The Cutting Edge
Georgia is at the forefront of the industry that is growing rapidly to combat cyber threats to your data, your identity and your money
Right up to the point that your bank account is drained or a hacker uses your stolen ID to file a phony tax return, you may be inclined to view big data breaches as theoretical problems.
“If you lost access to an ATM or your bank account was at zero,” says Atlanta attorney and cybersecurity expert Justin Daniels, “that impact would come home to you.” Yet getting the average businessperson or consumer to appreciate the dangers technology can bring, along with the advantages that come with cellphones, computers, smart devices and the sophisticated networks they connect to, is not easy. “Convenience is beating the pants off of security. The more technology makes us interconnected, the bigger the cyber threat becomes,” he says.
Daniels is a shareholder in the Baker Donelson law firm and heads its Cybersecurity Accelerator, which assists startups. He is the founder of Atlanta Cyber Week, a series of industry events held this month.
He was on hand in July with other industry leaders for the opening of the Hull McKnight Building, the first phase of the Georgia Cyber Center in Augusta that is both a bricks-and-mortar testament to the gravity of cyber threats and a boon to the thriving Georgia industry that is working to stay ahead of those threats.
The center, a pet project of Gov. Nathan Deal for which the state came up with $100 million in cash, stands as a partnership among government, business, education, military and law enforcement interests. It represents, among other things, a commitment to workforce training for the cybersecurity industry and the largest investment ever by a state government in such a facility. The Georgia Bureau of Investigation’s new Cyber Crime Unit is housed there.
The Augusta location of the center has everything to do with the impending move of the U.S. Army Cyber Command to Fort Gordon; the presence of the National Security Administration/Central Security Service Georgia Cryptologic Center (reportedly code-named “Sweet Tea”); and the available higher education resources.
“It truly brings a unique ecosystem to that part of the state to help us deliver on our statewide mission,” says Calvin Rhodes, the state’s chief information officer and executive director of the Georgia Technology Authority, which oversees the center’s operation. “The view from the governor was that we had a workforce need across the state – and everything aligned to that core mission.”
The center combines a cyber range, which is a virtual environment for technology development and cyberwarfare training, available to private industry, government – federal, state and local – and students from Augusta University, Augusta Technical College and other schools; a business incubator and accelerator program to encourage entrepreneurship; and Class A office space available for lease, which provides a revenue stream for the center.
Daniels says the cybersecurity industry in Georgia traces its roots to Internet Security Systems Inc., the company Tom Noonan and Chris Klaus founded in Atlanta in 1994 and ultimately sold to IBM. “It was a really successful company that spawned a lot of other successful companies. Its refugees have gone on to do other internet things.”
The same attributes that have helped Georgia secure the nation’s third largest concentration of Fortune 500 companies – Hartsfield-Jackson Atlanta International Airport, a good business climate, strong university and technical college systems – make it a good fit for cybersecurity companies.
Georgia is now home to more than 115 information security companies that generate more than $4.7 billion in revenues annually. The number includes some of the biggest financial technology – or fintech – companies in the world, such as NCR, First Data, TSYS and Equifax. Atlanta alone has 25 percent of the global cybersecurity revenue market share, according to the Metro Atlanta Chamber (MAC).
“We are fortunate we have the mission in Augusta,” says Michael Shaffer, Augusta University executive vice president for strategic partnerships and economic development, “but it’s going to affect all of Georgia and help Georgia fulfill our workforce needs for fintech and other areas.”
Still, the economic benefits to the Augusta area are considerable. The Army cyber command is expected to bring 4,000 jobs, Shaffer says, and a great deal of collateral growth and development. “I was talking with a local businessman, a caterer who has been in Augusta for 37 years, and he said he had never before seen five cranes in the skyline at one time.” That’s a lot of new construction spread throughout the area.
MAC President and CEO Hala Moddelmog sees far-reaching benefits, especially the partnerships the center is fostering. “We are thrilled about the federal and state governments and technical colleges and universities connecting and collaborating,” she says. “It’s unique – a real public-private partnership. Georgia will get a lot of attention because of the cyber center.”
Partnerships are key to Georgia’s cybersecurity industry, in terms of the work itself and the task of building and sustaining a workforce.
Rhodes quotes from the 2017 Cybersecurity Ventures Report that projects some 3.5 million cybersecurity job openings globally by the year 2021; a half million of those will be in the U.S and 10,000 in Georgia.
“We hear all the time,” says Shaffer, “from the leadership within the Department of Defense and NSA that in order to solve retention [issues] and have the number of personnel they need, it’s going to take government, academia and industry working together to help us solve some of the problems.
“People talk about that, but the state of Georgia said, ‘OK, if that’s what you need, we are going to do that.’ I think we are on the cutting edge. Other people come together and maybe they collaborate, but this is putting people in the [same] building – that’s where their home is. Everything is built to encourage collaboration,” says Shaffer.
Partnerships, Daniels says, “are not only beneficial but they are absolutely necessary.” That may even include partnerships and information sharing between competitors.
“Hackers are really sophisticated folks,” he says, “so this is where a threat for Wells Fargo in the morning could be a hack on PNC in the afternoon.”
“If you look at how quickly the technology changes just month over month with new threats and new technology that those trying to do us harm [now have], we’ve got to cooperate with peers,” Rhodes says. “At the end of the day it doesn’t matter what kind of industry you are in, we are all trying to accomplish the same type of risk mitigation in this space.”
All individuals involved are learning from each other – as issues come up, he says, teams are coming together, trying to find the best way to address those new threats.
“Then,” he says, “take that on to innovation, where new tools might be needed.” Here is where the new center takes on a greater importance. “Bring in individuals who have great ideas and just need help in developing the idea into a product and potentially a product into a company. All those different areas of what’s happening in the center allow a student or private sector company to have [access to] great talent – students and mentors to reach out to, and internship opportunities.”
“We are on a good trajectory,” Moddelmog says, “but we have to keep pressing on. These partnerships are so important. You can imagine when you have industries that are run by companies that really depend on government interaction – the electrical grid, for instance – the ability to have relationships ahead of time and work with the government … it’s what drives the ecosystem. It can’t be done alone. It’s so intertwined with protecting companies’ data that there’s almost no escaping the need for collaboration.”
Despite all that’s going on in cybersecurity, there is a real lag in public awareness of cyber dangers – data breaches, identity thefts, hacking – that industry leaders find troubling.
“To me the No. 1 issue is how do we make more people aware of the threat and what they need to do to take common-sense actions to mitigate it,” says Daniels. “What do we value more than anything? The ease and convenience technology has brought into our lives.”
But infatuation with the convenience can lead to carelessness – like using the same password for multiple accounts, he says. “If hackers get your password, they know to try it everywhere because the likelihood is that you use the same password everywhere. How many [accounts] use two-factor authentication – the second layer that a lot of people find to be inconvenient?”
The speed of technological developments has made it harder to keep up. It was just in 2007, he recalls, that Facebook became widely available and in 2008 when Twitter started to go international.
“Did anyone think that 10 years later social media would completely transform the way we get news?” Daniels says. “At the same time, nobody thought about the long-term consequences of how a state actor might be able to inject information into our political bloodstream using social media as a distribution network to potentially undermine our very democratic system.”
The No.1 form of cyberattack, Daniels says, is phishing, which occurs when an imposter tries to trick an email recipient into clicking on a link, opening an attachment or sharing information – a user ID, password, social security number or credit card account number. Once the recipient clicks and shares, the impostor is able to inject malware that can shut down a computer or infect a system and disrupt operations.
“People assume something is trustworthy,” Daniels says, “but we are in the era where you need to take extra time to look at an email and see if it’s legitimate or not. Anybody can write an email and have it look authentic.
“Companies really struggle – how do I address these threats? A lot think if they have cyber insurance, they will be protected. But that’s a tool, not a panacea.
“Think of the Target breach,” Daniels says, referencing the 2013 data breach that affected more than 41 million customers. “It came from the supply chain.” Often hackers won’t go after a big company directly, but, as in the Target case, they find a vendor who’s easy to hack and has credentials to get into Target. “Why hack Target when you can get in indirectly through the supply chain?
“Normally, when we have a breach, it’s not because the technology was bad in itself, but we had a breakdown in the people or didn’t follow the controls.”
The costs attached to a cyber hack can be daunting: One report has suggested that the ransomware attack that hit the city of Atlanta last March may have a $17-million price tag. The hackers demanded a ransom, which the city declined to pay.
“Think about the alarming rate change is happening,” Rhodes says, “then think that it’s probably the slowest it’s going to be in our lifetime. It’s only going to accelerate.”
He mentions the changes that are producing autonomous cars and the smart grids cities use to move traffic. “They all run on data and technology. We have to find new ways to protect information – just because of the harm that could be done if we are not successful.”
Shaffer makes the point: “Innovation is going to be ongoing, not just in a defensive state but offensive state – good innovation that can affect quality of life. In the cyber world, think about healthcare – Fitbit helps people remain active, helps them track. But if somebody is able to hack into your Fitbit – what’s it connected to? What personal information [is at risk]?
“With every innovation and every good use, there’s the opportunity for somebody to use it in a malicious way. That’s the reason the innovative piece is going to have to change. You can’t put the genie back in the bottle.”
“Awareness training has got to cross every part of industry and the consumer as well,” Rhodes says. “Data is important, and there is a real value attached to it. We find a defense for something, then it morphs into something different. It’s a continually changing landscape.”
“In almost any industry you can name,” the chamber’s Moddelmog says, “a cyber threat can wreak havoc.” She sees cybersecurity needs growing rapidly in fintech, healthcare and the internet of things (IoT), the network of devices and appliances connected and sharing information – “machines talking to machines.”
Lately, Rhodes finds himself asked to look ahead and predict what the new cyber center is likely to be focused on in five years. That’s part of the challenge: “If we are successful,” he says, “what we’re going to be focused on hasn’t been invented yet.”
Fighting Cyber Crime
Georgia Bureau of Investigation Director Vernon Keenan, a 40-year veteran of law enforcement, has a sobering take on cybersecurity.
“What we have found in the last five years is that we have become basically overwhelmed with the number of cases we have been called on to assist state and local law enforcement agencies with,” Keenan says, “so we are seeing very much of a need to expand the capabilities of the GBI to investigate the emerging cyber crime activity.”
The GBI conducts criminal investigations at the request of a local or state agency. In July, the agency’s new Cyber Crime Unit opened concurrently with the Georgia Cyber Center in Augusta.
“Much criminal activity in today’s world has a nexus to technology, whether it is computers or cellphones or smartphones,” Keenan says. “We’re called upon constantly to become involved in investigations where we need to get into an encrypted device – we do this with a court order. It requires specialized skills and also requires specialized technology, which changes routinely. So it’s a constant process – to move investigations forward, you have to be able to deal with the new technology. That’s what this center will do.
“We do a tremendous amount of work in the child sex trafficking area and child pornography. All that type of work requires an ability to work in the cyber world. We’ve got to expand beyond that, because [there are] many, many other crimes in which we have to employ cyber technology to move an investigation.”
Keenan says he is not aware of any other investigative operation housed in a cyber unit like the one in Augusta. “Besides working criminal investigations, we will also have an internship program with the university system.
“We also intend to have law enforcement fellowships so local investigators can come into our work unit, serve a fellowship to learn those skills, then go back and use those skills to protect their communities. Local law enforcement has got to be able to protect their individual communities,” he says. “The problem is so massive they cannot rely on federal government and state government to take care of all the cyber criminal activity.”
Over the last decade, the GBI has trained more than 240 law enforcement agencies in ways to combat child pornography and child sex trafficking by using technology, and making those agencies part of a statewide task force. The new center will help take that training model into other areas of cybersecurity
“The problem is going to continue to escalate,” he says. “We’ve taken a major step forward by having an operations unit in the center. Georgia is on the spear point of protecting our citizens from cyber activity with this center.” – Susan Percy