New and Continued Threats
New and improved tactics, techniques, and procedures (TTPs) emerged in 2022, and some old methodologies were refined. Warnings and intelligence bulletins from entities like the Multi-State Information Sharing and Analysis Center (MS-ISAC), the Cybersecurity and Infrastructure Security Agency (CISA), and other federal partners continue to keep alert levels raised. There have been attempted infiltrations of government agencies’ systems by hostile nation-state actors as well as sympathetic hacktivists to create chaos and confusion. The latter was evidenced most recently by pro-Russian hacktivists in protest of western support for the Ukrainian homeland defense efforts. These protests took the form of massive distributed denial-of-service (DDoS) campaigns targeting state government websites nationwide, airport websites (to include Atlanta’s Hartsfield-Jackson airport), and private financial sector websites.
As of November 2022, 19 incidents were reported to state authorities as required by HB 156 (2021). The first incident was reported on August 4, 2021. Most of these were ransomware events (nine of the 19) and the remaining events varied among data exfiltration, phishing, and account compromise. While this is alarming, from a statewide perspective, these events only scratch the surface of what are most likely unreported security incidents across the county and local government space.
New Standard for Travel
Issued in May 2022, the state’s International Teleworking and Remote Access standard establishes that state-issued phones, computers, tablets, etc. should not be taken out of the country without an exemption approved by the agency and GTA’s Office of Information Security (OIS). This security measure addresses the heightened risk of cyber-attack against government entities.
New Managed Security Service Provider
In response to the increase in threat activity, GTA has taken several steps to increase the resilience of state networks and systems. In October 2022, GTA selected Raytheon Space and Intelligence to provide managed security services for the state. These services include incident response, threat hunting, and cybersecurity training support to name a few. GTA OIS has begun expansive restructuring to be able to provide more services and cybersecurity products for not only state agencies but also local governments. GTA provides a much better price than local or other non-enterprise state agencies could procure themselves.
In September 2022, GTA OIS led its fourth annual Cyber Dawg event. This cybersecurity training exercise featured a live-fire format at the Georgia Cyber Center in Augusta. Security professionals from 12 state agencies defended against mock cyber-attacks in a controlled environment, building skills and experience they could take back to their organizations.
Federal Cyber Grant Program
September also saw the release of the Notice of Funding Opportunity (NOFO) for the Federal Infrastructure Investment and Jobs Act (IIJA) State and Local Cybersecurity Grant Program. While this NOFO release had a short timeline from release to application, the state was able to create a planning committee to meet the program’s deadlines. The committee, comprised of members of state and local government, has ratified a charter and made strong headway on the required cybersecurity plan. The program requires the completed plan to award funds to a state. Fifty-nine separate entities - mostly local governments - submitted approximately 75 separate cybersecurity projects for funding consideration to the planning committee. The intent is to have the plan completed and submitted for approval with all the projects no later than March 2023.