James May June 2024 web - Flipbook - Page 69
n the September 2022
edition of James, I wrote
a feature article about the
increasing risk from global
cyber threats and how Georgia is a
national leader in cybersecurity on
many fronts. Unfortunately, being a
leading state in cybersecurity is not
keeping pace with adversarial cyber
capabilities and their efforts to deceive, discredit, steal and destroy.
In March the Federal Bureau of
Investigation Internet Crime Complaint Center (IC3) released their 2023
Internet Crime Report. Not surprisingly, the reported financial loss due to
cybercrime in the United States rose
to $12.5 billion, a 22 percent increase
from reported financial losses in
2022. Investment scams led the way
with $4.57 billion in reported losses,
followed by business email compromises with over $2.9 billion. Although
ransomware attacks accounted for
only $59.6 million in reported losses
in 2023, it was a 74 percent increase
in reported losses from 2022. For
Georgians who routinely fall victim to
these attacks/scams, reported cybercrime losses exceeded $300 million—
and actual losses are estimated to be
at least five times that amount.
As a staunch Constitutionalist, I
am a huge advocate of local government control. However, in the case
of cybersecurity, most local governments and small businesses don’t
possess the ability to defend themselves against nation-state cyber
actors or international cybercrime
organizations. In other words, it’s not
a fair fight. To level the playing field,
Georgia should define and implement a “Whole State” approach to cybersecurity, a version of which was
recommended in a 2022 State Senate
Study Committee report (SR 741).
The federal government will
be a critical partner in our fight but
cannot solve all our cybersecurity challenges. If we can develop,
resource, and incentivize a culture
of cybersecurity in Georgia we can
make our citizens, government institutions and private industry much
more resilient to cyber threats.
To promote this culture, Georgia
should develop a statewide cybersecurity strategy, similar to the New
York State cybersecurity strategy
developed in 2023. There are many
positive cybersecurity-related efforts
ongoing in Georgia, but their impact
is minimized by a lack of coordination. A statewide strategy would
define common goals, identify key
stakeholders and develop the organizational structure and processes
to bring all the state’s cybersecurity
resources to bear in a coordinated
and decisive way. It should define
necessary public-private partnerships and help leverage state buying
power for cybersecurity capabilities
and services across the state.
The strategy should focus on
educating and empowering our
citizens, government institutions and
local businesses— not only improving
cyber education in the classroom but
helping educate the entire population
on good cyber hygiene. It should address the plan for solving the cyber
workforce shortage and identify the
resources and partnerships required
to make our state more resilient to
cyber-attacks. The strategy should
also address the need to help local
governments and small businesses
assess their risk and assist them
with risk mitigation.
In addition to a statewide strategy, the state should develop detailed
plans to help mitigate cyber risk and
effectively respond and recover if a
cyber-attack occurs. Currently, there
is no published state-level plan for
responses to cyber incidents. Title
38-3-22.2 of Georgia Code mandates
reporting of cyber incidents but
does not clarify who does what after
the report is received by the Georgia
Emergency Management and Homeland Security Agency.
M AY/ J UNE 2024
69
