Welcome to Colorado’s Whole of State Cyber Effort

Introduction
Cybersecurity is a team effort in Colorado. Our Whole of State work is focused on reducing the time, talent and resources needed for local governments and critical infrastructure partners to build and maintain strong cybersecurity programs that improve the overall strength of our ecosystem as a state. 

CTIS
In Colorado, we leverage many different resources to meet the growing demands on those working to support cybersecurity for their organizations. One of the most critical resources is a network for information and threat sharing, and community collaboration, through the Colorado Threat Information Sharing network – or CTIS. 

CTIS is meant for those professionals charged with supporting cybersecurity in their organization, and we have broken out different work groups for members to participate in so that users can further focus the information they get that pertains to them. CTIS is not a duplicative effort – we recognize that many local governments and critical infrastructure partners already get regular updates on national-level threats and trends. 

Instead, CTIS is meant to accelerate information sharing that is local to Colorado jurisdictions and in real time so that we can all improve our time to secure against potential threats. 

Please register for the appropriate working group via the registration links to the right.


CTIS Groups

CTIS MS-ISAC Pros 
This work group is for more technical MS-ISAC members who want to dig deep into logs and more technical solutions that can support the broader MS-ISAC community in Colorado .

CTIS MS-ISAC
This work group is for MS-ISAC members seeking to share information on threats, vulnerabilities, potential events or incidents that can raise everyone’s awareness and strengthen Colorado’s cyber shield. 

Elections Group
This work group is dedicated to individuals working around elections to share cybersecurity threats and issues – both from a physical security and cybersecurity standpoint. 

Cyber For Education
This work group is dedicated to individuals supporting school districts in Colorado to improve sharing of threats and vulnerabilities specific to local entities.

Critical Infrastructure Pros
Critical Infrastructure Pros is for IT and cybersecurity professionals working in critical infrastructure to share up-to-date, local threats and vulnerabilities, mitigation strategies and best practices.

Supply Chain Pros
This work group offers a place for supply chain/third-party vendors to share information on threats, mitigation tools and best practices within the ever-critical supply chain/third-party support space.


Additional Resources
Colorado’s Whole of State effort is truly that – a whole of state effort. As a result, we work with partners across the state to offer support across a wide variety of needs. If you have any questions about the following resources, please don’t hesitate to contact our cyber team at  kevin.mcelyea@state.co.us

CIAC Cyber Unit Support

The CIAC’s Cyber Unit is part of the Colorado Information Analysis Center, focused on fostering information sharing around cyber threats and best practices. Our core services include the following:
  • Incident Response support – If you think you have had an incident, our team can work with you to walk through the steps to contain the threat and support investigation around the incident. We can also work with your team to help build out an incident response plan, and practice it, so your organization is prepared to respond in case there is an incident.
  • Vulnerability assessments – Our team conducts free vulnerability assessments that focus on identifying how your organization appears publicly and what vulnerabilities may exist on that public-facing front. This assessment can also include a review of steps to reduce your organization’s vulnerability to email spoofing. 
  • Information sharing – We help facilitate and host CTIS and offer ongoing information and best practice sharing across all critical sectors. 
  • Tabletop Exercise support – If you are interested in hosting a table top exercise to assess various aspects of your cybersecurity program, our team is happy to support setting it up and running through it with you!
  • Cyber Reserve Coordination – We are building out a plan for a cyber reserve – more to come by end of 2022!
Secretary of State
The Secretary of State’s office supports cybersecurity efforts around elections. Please check out their site for more information and resources.

National Cybersecurity Center
The National Cybersecurity Center is a non-profit based in Colorado Springs dedicated to supporting fill the cyber workforce gap and improve education and awareness in Colorado. 
  • Webinars and education  - Check out their calendar of regular webinars, as well as learn about access to the Colorado Cyber Range.
  • Policy templates – Access incident response templates, as well as other policy-related templates to build out your cyber program. 
  • Crown Jewels Assessment – Learn more about how to identify your critical cyber assets with the crown jewels assessment.
  • PISCES – If your organization doesn’t have network monitoring support, AND you want to help train up the next generation of cyber talent in Colorado, then consider joining PISCES. It’s free, and helps provide another layer of support to local governments in Colorado. 

MS-ISAC
If you are not yet a member of the Multi-State ISAC, and are a public entity, please consider signing up to participate. Not only will that grant you immediate access to CTIS, but being a member opens your organization up to several free resources to support your program. 

CISA
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) offers additional free tools and resources to all types of organizations.