The $50 million cyberlab will bring together state government, academia, law enforcement and private-sector players in a bid to shore up the cyberworkforce and strengthen defenses.
Government technology leaders have set their sights on forging dedicated cybersecurity facilities and initiatives. Maine’s state CIO chairs the Information Protection Working Group. New Jersey has its Cybersecurity and Communications Integration Cell, while the Northern California Regional Intelligence Center continues to break new ground in cybercollaboration.
When leaders in Georgia opted to pursue their own cybercollaboration, they chose to paint with a bigger-than-usual brush. The $50 million Hull McKnight Cyber Innovation and Training Center now under development in Augusta is exceptionally ambitious. Named for local businessmen James M. Hull and William D. McKnight — credited with the original idea for the center — it brings together state government, academia, law enforcement and private-sector players in a bid to shore up the cyberworkforce and strengthen defenses.
We have many different players focused on different pieces, and it seemed we could get a lot more done if we brought all those groups together,” said Georgia CIO Calvin Rhodes, who is also executive director of the Georgia Technology Authority (GTA), the entity responsible for building the center.
Getting everyone together has been no small trick, with each constituency bringing its own needs and expectations, its own way of doing business. Concerns have ranged from the vital (securing a space for legal evidence) to the mundane (finding parking for everyone).
How to make these disparate pieces fit together? GovTech talked to key players from across the board to discover how they plan to get their needs met on the way to making this 167,000-square-foot center a reality by the scheduled July 2018 opening date.
The center aims to train a future cyberworkforce, which makes Augusta University a key tenant. The university plans to house its School of Computer and Cyber Science at the center, and officials say they’re eager to be part of the venture.
To solve our issues around cyber, it is going to take academia, industry and government. Those three are going to have to work together to find solutions,” said Michael Shaffer, the university’s vice president for government relations and chief advocacy officer. “Our job is to interact with all the different players.”
For the university, a successful collaboration hinges on the coordinated use of physical space. If the center is to serve as a training ground, its multiple tenants must choreograph an elaborate dance to ensure classroom facilities are available as needed.
“There is a level of complexity around scheduling. It’s a Rubik’s Cube. You can move two pieces, and when you do, you’ve just moved another piece somewhere else,” Shaffer said.
Georgia Cyber Innovation and Training Center
Facility size: 167,000 square feet
Cost: $50 million Groundbreaking: June 19, 2017 Expected completion: July 2018
Source: Georgia Technology Authority
The school’s main campus is about 12 minutes away, so planners have to factor in travel time for students taking classes at the center. It helps that the Technical College System of Georgia will also be using the facility. “Educational space can possibly be a shared resource, because nobody uses a classroom every hour of the day,” said Shaffer, “But then that involves yet another set of schedules.”
The school also has to consider staffing, as an expansion into the training facility will put added demands on faculty. “One way of getting at that could be joint appointments,” Shaffer said. Faculty could teach part-time and work part-time on the payroll of other center tenants. There might be some logistical advantages to this, as joint appointments could facilitate a freer flow of information and collaboration.
The school plans to hire at least six new faculty members to support this effort, and while demand for cyberexpertise is intense, Shaffer said the project’s high profile is helping with recruiting. “With all the talk of this new building, there are a lot of people showing interest. They see an opportunity to be part of something unique. There is talent that is reaching out to us because they see something exciting happening,” he said.
For Vernon Keenan, director of the Georgia Bureau of Investigation (GBI), the new cybercenter represents a two-fold opportunity. It will provide a space for law enforcement professionals to leverage GBI’s existing expertise in digital forensics. It also will free up the agency’s child-pornography experts to get back to doing what they do best.
Georgia’s digital law enforcement savvy is a direct result of their expertise investigating child porn cases: The experts in this unit are the ones who developed sophisticated techniques for ferreting out secrets from smartphones and computers. They’ve gotten so good at it that now investigators on a broad range of crimes come to them for help. If a cellphone is found at a murder scene, the child porn investigators typically are asked to pick it apart for evidence.
Keenan is eager to let them return to their main duties, and he says he can do that by basing a cybercrime unit at the new center. He expects 20 staffers to occupy 15,000 square feet in the building, including 12 permanent GBI personnel and a cadre of trainers devoted to helping local law enforcement get up to speed on cyber.
In making the transition, Keenan is most concerned about physical space, specifically the need for a secure environment. His people will be dealing with evidence in criminal cases, and that creates certain extraordinary requirements.
“When we extract data, we do it by court order, so we have to protect that information. There are a lot of privacy issues, a lot of chain-of-custody issues to maintain the evidence. There have to be inventories and audit trails,” he said.
As a condition of entering into the center, GBI insisted on designing its own facilities. In addition to basic office space, GBI will have room for its investigative teams, along with a computer lab, secure servers and workspace for interns. The bureau will also have an expansive space for breaking down and investigating suspect devices. “We need to be able to line up all the computers that we are accessing, to hold all the instruments that we use to extract data,” Keenan said.
At the same time, law enforcement officials want to be careful not to wall themselves off from their cybercolleagues: The whole point here is to foster collaboration. Given the security demands around their work, “the risk is that everything is so structured that there is no personal interaction with folks in the center,” said Keenan. He’s thus taking steps to ensure that there will be ample opportunity for interpersonal communication across teams. “Having that personal interaction is what breaks down barriers.”
The timeline on this beast is insanely aggressive — roughly 18 months — and Calvin Rhodes knows it only too well. In addition to massaging the various players, making sure their specific needs are met,
he has been seeking creative ways to expedite what would ordinarily be a prolonged endeavor.
He has enlisted allies to help cut through bureaucratic red tape. It typically would take four months to get the land disturbance permits for a project of this scale. City officials stepped in and cut it to
Rhodes and his team also accelerated the process by opting for a cookie-cutter architectural approach. They tapped the design firm Gensler, which has used a generic prototype to design similar facilities for at least seven other customers. That template helped give the design effort a running start. “On day one, they brought in a full set of plans for how the building is put together,” said Rhodes. Customizing will be much quicker than creating from scratch.
It helps, too, that the project is operating under the auspices of the Georgia Technology Authority (GTA), which has greater flexibility than state agencies regarding procurement rules. As an authority, GTA can cut a typical 60- to 90-day RFP cycle down to 10 days and can pick a winning vendor almost instantly once proposals are in. “We would start in the morning and make our decision by close of business,” Rhodes said. “If your company didn’t have projects you could point to, you would get eliminated pretty quickly.”
Finally, Rhodes has taken a divide-and-conquer approach to hastening the work, breaking down various aspects of the project among half a dozen working groups. There’s a working group to address the needs of a future cyberacademy for state employees; a group to deal with private-sector and incubator issues; another for research and development; and another to ensure federal stakeholders have a voice.
Each working group has a specific agenda and a concrete timeline, and Rhodes pushes hard. “Some of these groups might take a year to make these decisions if they could, but we need them to do it in weeks and months,” he said. “If you can’t make a decision, we will make it for you.”
Despite the tough talk, Rhodes has arguably bent over backward to accommodate the various needs of his future tenants. He’s given law enforcement a free hand in designing its environment, and has tried to be flexible in assigning space in order to accommodate academia’s scheduling needs.
Then there’s the parking.
The city of Augusta will pay for construction of a five-story parking deck through a $12 million bond issue. Problem solved? Not quite. The university students, law enforcement officers and private-sector participants — all have different parking stickers and cards that work on their respective campuses. What system would the center use?
It may sound trivial, but these are just the kind of sticky details that can grind down a large-scale public project. So Rhodes convened a working group (of course), and it was determined that roughly half of the 250 to 300 cars expected at the center each day will have Augusta University parking credentials. The parking desk will therefore be outfitted with a system that syncs to those passes.
Even as he balances the needs of his diverse internal constituents, Rhodes has been looking outward. He says he doesn’t want a facility where “everything is behind the fence,” but rather a center that invites public participation.
“We want people to come in and see what is going on,” he said. There will be an auditorium for public events, and connections to the local river walk to bring people to the campus. “We want people to get interested in the cybersecurity field. We want the community to feel welcome.”
The private sector
The long-range vision calls for the center to include a vigorous private-sector presence. Tech entrepreneurs are a driving force on the cyberscene, and private companies say they’re eager to pool resources and swap notes with law enforcement and the research community.
Getting private-sector tenants on board is complex. As Rhodes points out, there are laws that govern how the state leases space to private firms, and at what rate. “If I have to give away a few months of free lease to help a company offset costs, we just have to be very careful about how we do that,” he said.
As vice president of security solutions for Check Point Software, which has a sizable Georgia presence, Avi Rembaum said his firm is interested in the collaborative opportunities presented by the center, but like all other stakeholders, he too has his needs. He wonders how the organizational ground rules will evolve.
“You need everyone jointly contributing, not in an ad hoc way but as a regular way of operating,” he said. “There will have to be a shift in mindset, where everyone understands that this is a shared responsibility and that each individual entity is better off by participating in this ecosystem.”
Reassuring potential private-sector partners will be a crucial part of the long-term success of the center, but it’s just one step. In addition to executing on the various components described above, planners also must forge a working relationship with the U.S. military. The U.S. Army Cyber Command is expected to take up residence at nearby Fort Gordon in 2018 and is expected to be a key contributor to the state’s emerging cyberecosystem.
That means Rhodes needs military certification for security-cleared personnel to work in certain spaces. The Defense Department isn’t used to doing that at a venue with multiple non-military users, and it’s required some heavy lifting.
“There is no defined process for this. It is uncharted,” Rhodes said. The same could be said for the entire Innovation and Training Center. Georgia is literally breaking new ground here, as it seeks to build a cyberworkforce, bolster law enforcement and foster private-sector ingenuity … with ample parking for all.