Cyber Dawg 2019, held in early May, brought together state, federal and international agencies to learn effective ways to respond to SAMSAM ransomware. Members of the Georgia National Guard replicated forms of the malware recovered from recent attacks on the Colorado Department of Transportation and the city of Atlanta. The inaugural event was held in the state’s new cybersecurity facility: the Georgia Cyber Center in Augusta. The 332,000-square-foot facility, composed of two buildings, was built to position Georgia as a national leader in cybersecurity.
Personnel from Georgia state departments brought incident response plans unique to each agency — to the cybersecurity exercise. David Allen, Georgia's Chief Information Security Officer, said the three-day event exposed shortfalls in these plans and personnel will be able to use what they learned to adjust their plans and revise their current practices.
“As the threat evolves, they have to have flexible plans and flexible tools,” Allen said. “It’s much more than just policy governance at this point. I think the lightbulb really came on for a lot of them and we’re going to try and build on that as we go forward.”
Four workgroups used Georgia-based Security Onion, an open source intrusion detection, enterprise security monitoring and log management tool, along with trials of Windows in a closed-network, virtual environment. Sam Blaney, director of Cyber Security and Governance Risk and Compliance in the Office of Information Security, said open source tools provide the adaptability agencies need to respond to cyberthreats like ransomware.
“The open source tools give us the flexibility to show what open source technology is capable of, but also it doesn’t get people married to the thing they have back home that they use,” Blaney said. “It gets them to start thinking about the basics of how networks work … and how to identify the threat activity in each layer.”
The open source nature of Cyber Dawg 2019 broadened the exercise so that members of the Georgia National Guard and representatives from the Republic of Georgia, a nation in Eastern Europe, were able to participate alongside state employees.
The Georgia National Guard has built a relationship with the Republic of Georgia’s Ministry of Defence Cyber Security Bureau through the State Partnership Program, Blaney said, which fosters mutually beneficial relationships with other nations.
“We were able to bring three of those folks over as a part of that program and integrate them,” he said. “Where if this exercise had been hosted by an Army or U.S. Cyber Com [U.S. Cyber Command] or National Guard Bureau they may not have been able to do that because of security restrictions.”
An environment for unrestricted opportunities was part of the vision of Georgia Chief Information Officer Calvin Rhodes. When the Georgia Cyber Center was being constructed, Rhodes said he wanted a place that invited public participation.
Blaney said Cyber Dawg 2019, which has been earmarked as an annual event going forward, used its inaugural debut to iron out logistics on a smaller scale before the center held a full-scale, national conference.
“We thought that now that we have this nice, new center and it has great capabilities, we don’t need to use or be reliant on national-level resources anymore that are supplied by federal or other state agencies that may have had some funding to build things like this,” Blaney said. “We think it’s a great win for us to be able to do that and it kind of reduced some of the [logistical] problems by doing it in house.”
While personnel from county and city governments did not attend the exercise, Allen said they will be included in future events.
“We’re specifically focusing on our critical infrastructure and public health at the moment,” Allen said, “but as real-time events occur, we’re getting more contacts in the county and city, so we do anticipate possibly growing into that space in the future.”
