New and Continued Threats

Cyber adversaries employed new tactics, techniques, and procedures (TTP) in 2023 while also making use of improved versions of some older methodologies. The GTA Office of Information Security (OIS) distributes warnings and intelligence bulletins from organizations such as the Multi-state Information Sharing and Analysis Center (MS-ISAC), Cybersecurity and Infrastructure Security Agency (CISA), InfraGard, and other partners to keep alert levels raised. There have been attempted infiltrations of government agencies' systems by hostile nation-state actors as well as sympathetic hacktivists to create chaos and confusion. The latter was evidenced most recently by pro-Palestinian hacktivists in protest of western support for Israeli defense efforts. These protests included massive, distributed denial-of-service (DDoS) campaigns targeting state government websites nationwide. As most prominently demonstrated in the war between Russia and Ukraine, it has become common for both ideologically motivated hackers and cybercriminals to remotely join the chaos on either side of an escalating conflict by attacking government systems or other institutions.

Incident Reporting

Between January and September 2023, a total of 36 incidents were reported to state authorities as required by HB 156. The events included ransomware, data exfiltration, phishing, and account compromise. While the events are alarming, from a statewide perspective, they only scratch the surface of what are likely unreported security incidents across the county and local government space.

New Policy for Acceptable Use of Generative AI

Governments at every level are grappling with the use of artificial intelligence (AI), especially generative AI. The state's Enterprise Generative AI Acceptable Use policy, issued in October 2023, establishes that agencies shall submit software, applications, tools, and services using generative AI for business operations to GTA for review prior to procurement. The policy is designed to promote the acceptable use of AI tools, while also minimizing the potential for intentional or unintentional misuse, unethical outcomes, potential biases, use of sensitive data, and information security breaches. An Enterprise Generative AI Acceptable Use standard supports the policy.

New Managed Security Service Provider

Increasing the resilience of state networks and systems remains a top priority for GTA as threat activity intensifies. In March 2023, GTA transitioned provision of managed security services to Raytheon Space and Intelligence. These services included incident response, threat hunting, and cybersecurity training support to name a few. GTA OIS has positioned itself to be able to provide more services and cybersecurity products for not only state agencies but also local governments. GTA provides a much better price than local or other non-enterprise state agencies could procure themselves.

Cyber Dawg

In September 2023, GTA OIS led its fifth annual Cyber Dawg event. The five-day cybersecurity exercise at the Georgia Cyber Center in Augusta featured a military-styled training strategy and "live-fire" scenarios. Information security professionals from 12 state agencies defended against mock cyber-attacks in a controlled environment, building skills and experience they could take back to their organizations.

Federal Cyber Grant Program

September also saw the release of the Notice of Funding Opportunity (NOFO) for the second round of the federal Infrastructure Investment and Jobs Act (IIJA) State and Local Cybersecurity Grant Program. While this NOFO release had a short timeline from release to application, the state successfully submitted a plan for the grant funds to meet the program's deadline. Special consideration for this round of funding will be given to educational organizations. Georgia also applied for the first round of funding in FY 2022.