A Multi-faceted Approach to Cybersecurity

As technology advances, so do the threats from cybercriminals and hostile nations. According to Gartner, a leading IT research and advisory firm, cybersecurity demands focus and vigilance, and this section of the Annual State IT Report describes the multi-faceted approach that the state takes to protect sensitive citizen data and the IT enterprise. Georgia’s Enterprise IT Strategic Plan 2025, which is available on the GTA website also examines the role of cybersecurity in the foreseeable future.

The overall strategy for the improvement of cybersecurity across the state continues to focus on our people. Governor Kemp’s executive order on August 13, 2019 started a new chapter in cybersecurity training that continues to pay dividends across the state. The number of state employees and contractors in the Proofpoint platform has grown from an initial 95,000 to more than 146,000. In cooperation with the State Government Systems Cybersecurity Board, GTA constantly monitors the curriculum in this program to ensure it evolves with the current threat landscape. Training modules addressing issues facing employees in the new remote work environment have been implemented and continue to raise awareness to protect the expanded attack surface.

Managed security services remain important capabilities available to state agencies. The services are offered by Atos, which provides mainframe services for the Georgia Enterprise Technology Services (GETS) program, and include several tools and defenses that build on other services already in place. In addition to cybersecurity training, these services include:

  • Security Operations Center (SOC)
  • Security Information and Event Management (SIEM)
  • Vulnerability Management System (VMS)
  • Enterprise Governance, Risk, and Compliance (EGRC)

SOC and SIEM offer centralized, 24/7 security monitoring and proactive response to any threats to help keep them from spreading. VMS involves scanning servers, laptops, and desktop computers to identify vulnerabilities. Meanwhile, EGRC provides the capability to obtain a single, dashboard view of the full risk landscape and risk remediation. The services combine to build a more rigorous defense for state systems and data. State agencies can order additional, specialized security services, such as penetration testing, computer security incident response team, and digital forensics.

The State Government Systems Cybersecurity Board is charged with reviewing the cybersecurity of executive branch agencies to identify risks, promote best practices, and audit for cybersecurity training compliance. The board is chaired by the Governor’s Technology Advisor and includes the Adjutant General, GTA’s Chief Information Security Officer, the Director of the Georgia Bureau of Investigation (GBI), the Director of the Georgia Emergency Management and Homeland Security Agency (GEMA/HS), and the Executive Director of the Georgia Cyber Center at Augusta University. The board meets at least quarterly and provides an annual briefing to the Governor.

The Enterprise Cybersecurity Risk Register provides state agencies with a common framework for categorizing and responding to cybersecurity risks. State agencies rate their information systems as having a high, medium, or low impact, depending on the worst-case potential outcome of a cybersecurity incident. Agencies are responsible for ensuring their compliance with cybersecurity reporting requirements. GTA regularly administers questionnaires soliciting information about each agency’s cybersecurity program and the security of information systems and individual applications.

With funding allocated in 2016, GTA began IT security assessments to determine the state’s overall cybersecurity risk posture. The work is an ongoing part of operations, and the findings are reviewed by the State Government Systems Cybersecurity Board, which sets statewide priority for addressing recommendations for closing gaps. While security assessment planning continued in 2020, COVID-19 temporarily delayed the assessment schedule. In-progress reviews resumed in August 2020, and efforts are being made to put executive branch assessments back on schedule. As an example, the Department of Audits and Accounts (DOAA) and GTA’s Office of Information Security (OIS) began a first joint audit, starting with the Stone Mountain Memorial Association in September 2020. This collaboration will create efficiencies in the audit and assessment process and lower the burden on agencies scheduled for both an audit and assessment in the same calendar year.

An effective strategy for cybersecurity calls for information and intelligence sharing among local, state, and federal agencies. The Georgia Information Sharing and Analysis Center (GISAC), one of 77 U.S. Department of Homeland Security recognized fusion centers in the United States, serves as the primary repository for counterterrorism and criminal intelligence information in the state. Operated by the GBI with participation from several agencies and organizations, including GTA, GISAC distributes bulletins and threat assessments to law enforcement, public safety, emergency management, and private sector partners throughout Georgia. This success has been built upon in 2020 with a collaboration between GEMA and OIS. Through the utilization of federal grant funding, OIS has staffed an additional position that will provide greater integration with the GISAC and GEMA/HS as well as providing much needed depth to OIS cyber intelligence activities.

GTA’s OIS facilitated responses for state and local government agencies that suffered ransomware attacks in 2020. Incidents at the local level continue to result from spear-phishing emails and poor cyber hygiene in internet-facing systems. OIS, in cooperation with GEMA/HS and the GISAC, continues to facilitate evaluation of local reported incidents and provide recommendations for next steps. When appropriate, OIS facilitates the hand-off to the Georgia National Guard Cyber Protection Team and partners with them to improve incident response processes. OIS continues to develop its own internal response capability and has been able to directly respond to incidents impacting executive branch agencies. This response capability represents significant cost savings to the state, especially among agencies in a fiscally constrained environment.

GTA’s OIS also coordinated the second annual Cyber Dawg exercise in cooperation with the Georgia Cyber Center. Although held as a virtual event due to COVID-19 restrictions, this three-day, multi-agency security training exercise aimed to sharpen cybersecurity skills across a multitude of tools that agencies can use in their IT environments. This year’s event included a total of 65 personnel across 21 state agencies and successfully built the bench for an anticipated resumption of a full-scale exercise in 2021.

The Georgia Cyber Center at Augusta University is currently the nation’s single largest investment in a cybersecurity facility by a state government. The $100 million, state-owned facility is a unique public/private collaboration among academia, state and federal government, law enforcement, the U.S. Army, and the private sector. It is equipped to keep up with the changing face of cybersecurity and provides needed focus in key areas:

  • Education and training for agencies, the military, and the private sector
  • Incubation of new security ideas
  • Research and development with an emphasis on cyber defense
  • IT security information sharing among Georgia agencies, homeland security, and the private sector
  • Public-private partnerships for cybersecurity innovations

The Cyber Center is comprised of two adjacent buildings totaling 332,000 square feet, and its cutting-edge features make it unlike any other facility in the nation:

  • In partnership with Augusta University and Augusta Technical College, the center provides 21st century workforce training through certificate programs and undergraduate- and graduate-level programs in cybersecurity and cyber sciences.
  • The Georgia Cyber Range helps strengthen the stability, security, and performance of cyber infrastructures. It is available to students, industry, and government professionals for education and training, product development, offensive activity and competition, detection and defensive competition, response and recovery, and evaluation and benchmarking.
  • The GBI Cyber Crime Unit allows law enforcement professionals throughout the state to take advantage of the GBI’s expertise in digital forensics.
  • The center supports incubation and accelerator programs through a strategic partnership with theClubhou.se, an Augusta-based non-profit organization with a proven record of helping technology startups succeed.
  • Demonstration space is used to highlight cyber research taking place at University System of Georgia institutions throughout the state, including basic and applied research at Augusta University.
  • Build-to-suit Class A partner space is available for lease to cybersecurity companies, which can then leverage the center’s resources and the convenience of co-location with state, federal, and other industry associates.
  • GTA is responsible for partner coordination and played a key role in bringing leading private-sector companies to the Cyber Center, including:
  • BAE Systems, a global defense, aerospace, and security firm
  • Defense Digital Service, which applies private-sector technology and approaches to the U.S. Department of Defense’s most important initiatives
  • Parsons Corporation, an engineering, construction, technical, and professional services firm offering cybersecurity and technical solutions
  • U.S. Army Cyber Command
  • Savannah River Nuclear Solutions, LLC

The Cyber Center positions the Augusta community and the state of Georgia as the nation’s leader in the critically important field of cybersecurity.