Senate study committee considers how to beef up Georgia’s cybersecurity by Rebecca Grapevine | Sep 13, 2022 | Capitol Beat News Service ATLANTA – A committee of state senators met on the Georgia Tech campus Tuesday to learn how the state can boost its cybersecurity. Industry and academic experts described how cyberthreats have evolved over the past decades to the committee chaired by Sen. Jason Anavitarte, R-Dallas. “It’s our belief we need to leverage every asset that we have,” Anavitarte said, stressing the need for a bipartisan effort. “This cannot be territorial, this cannot be Republican versus Democrat.” “One single incident can lead to a major disruption in business,” added David Levine, chief information security officer for RICO International, a Stone Mountain-based manufacturer. Levine and other experts said schools, hospitals, transportation and energy supplies are all at risk. Georgians may recall the attack on the Colonial gas pipeline last year that stymied the flow of fuel on the East Coast or the ransomware attack on the city of Atlanta that gummed up computer operations for months in 2018. Hackers target governments and businesses through emails and phishing. They can hold data from governments or businesses ransom for large sums of money and even delete essential files, several experts said. Typically, the motivation is money, Levine said. As the threats have grown, so has the demand for skilled cybersecurity workers. Georgia Tech founded a School of Cybersecurity and Privacy to help train cybersecurity experts. The university sponsors advanced research as well as programs for undergraduates who get real-world experience helping governments and businesses fix cybersecurity problems. Shorter-term training programs are also needed to rapidly grow the workforce, said Curley Henry, vice president and deputy chief information security officer for Georgia Power. Henry described a program that helps Georgia single mothers earn a cybersecurity certificate and find employment. Such short-term training programs can help fill staffing needs quickly, he said. Another challenge is collecting and coordinating information about cybersecurity attacks. Companies understandably do not always want to disclose when they’ve been attacked, said Matt Guinn, a principal research scientist at Georgia Tech. But a Georgia law that took effect last year requires government entities to report cyberattacks to the state’s Emergency Management and Homeland Security Agency. “I believe that bill really helped … get in front of a problem once it occurs, rather than playing catch up,” said David Allen, the state’s chief information security officer. Allen said it’s extremely rare for a cyber attacker to be prosecuted and convicted because the attacks are hard to trace and may involve multiple states or countries. Still, his office works closely with federal agents from the FBI, the U.S. Department of Homeland Security, and the Secret Service to investigate attacks. States like Ohio and Michigan have attempted to improve cybersecurity by creating civilian cybersecurity corps that can provide rapid responses to attacks, Allen said. The legislators appeared to be interested in the idea. The committee plans to meet next in October.This story is available through a news partnership with Capitol Beat News Service, a project of the Georgia Press Educational Foundation.