASA's Education Resource Center, Fairmont State University, and our sponsor, A3L Federal Works, have partnered with the non-profit ISCE Foundation to roll out the largest, most inclusive, robotics competition ever seen in West Virginia.

DATES:

• Now-March 31, 2019:    Registration Open

• February 15, 2019:        Webinar for Educators 

• Mar 4 - Mar 31, 2019:    Boot Camp for students 

• March 17-13, 2019:       Qualifiers Part 1 (held at your school or site) 

• Apr 1 - Apr 15, 2019:     Qualifiers Part 2 (held at your school or site) 

• May 15, 2019:                In-Person Finals at Fairmont State University with representation from every school. 

HOW IT WORKS:

• The competition kicks off in early 2019 with a teacher orientation and training on 2/15/19. After this the competition platform, CoderZ from Intelitek, is available to all teachers to practice and learn how the platform works.

• For Boot Camp 3/4/19 - 3/31/19 (training phase), students have access to a series of challenges to solve by coding the virtual robots. Boot Camp is three weeks long with around 50 missions. Registration will remain open until the end of Boot Camp. 

• Schools who complete the most challenges and have the highest participation and diversity of students, teachers, and grades before the end of Boot Camp will qualify for awards. 

• All participants will advance to the Qualifiers, a two week long coding event with master challenges, on March 17-31 (Part 1) AND April 1-15 (Part 2). 

• Qualifiers with the best results will progress to the face to face finals on 5/15/19 at Fairmont State University. 

• Awards will be presented at the face-to-face finals event.

AWARDS:

• Inclusiveness: School with the highest percentage of students participating in WV-CRCC out of total enrollment

• Diversity (Grace Hopper Award): School with the highest percentage of girls participating in WV-CRCC out of girls enrolled in the school 

• F2F Challenge Winner: Team with the most points and the best quality of code in coding face-off.  First, Second and Third Prize will be awarded at the state championship.

REGISTER HERE:  https://crcc.io/signup/

See West Virginia's site here: https://crcc.io/west-virginia/

Competition for WV High School Girls

2/20/2019

Governor Jim Justice announced that West Virginia is participating in an innovative competition designed to encourage girls and women to explore careers in cybersecurity.

Click here to read the full press release.

Cybersecurity skills shortage creating recruitment chaos

11/28/2017

​

Because of the global cybersecurity skills shortage, nearly half of all cybersecurity professionals are solicited to consider other jobs at least once per week.

READ MORE HERE

DHS Press Release

10/6/2017

​

On October 4, 2017, Attorney General Jefferson B. Sessions III and Acting Secretary of Homeland Security Elaine Duke, together with Chinese State Councilor and Minister of Public Security Guo Shengkun, co-chaired the first U.S.-China Law Enforcement and Cybersecurity Dialogue (LECD).  The LECD is one of four dialogues agreed to by President Trump and President Xi during their first meeting in Mar-a-Lago in April 2017 and is an important forum for advancing bilateral law enforcement and cyber priorities between our two governments.

The following topics were discussed:

1. Repatriation. Both sides acknowledged the need to make continued progress in the area of repatriation of foreign nationals with final orders of removal. The United States and China committed to develop a repeatable process whereby the identities of individuals with final orders of removal are verified in a timely manner and travel documents are issued within 30 days of verification. This process should be finalized within three months following the LECD.

2. Counter-narcotics. Both sides intend to continue to enhance cooperation on narcotics control and enforcement. Such cooperation may include: exchanging intelligence and operational information on trafficking of new psychoactive substances and other synthetic drugs, opioids, and cocaine; combatting the illicit production and trafficking of fentanyl and fentanyl-related substances and precursor chemicals, with attention to applicable laws, scheduling actions, and use of express mail and consignment services; exchanging technical information on the relevant science and law; demand reduction cooperation; exchanging views on international narcotics control issues through UN-based and other multilateral forums; and sharing tracking information for packages between the two countries so as to identify individuals and criminal networks responsible for narcotics trafficking.  

3. Cybercrime and Cybersecurity. Both sides will continue their implementation of the consensus reached by the Chinese and American Presidents in 2015 on U.S.-China cybersecurity cooperation, consisting of the five following points: (1) that timely responses should be provided to requests for information and assistance concerning malicious cyber activities; (2) that neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors; (3) to make common effort to further identify and promote appropriate norms of state behavior in cyberspace within the international community; (4) to maintain a high-level joint dialogue mechanism on fighting cybercrime and related issues; and (5) to enhance law enforcement communication on cyber security incidents and to mutually provide timely responses.
   Both sides reiterated that all consensus and cooperative documents achieved at the three rounds of the China-U.S. High-Level Joint Dialogue on Combating Cyber Crimes and Related Issues since 2015 remain valid.
   Both sides intend to improve cooperation with each other on cybercrime, including sharing cybercrime-related leads and information, and responding to Mutual Legal Assistance requests, in a timely manner, including with regard to cyber fraud (including business email compromises), hacking crimes, abuse of internet for terrorist purposes, and internet dissemination of child pornography.
   Both sides will continue to cooperate on network protection, including maintaining and enhancing cybersecurity information sharing, as well as considering future efforts on cybersecurity of critical infrastructure.
   Both sides intend to maintain and make full use of the established hotline mechanism for addressing urgent cybercrime and network protection issues pertaining to significant cybersecurity incidents, and to communicate in a timely way at the leadership level or working level, as needed.

4. Fugitives. Both sides will continue to cooperate to prevent each country from becoming a safe haven for fugitives and will identify viable fugitive cases for cooperation. Both sides plan to continue regular meetings and working groups to identify priority cases. Both sides commit to take actions involving fugitives only on the basis of respect for each other’s sovereignty and laws, and any violation of the above mentioned principles will be addressed in accordance with law. 

While differences remain, both sides intend to make actual progress on all of the above matters, to make possible another Dialogue in 2018 to measure that progress.

IRS Scams 2016

4/5/2017

The West Virginia Office of Technology reminds state employees that this time of year has many scams going around. Learn about some of the more popular scams to help protect the State, your family, and yourself:

IRS Scams

• The IRS continues to warn consumers to guard against scam phone calls from thieves intent on stealing their money or their identity. Criminals pose as the IRS to trick victims out of their money or personal information. Here are several tips to help you avoid being a victim of these scams:

• Scammers make unsolicited calls.  Thieves call taxpayers claiming to be IRS officials. They demand that the victim pay a bogus tax bill. They con the victim into sending cash, usually through a prepaid debit card or wire transfer. They may also leave “urgent” callback requests through phone “robo-calls,” or via phishing email.

• Callers try to scare their victims.  Many phone scams use threats to intimidate and bully a victim into paying. They may even threaten to arrest, deport or revoke the license of their victim if they don’t get the money.

• Scams use caller ID spoofing.  Scammers often alter caller ID to make it look like the IRS or another agency is calling. The callers use IRS titles and fake badge numbers to appear legitimate. They may use the victim’s name, address and other personal information to make the call sound official.

• Cons try new tricks all the time.  Some schemes provide an actual IRS address where they tell the victim to mail a receipt for the payment they make. Others use emails that contain a fake IRS document with a phone number or an email address for a reply. These scams often use official IRS letterhead in emails or regular mail that they send to their victims. They try these ploys to make the ruse look official.

Remember, the bad guys try to trick you when you are worried and manipulate you into doing things against your own interest. Online crooks have no shame in abusing their victims to get what they want. Think Before You Click!

Data Loss Prevention

3/1/2016

The Office of Technology is introducing a Data Loss Prevention system, which is designed to detect and restrict the potential unauthorized sharing of restricted information in email. This effort better serves privacy and security requirements of agencies under federal and state regulatory requirements.

USA Jobs Scam Alert

8/4/2015

​

Last week, the USAJOBS.gov website issued an alert about a potential email phishing scheme. Some users have received email that claims to be sent from USAJOBS and attempts to get users to divulge sensitive information such as passwords, click on an attachment, or visit a phony site.

USAJOBS does NOT send email that requests:

• Your username and/or password

• Any additional personal information to complete a job application

• Opening an attached PDF, DOC, EXE or any other file

• The installation of any software to use the system

• Users to change any settings on their computer to use the system

If you receive an email with these types of requests, do not click on any links in the email and delete the message. If you have any questions about these types of email, contact USAJOBS Support at https://my.usajobs.gov/support on your UNet or home computer.

Secure Online Banking

1/8/2015

Virtually every financial institution is using the Internet to communicate and allow customers to conduct transactions online. Customers today expect this convenience, and if done securely, these transactions can be as safe as those conducted in person.

Start with the Basics

Ask yourself the following four questions below. If your answer to all three each is a yes, your chances of being impacted by a cyber incident are low. If any of your answers are no, then your chance of being impacted by a cyber incident are high. Understand these risks and take the recommended actions.

Is My Computer as Secure as Possible?

Using an unsecured computer is like leaving the door of your house wide open: you are making it easy for someone with malicious intent to access your property. An unprotected machine can become infected with malware in a matter of moments, leaving you vulnerable to identity theft or other crimes.

Having up-to-date security software protection isn't an option; it's a requirement and should become as automatic as locking your doors when you leave your house. Be sure your computer is current with all operating system and application software updates. Anti-virus and anti-spyware software should be installed, running, and receiving automatic updates.

In addition to taking precautions when using your own computer, practice vigilance when using someone else's. Don't use public computers or public networks for financial or other sensitive transactions. You have no control over the security of a public computer or public wireless network.

Is My Connection to the Internet as Secure as Possible?

Simply connecting to the Internet makes you vulnerable to a potential attack. Using a firewall helps minimize risks by blocking malicious traffic to your computer. Make sure you have a firewall, that it is turned on, and kept updated. New computers may be shipped with it on by default, but double-check.

When entering sensitive information into a website, look for the "https://" and check that the lock icon is present in the URL bar. This indicates that your communications are encrypted. Also pay attention to the browser you use to connect to the Internet. Keep it updated and patched, and set to auto update. If you are using a wireless network to connect to the Internet, make sure encryption is enabled and change the default network name and password that come with the wireless router.

Is My Password as Secure as Possible?

Strong passwords don't have to be hard to remember, just hard to guess. A good password is at least ten characters and uses a mix of upper case, lower case, and numeric or special characters. Each of your online accounts, especially financial ones, should have its own strong password so that if one is compromised, the attacker does not have automatic access to your other accounts.

Do I Know How to Recognize a Scam?

Keeping your computer secure is only part of the equation when conducting online banking. You need to be alert for scams and the things you can do to protect yourself.

Phishing is one of the most common scams attackers use. A phishing scam typically consists of an email, trying to entice the recipient into clicking a link or downloading an attachment. A phishing scam targeting your financial accounts will consist of an email message notifying you of a "problem" with your account and ask you to click on a link to your "bank's" site and submit sensitive information. This site however is a very convincing fake version of the legitimate site. This website may then prompt you to provide personal information such as Social Security, bank account or credit card numbers, and/or it may download malicious software onto your computer.

Instead of clicking on the link to your bank's website embedded in an email, navigate to the financial institution's website on your own by typing the address directly into your browser. Beware of attached files, as they may contain malware. Open attachments only from trusted sources, and if you are in doubt, don't open it at all. You may also consider using anti-phishing software to help block many phishing-related emails.

Remember, no legitimate financial institution will ever ask you to provide sensitive information in an email.

For More Information

FDIC: Safe Internet Banking https://www.fdic.gov/consumers/consumer/news/april2020.html

Warning: Obamacare Scams

10/22/2013

Con artists are already scamming Americans with fake Obamacare websites, phones calls, and texts. They are even sending out official-looking emails with links that don't go to the health exchange, but go to a bogus website where they try to ...capture your personal information. These thieves are smart and tricky.

• Only provide personal information if you initiate the contact.

• Never give out personal information such as Medicare or Social Security numbers, bank account numbers, debit or credit card numbers, or your home address through unsolicited telephone calls or emails.

• Don't be swayed by high-pressure solicitations, emails, or phone calls from people pretending to work for the government. No one should threaten you with legal action.

WARNING: Beware of anyone asking for money to enroll you in a health insurance exchange. If the individual is legitimate, they will NEVER ask you for money.