A Multi-faceted Approach to Cybersecurity
As technology advances, so do the threats from cybercriminals and hostile nations. According to Gartner, a leading IT research and advisory firm, cybersecurity demands focus and vigilance, and this section of the Annual State IT Report describes the multi-faceted approach that the state takes to protect sensitive citizen data and the IT enterprise. Georgia’s Enterprise IT Strategic Plan 2025, which is available in PDF format on the GTA website, https://gta.georgia.gov/enterprise-governance-and-planning-main-page/it-strategic-plan-2025 , also examines the role of cybersecurity in the foreseeable future.
Many cybersecurity experts say the first line of defense in any organization is the people who work there. Accordingly, Governor Kemp issued an executive order on August 13, 2019, that mandates ongoing cybersecurity training for all state workers in the executive branch agencies.
GTA plays an important role in delivering the required semiannual training, though many agencies are training more frequently. Under the oversight of the State Government Systems Cybersecurity Board, GTA offers the training on the Proofpoint Wombat platform, an enterprise training solution provided at no charge to executive branch agencies. Through the online training modules, state workers can continually sharpen their skills and test their ability to spot malicious links and email attachments, common tactics among cyber criminals attempting ransomware and phishing attacks.
Cybersecurity training is one of several new managed security services available to state agencies. The services are offered by Atos, which provides mainframe services for the Georgia Enterprise Technology Services (GETS) program and includes several tools and defenses that build on other services already in place. In addition to cybersecurity training, these services include:
- Security Operations Center (SOC)
- Security Information and Event Management (SIEM)
- Vulnerability Management System (VMS)
- Enterprise Governance, Risk, and Compliance (EGRC)
SOC and SIEM offer centralized, 24/7 security monitoring and proactive response to any threats to help keep them from spreading. VMS involves scanning servers, laptops, and desktop computers to identify vulnerabilities. Meanwhile, EGRC provides the capability to obtain a single, dashboard view of the full risk landscape and risk remediation. All three combine to build a more rigorous defense for state systems and data. State agencies can order additional, specialized security services, such as penetration testing, computer security incident response team, and digital forensics.
The State Government Systems Cybersecurity Board is charged with reviewing the cybersecurity of executive branch agencies to identify risks, promote best practices, and audit for cybersecurity training compliance. The board is chaired by the Governor’s Technology Advisor and includes the Adjutant General, GTA’s Chief Information Security Officer, the Director of the Georgia Bureau of Investigation, the Director of the Georgia Emergency Management and Homeland Security Agency, and the Executive Director of the Georgia Cyber Center at Augusta University. The board meets at least quarterly and provides an annual briefing to the Governor.
The Enterprise Cybersecurity Risk Register provides state agencies with a common framework for categorizing and responding to cybersecurity risks. State agencies rate their information systems as having a high, medium, or low impact, depending on the worst-case potential outcome of a cybersecurity incident. Agencies are responsible for ensuring their compliance with cybersecurity reporting requirements. GTA regularly administers questionnaires soliciting information about each agency’s cybersecurity program and the security of information systems and individual applications.
With funding allocated in 2016, GTA began IT security assessments to determine the state’s overall cybersecurity risk posture. The work is an ongoing part of operations, and the findings are reviewed by the State Government Systems Cybersecurity Board, which sets statewide priority for addressing recommendations for closing gaps. Security assessment planning continued in 2019, with six assessments scheduled to be completed by June 30, 2020.
An effective strategy for cybersecurity calls for information and intelligence sharing among local, state, and federal agencies. The Georgia Information Sharing and Analysis Center (GISAC), one of 77 U.S. Department of Homeland Security recognized fusion centers in the United States, serves as the primary repository for counterterrorism and criminal intelligence information in the state. Operated by the GBI with participation from several agencies and organizations, including GTA, GISAC distributes bulletins and threat assessments to law enforcement, public safety, emergency management, and private sector partners throughout Georgia.
GTA’s Office of Information Security (OIS) facilitated responses for state and local government agencies that suffered ransomware attacks in 2019. One incident involved a county government in Northeast Georgia. The attack likely started with a spear-phishing email which, when opened, enabled access to the county’s small network of computers, some lacking current patching. County commissioners voted to pay the negotiated $400,000 ransom, and cybercriminals released the decryption key. The FBI launched an investigation of the incident, and GISAC received a request for assistance on behalf of the county.
A team from GTA’s OIS was on site in the county to perform the initial assessment. The team recommended a more comprehensive cybersecurity assessment and thorough remediation of the county’s networks by an independent third party. GTA negotiated an agreement with a pre-approved, qualified vendor, and the vendor produced an incident response summary, a security assessment report, a gap analysis, and a plan of action and milestones. The GTA team gained valuable experience that helped shape the assistance they can provide when called on again.
GTA’s OIS also coordinated Cyber Dawg 2019, a three-day, multi-agency security exercise aimed at sharpening technical response to ransomware attacks. Held in May at the Georgia Cyber Center in Augusta, the exercise brought together information security professionals from the departments of Defense, Behavioral Health and Developmental Disabilities, and Transportation, along with the Georgia Emergency Management and Homeland Security Agency, the GBI, and GTA. Through a special partnership, the group also welcomed participation from representatives from the Republic of Georgia. The exercise, to be conducted annually, highlighted the value of practicing live-action cyber scenarios and building connections across agencies and with our Georgia National Guard partners.
The Georgia Cyber Center at Augusta University is currently the nation’s single largest investment in a cybersecurity facility by a state government. The $100 million, state-owned facility is a unique public/private collaboration among academia, state and federal government, law enforcement, the U.S. Army, and the private sector. It is equipped to keep up with the changing face of cybersecurity and provides needed focus in key areas:
- Education and training for agencies, the military, and the private sector
- Incubation of new security ideas
- Research and development with an emphasis on cyber defense
- IT security information sharing among Georgia agencies, homeland security, and the private sector
- Public-private partnerships for cybersecurity innovations
The Cyber Center is comprised of two adjacent buildings totaling 332,000 square feet, and its cutting-edge features make it unlike any other facility in the nation:
- In partnership with Augusta University and Augusta Technical College, the center provides 21st century workforce training through certificate programs and undergraduate- and graduate-level programs in cybersecurity and cyber sciences.
- The Georgia Cyber Range helps strengthen the stability, security, and performance of cyber infrastructures. It is available to students, industry, and government professionals for education and training, product development, offensive activity and competition, detection and defensive competition, response and recovery, and evaluation and benchmarking.
- The Georgia Bureau of Investigation’s Cyber Crime Unit allows law enforcement professionals throughout the state to take advantage of the GBI’s expertise in digital forensics.
- The center supports incubation and accelerator programs through a strategic partnership with theClubhou.se, an Augusta-based non-profit organization with a proven record of helping technology startups succeed.
- Demonstration space is used to highlight cyber research taking place at University System of Georgia institutions throughout the state, including basic and applied research at Augusta University.
- Build-to-suit Class A partner space is available for lease to cybersecurity companies, which can then leverage the center’s resources and the convenience of co-location with state, federal, and other industry associates.
GTA is responsible for partner coordination and played a key role in bringing leading private-sector companies to the Cyber Center, including:
- BAE Systems, a global defense, aerospace, and security firm
- Defense Digital Service, which applies private-sector technology and approaches to the U.S. Department of Defense’s most important initiatives
- Parsons Corporation, an engineering, construction, technical, and professional services firm offering cybersecurity and technical solutions
The Cyber Center positions the Augusta community and the state of Georgia as the nation’s leader in the critically important field of cybersecurity.