Three Years In: An Update on the Georgia Cyber Center

Georgia CTO Steve Nichols and CISO David Allen discuss what’s new and what’s coming soon at the Georgia Cyber Center, a global resource for cybersecurity training, leadership and more.

GTA_CYBER_007.DronePhotos-19-2-reduced-1280x931
Georgia Cyber Center
Back in 2018, after interviewing technology and security leaders in Georgia, it was clear that the Georgia Cyber Center (GCC) was special — for many reasons. My interview with Calvin Rhodes, CIO of Georgia and executive director of the Georgia Technology Authority (GTA), described the vision, planning, teamwork and execution that made the vision a reality.

Fast-forward three years, and the GCC continues to receive a lot of (well-deserved) attention and offers one model for federal, state and local governments to consider on a range of cybersecurity training, solutions and emergency management exercises.

After hearing about some new developments, I reached out to the current chief technology officer and chief information security officer in Georgia for an interview to learn more about a range of topics.

As Georgia CTO, Steve Nichols advises the leadership of GTA and state agencies on technology issues. He has played a key role in important initiatives to modernize state government IT, including the privatization of IT infrastructure services and managed network services in 2009. Government Technology named Nichols as one of the nation’s Top 25 Doers, Dreamers and Drivers for 2012. The National Association of State Chief Information Officers awarded Dr. Nichols the State Technology Innovator Award in 2017. He holds a Ph.D. in physics from the Georgia Institute of Technology.


steve-nichols-georgia-cropped-2.jpg


I have worked with Steve for many years going back to my time as Michigan CSO, and he is always willing to help and address the latest cutting-edge technology issues with excellence. He is a global leader who offers impressive insights, and his perspectives are sought after by governments worldwide.

David Allen is the Georgia CISO and leads GTA’s Office of Information Security, which unifies information security responsibilities for the state’s IT enterprise, the Georgia Enterprise Technology Services (GETS) program and GTA.


david-allen-2.jpg


Prior to joining GTA in 2019, David served as the chief technology officer and chief of cybersecurity for the Georgia Army National Guard. He deployed to Afghanistan in support of Operation Enduring Freedom in December 2011 with the 648th Maneuver Enhancement Brigade to oversee communications for the Kabul Base Cluster. David’s exemplary military service earned him multiple medals and decorations, including the Bronze Star Medal, Meritorious Service Medal and Army Commendation Medal.

Note: Nichols and Allen opted to respond to the questions jointly.

Dan Lohrmann (DL): Has the Georgia Cyber Center evolved over the past three years?

GTA Leadership (Dr. Steve Nichols and David Allen joint answer): The Georgia Cyber Center (GCC) continues to evolve as a nexus of cyber education, innovation and strategic partnerships. A third facility is now planned to handle continued demand for services. From startups to university researchers to Army Cyber Command and its private-sector partners, the GCC is excited to serve these critical needs now and into the future.

DL: Has the mission changed or expanded? In what ways?

GTA Leadership: The vision and mission of the Cyber Center are to create an ecosystem for government, academia and private industry to collaborate and innovate around cybersecurity. That is unchanged. What does continue to change are the opportunities, variety of partnerships and entrepreneurship activities that have flourished much more rapidly than originally anticipated.

DL: What is Your Cyber Dawg Exercise?

GTA Leadership: Cyber Dawg is a live-action cybersecurity exercise led by the Georgia Technology Authority (GTA) Office of Information Security. The award-winning annual event serves as Georgia’s capstone interagency cyber exercise, building on essential processes and technical skills relevant to the defense of state networks. Over an intense five days, participants move through a staged mock corporate environment being subjected to multiple attack scenarios. The exercise is conducted in the controlled, contained learning environment of the state’s cutting-edge Cyber Center.

DL: Who is involved in Cyber Dawg and what are their roles?

GTA Leadership: Cyber Dawg involves three groups of participants. Multiple blue teams consist of integrated network defense teams from multiple state agencies that are the primary focus of the training event. Assisting the blue teams are mentors from the Georgia National Guard guiding them in the finer points of cyber defense. Second, the red team (adversary) provides realistic attack simulation for the defenders. These roles are supported by National Guard and GCC trainers. Finally, the white team provides overall command and control of the exercise to ensure training objectives are met and keep the exercise on schedule.

DL: Is there international participation in your exercises? How does that work?

GTA Leadership: Cyber Dawg enjoys international participation through the State Partnership Program that exists within the National Guard. The Georgia Army National Guard enjoys partnerships with the country of Georgia and Argentina. Cyber represents only one component of the training partnership that enhances readiness of our guard forces for state and federal missions.

DL: Georgia was a state government leader in purchasing cyber insurance. How has that changed? Has your perspective changed on cyber insurance as adding value? 

GTA Leadership: Cyber insurance continues to hold an important place in our portfolio of cyber defense tools. The insurance market itself has shifted in how these policies are viewed and in what instances they may be employed. A continued high level of cyber risk and many ransomware incidents across the country have increased premiums in the U.S. With several years of experience under our belt, we now carefully assess the severity and impact of a given incident before making a claim. The policy does not fit every incident response requirement, and Georgia has added in-house capabilities to provide multiple response options, especially for dealing with smaller/less severe incidents.

DL: What are your plans going forward regarding cyber insurance?

GTA Leadership: Our cyber insurance will continue to be a part of our cyber strategy. The policy covers the executive branch, excepting education. We have seen a lot of interest from other branches (judicial and legislative), higher education and local government. Some, like the university system, have contracted for their own policies and we have given a lot of advice to others about how to get started. We will continue to aggressively pursue cyber defense improvement across the executive branch and manage risk to stabilize premiums and ensure the long-term value of the policy.

DL: What other cybersecurity and infrastructure projects are a priority as we head into the second half of 2021?

GTA Leadership: GTA continues to be at the forefront of the state IT modernization strategy and has multiple cybersecurity and infrastructure projects in progress. Gov. Kemp fortified the Statewide Cybersecurity Review Board through an executive order, and the board is taking an active role in setting cybersecurity policy. Those policies have resulted in cybersecurity projects focusing on protection of the mobile workforce and ensuring we have the right mix of tools to keep our workers safe during remote work. Some of these categories are identity access management, continuous vulnerability management, next-generation SIEM and cloud security. Outside of security-specific projects, GTA is committed to the state’s broadband deployment initiative and the expansion of IT services available to other government entities via our GTA Direct services catalog.  

DL: Is there anything else you want to add?   

GTA Leadership: The cyber threat and technology landscapes continue to change rapidly and increase in complexity in a way that presents many challenges for state government. A focus on partnerships and enabling processes conducive to rapid change are necessary, and GTA has been up for the challenge. While cyber incidents will certainly not decline, strategic efforts such as security awareness training, Cyber Dawg and modernization have bolstered our ability to respond quickly and in a way that allows continuity of operations and continued service of our citizens.

DL: I want to thank Steve and David for their willingness to share and for their service to Georgia and the nation. I certainly wish them all the best as they continue to lead their cybersecurity and technology programs. Other governments have much to learn from them.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.