The Adjutant General’s Department has brought together public, private, military and educational organizations to develop a stronger cybersecurity infrastructure and workforce. To strengthen cybersecurity in Ohio, the Ohio National Guard has brought together more than 30 public, private, military and educational organizations to form the Ohio Cyber Collaboration Committee (OC3). The OC3 mission is to provide a collaborative environment to develop a stronger cybersecurity infrastructure and workforce.

The committee supported planning that led to the establishment of the Ohio Cyber Range, which is managed by the Ohio Cyber Range Institute — a virtual environment used for cybersecurity training and technology development.

OC3 members include representatives from the education and business communities to develop a program to increase the number of students who pursue certificates or degrees in cybersecurity.

History of OC3

When Governor John Kasich formed the Ohio Collaboration Committee in (2015), otherwise known as OC3, the organization was given the task of determining the best means of improving cybersecurity within the state. This overarching cyber goal included state government, critical infrastructure, businesses, hospitals, and the grassroots citizens of Ohio. The OC3 organization was given two tasks: 1) to create a Cyber Range which could be used for cybersecurity teaching and training, and 2) to determine the best way to form civilian incident response teams within the state.

Initially, the OC3 working group consisted of agency directors chosen by the Governor based on their knowledge and agencies’ involvement in cybersecurity. In the early days, OC3 was very small and consisted of 3 core members representing the State CISO’s office, OARNet, and the Ohio National Guard. With such a small group, progress was slow since none of the members could work full time on this initiative. At that point, Governor Kasich asked the Adjutant General to provide additional fiscal resources and hire a full-time employee solely devoted to the effort. OC3 then began to grow…

As the OC3 membership grew with expertise from across Ohio, it became apparent that separate subcommittees were needed to address each of the lines of effort, including a new focus on governing OC3 itself (i.e. OC3 Governance Subcommittee). Thus, the OC3 Cyber Incident Response Teams subcommittee was born. The primary goal of this subcommittee was to research the formation of civilian incident response teams. Over time, the committee realized that the proper approach to the issue included preparedness, not only response, and the committee was renamed the OC3 Cyber Preparedness and Response Subcommittee.

At the same time, the Cyber Range subcommittee was reviewing MOU terms in how to form the Ohio Cyber Range as a separate non-profit entity, board, or commission. By establishing the Ohio Cyber Range as an educational institute, OC3 was able take advantage of the educational campus structure and outreach into all four corners of the state. In December 2017, the University of Cincinnati partnered with the Ohio Department of Higher Education and the Ohio Adjutant General's Department to explore and demonstrate the benefit of an Ohio Cyber Range.

In 2017 and 2018, the OC3 Cyber Preparedness and Response Subcommittee researched the formation of civilian cyber response teams in other states to determine best practices and lessons learned. The subcommittee reviewed several proposed structures addressing this response capability and in late 2018, the committee reviewed a white paper comparing the pros and cons of structuring civilian incident response teams and where to house them. It was at that meeting in 2018, when the decision was reached to form the Ohio Cyber Reserve, under the Adjutant General’s office, and modeled after the Ohio Military Reserve. Governor Mike DeWine took office in 2019 and continued to support the efforts of OC3.

Next, the legislative affairs office at the Ohio Adjutant General’s Division worked with lawmakers to draft legislation to put the Ohio Cyber Reserve in place and the OC3 full committee began to think towards the future. While the Ohio Cyber Reserve would play a part in both cyber preparedness and response, there would be other areas in which OC3 might continue to drive cyber preparedness in the state. Hence, the OC3 Cyber Preparedness and Response Subcommittee was split and rebranded as the OC3 Cyber Protection Subcommittee and the Ohio Cyber Reserve.

When Governor DeWine signed Senate Bill 52 forming the Ohio Cyber Reserve, the focus of its core members revolved around the significant task of standing up the newly formed Ohio Cyber Reserve organization. The OC3 Coordinator, Mark Bell, began looking at new leadership for the OC3 Cyber Protection Subcommittee and Ohio Homeland Security seemed the logical choice. If you have a commitment and passion to protect and defend our great state of Ohio, please join us. And as they say, the rest is history…

Our Vision

Ohio’s cyber community working together to help Ohio’s citizens and organizations achieve world class cyber security

Download Our Vision - Lines of Effort Infography

Desired End State

• Collaboration between public, private, military, and educational organizations to strengthen cyber security for all in the State of Ohio.
• Cyber Security Testing and Training Environment
• Robust Cyber Workforce
• Enduring OC3 Governance and Operations Structure
• Trained, Vetted, Professional Cyber Volunteers
• Informed Public
• Cyber Information Clearinghouse

Best Practices

#StopRansomware Guide (cisa.gov)

National Security Agency | Cybersecurity Information Sheet - Best Practices for Securing Your Home Network

National Security Agency - Identity and Access Management: Recommended Best Practices for Administrators

Cyber News

Phishing Resistant MFA is Key to Peace of Mind | CISA
April 2023

FBI IC3 Internet Crime Report 2022
April 2023

CPG Cross-Sector Cybersecurity Performance Goals - March 2023 Update | CPG Checklist
March 2023

Partnering to Safeguard K-12 Organizations from Cybersecurity Threats
January 2023

Cross-Sector Cybersecurity Performance Goals | CISA
November 2022

Shields Up | CISA
February 2022

Click Here - The Record Media (Podcast)
February 2022

Tips for Defending Against Adversarial Actions Regardless of Their Origin
January 19, 2022

What It Takes to Build the Blue Team of Tomorrow
January 17, 2022

White House confirms person behind Colonial Pipeline ransomware attack nabbed during Russian REvil raid
January 14, 2022

Ohio Raises a Volunteer Army to Fight Election Hacking
August 17, 2022

UC hosts cybersecurity training exercise
July 21, 2022

New statewide training aims to prevent cyber security incidents
July 15, 2022

Ohio Cyber Reserve members train on real-world scenarios during UC exercise
July 15, 2022

Re-Envisioning State Cyber Response Capabilities: The Role Of Volunteers In Strengthening Our Systems
June 16, 2022

Ohio governor names cybersecurity strategic adviser, a 'critical' new role
April 28, 2022

OC3 Training

Cybersecurity for the Clinician Video Training Series

The Health Sector Coordinating Council released today a free cybersecurity training video series titled “Cybersecurity for the Clinician.” This impactful series explains in easy, non-technical language the basics for how cyber-attacks can affect clinical operations and patient safety, and how clinicians can do their part to help keep healthcare data, systems and patients safe from cyber threats without losing time away from patients.  The eight-episode series, totaling about 45 minutes, offers one CME/CEU credit hour. The Series may also satisfy documentation requirements of the CMS Emergency Preparedness Rule, the National Fire Protection Association and The Joint Commission for facility Hazard Vulnerability Analysis and Risk Analysis and Training. It is intended for private clinical practices, health provider institutions of all types and sizes, academic institutions, and healthcare support functions.

OC3 Education & Workforce Development Subcommittee

Our Mission

Build alliances with employers, educational institutions, and public and private partners, encourage input and participation to improve the training and education of users and students in cybersecurity by the following:

• Identify critically needed skills and developing training and educational pathways to provide the needed skilled workers in the cyber security field.
• Encourage interested students and individuals to become involved in and further develop their cyber security skills in order to join and contribute to the future cyber security workforce through cyber challenges, internships, and educational opportunities/scholarships.
• Train users at all levels in good cyber hygiene and best cyber security practices.

Working Groups & Partners

• Internships & Apprenticeships
• Ohio Cyber Toolkit/Clubs
• Ohio Cyber Range Institute (CRI)
• Career Pathways

Contact Us

For further information or business collaboration, please contact:

Cheri Rice - Chair
Ohio Department of Higher Education
crice@highered.ohio.gov

OC3 Cyber Protection Subcommittee

Our Mission:

The mission of the OC3 Cyber Protection Subcommittee will provide cyber expertise to internal and external partners to defend and protect life sustaining critical infrastructure and supply chain activities (i.e. water, utilities, transportation).

Our Core Values:

• Provide cyber subject-matter expertise
• Generate public awareness for cyber exercises, info sharing, and best practices
• Provide hands-on support for cyber drills and TTX exercises to Ohio counties
• Develop, deliver, and critique mock cyber incidents

Working Groups & Deliverables

• Cyber Challenge for K-12 schools
• Ohio Cybersecurity Strategic Plan
• Cyber Risk Assessment
• Cyber TTX Exercises
• Mock Cyber Incident
• OC3 Secure Collaborative Forum Space
• Cyber Symposium / Annual Conference
• Ransomware Awareness Campaign
• Cyber Toolkit / User's Guidebook of Best Practices

Report a Crime or Threat

• Learn about the Statewide Terrorism Analysis & Crime Center
• Report Suspicious Activity or a Tip/Lead

Contact Us

For further information or business collaboration, please contact:

James Meador - Co-Chair
Ohio Homeland Security
jrmeador@dps.ohio.gov

Janille Stearmer - Co-Chair
Ohio Homeland Security
jsstearmer@dps.ohio.gov

OC3 Governance Subcommittee

Our Mission:

Identify and share best practices, policies, and technologies for all Ohioans by:

a. Providing a collaborative research and development environment for the development and testing of innovative technologies and processes.

b. Ensuring cyber threats are part of emergency planning at all levels both public and private.

c. Using public awareness tools to educate and inform key decision makers of good cyber security practices and the latest information.

d. Educating the general public on the importance of cyber security for the “Internet of Things.”

e. Sharing threat intelligence between both public and private sector entities, facilitated through the Ohio Homeland Security State Fusion Center.

Working Groups & Deliverables

• Legislation
• Threat Sharing
• Cyber Best Practices
• Policy Templates

Past Projects

The OC3 Governance subcommittee has been tasked to complete many projects which result in research and written reports to the OC3 to support the Ohio Cyber Range, the Ohio Cyber Reserve, and the Education & Workforce Development Subcommittee. Some of these projects are:

• Ohio Cyber Range governance structure
• Reviewed legislation text for cybersecurity content
• Respond to requests from Innovate Ohio for cybersecurity legislation ideas
• Cybersecurity assessment plan to support Ohio Safe Harbor law
• OC3 Website management and content review
• OC3 Best Practices website structure
• Research, study, and report on Threat Sharing in Ohio
• Data Security - Industry Weaknesses Report

Contact Us

For further information or business collaboration, please contact:

Scott Wolf - Chair
Partner, Willco Tech
LinkedIn

Ohio Cyber Range

Ohio Cyber Range Institute, Improving Cybersecurity for the Citizens of Ohio.

Sponsored by the Ohio Department of Higher Education, the Ohio Adjutant General's Department office of the Ohio National Guard, and headquartered at the University of Cincinnati, the Ohio Cyber Range Institute will support collaborative cybersecurity programs across Ohio.

The goal of the OCRI is to advance an integrated approach to cybersecurity education, workforce, and economic development in cyber-related fields throughout the state.

Ohio Cyber Range Institute Links

• Ecosystem of Regional Programming Centers
• Upcoming Events

Contact Us

For further information or business collaboration, please contact:

Richard J. Harknett, Ph.D. - Co-Director
University of Cincinnati
Richard.harknett@uc.edu

Rebekah Michael - Executive Staff Director
University of Cincinnati
rebekah.michael@uc.edu

Ohio Cyber Range Institute (OCRI)

Ohio Cyber Range Institute

Ohio Cyber Reserve

The Ohio Cyber Reserve is a unit of the State of Ohio Defense Force which is a component of the Ohio Adjutant General's Department and serves under the governor as commander in chief.

Our Mission:

The Mission of the Ohio Cyber Reserve is to Assist, Educate and Respond as directed by the Adjutant General and the State of Ohio using fully-manned and mission-ready Cyber Teams.

Assist Ohio with cyber risk surveys, network surveys, and network security sustainment planning using the NIST Framework as a guide.

Educate Ohio and build interest in cybersecurity matters using the NIST Framework as a guide.

When needed most, the State of Ohio will be able to draw upon a wealth of knowledge and industry specific expertise to respond to cyber emergencies.

Our Vision:

Ready today, protecting tomorrow as the premier National Guard state.

Our Values:

• Accountability
• Commitment
• Excellence

Contact Us

For further information or business collaboration, please contact:

Craig W. Baker
COL (RET)
Program Administrator
Ohio Cyber Reserve
craig.w.baker2.nfg@army.mil

CyberOhio

Cyber Ohio is a partner agency to the OC3 Cyber Collaboration Committee.

Our Mission:

The goal of CyberOhio is simple: provide the best legal, technical, and collaborative cybersecurity environment to allow Ohio’s businesses to thrive.

Who We Are:

Governor Mike DeWine launched CyberOhio in September 2016 during his time as Ohio Attorney General. CyberOhio is a collection of cybersecurity initiatives aimed at helping Ohio businesses fight back against cyber attacks. Today, CyberOhio is a branch of InnovateOhio, led by Lt. Governor Jon Husted. The initiative remains committed to providing innovative technology solutions and to helping Ohioans and Ohio job creators maintain technology infrastructure and data in a safe and secure manner.

Contact Us

For more information, please contact the CyberOhio directly:

Andrew Smith - Board Secretary & Policy Advisor
Riffe Center, 77 South High Street, Columbus, OH 43215-6117
Cyber@ohio.gov