It started with an abnormal beacon coming from the depths of classified U.S. military networks.
Every tsunami starts with a powerful force violently shaking its surroundings and rippling through what used to be calm waters.
Once it hits land, it changes virtually everything.
The cyber tsunami now hitting Augusta, Georgia, is no different. The underground force that led to it was first detected in the summer of 2008.
It started with an abnormal beacon coming from the depths of classified U.S. military networks. Alarmed, U.S. intelligence agents worked fast to identify the software that was generating the signal. They concluded that spyware, later named Agent.btz, was trying to communicate with an external computer — something that should never happen within isolated military networks carrying top-secret information.
Almost immediately, intelligence officers knew they had a problem. They just didn’t know its magnitude.
“I don’t think people realized how serious it was at that time,” said Augusta native Dr. Jay Heslen, a former U.S. Air Force intelligence officer.
Heslen knew little about the attack at first, even though, as he would later learn, he was at the epicenter of it all.
That summer, he was working for a Defense Intelligence Agency unit in the Middle East, where Agent.btz first hit U.S. military networks. The attack began with an infected thumb drive that was inserted into a computer at a U.S. military base in the region.
“We passed thumb drives around like candy,” Heslen said. “Not a lot of people thought about thumb drives as a vulnerability.”
Like a tsunami rushing away from its point of origin, Agent.btz spread from that military base in the Middle East to the rest of the world, making its way into classified U.S. military networks, including the Pentagon’s, and reportedly the networks of another NATO government as well.
The spyware was the work of an unknown foreign enemy that was trying to steal classified information from the U.S. military.
Heslen only learned the details of the problem two years later, when he read a Foreign Affairs article that declassified information on the cyberattack.
The author, Deputy Secretary of Defense William J. Lynn III, called Agent.btz “the most significant breach of U.S. military computers ever.”
Heslen connected the dots and realized that this cyberattack was a game-changer.
“As far as I know, it was the most sophisticated attack against U.S. military systems to date,” said Heslen, who worked for U.S. intelligence for more than 20 years. “This was the first time I heard of somebody using thumb drives as a vector for malware. Our adversaries were executing what we now call HUMINT, or human-intelligence-enabled cyber operation. It seemed to me we were entering a brave new world … a new age of cyberwarfare.”
This breach led to a first wave of measures to defend U.S. systems, including a military ban on thumb drives and a 14-month operation named Buckshot Yankee to clean up U.S. military networks.
The attack also led to a second wave, which would eventually hit Augusta.
The Big Wave
Protecting classified networks from foreign enemies would take much more than banning the use of thumb drives. A better coordination of the nation’s cyber defense was required, and that meant big changes.
In the summer of 2009, Defense Secretary Robert Gates authorized the creation of U.S. Cyber Command and put Lt. Gen. Keith Alexander, then director of the National Security Agency, in charge.
Talks then began in Washington about creating U.S. Army Cyber Command, a unified cyber force for the Army that would work under the umbrella of U.S. Cyber Command.
When Saxby Chambliss, then a U.S. senator from Georgia, heard the rumors, he saw an opportunity for his home state to ride the cybersecurity wave that was already flooding Capitol Hill.
“As a member of the House, a member of the Senate, it’s part of your job to try to secure missions for military installations in the area that you represent,” he said.
From the very beginning, when U.S. Army Cyber Command began operating in 2010 from separate buildings in Fort Meade, Maryland, and Fort Belvoir, Virginia, Chambliss fought in Washington to bring the mission to Georgia.
To him, Augusta’s Fort Gordon was the logical place for a permanent headquarters for the Army’s cyber command.
First, the NSA had expanded its operations at the fort in 2007 and 2008, creating a better opportunity for the agency and the cyber command to collaborate and share intelligence. Second, the command would also have the ability to physically expand at Fort Gordon due to land availability and low cost. Third, the fort was home to the U.S. Army Signal Corps, the center of the army’s communications and information systems.
“When you look at the combination of all of those three [factors], it just made a lot of sense in my mind for the Army Cyber Command to be located at Fort Gordon,” Chambliss said.
The U.S. Army secretary agreed with Chambliss, and in December 2013, it announced its cyber command would move its headquarters to Fort Gordon.
Now, it was official: The cyber tsunami was coming to Augusta.
Preparing for the Wave
Though signals preceding the wave were not as general as those triggered by a real tsunami, local governments and key community members began to prepare.
An ongoing element of this preparation has been the Alliance for Fort Gordon, a nonprofit created in 2003 to save Fort Gordon from closing during the 2005 Base Realignment and Closure (BRAC), a government process that cuts costs and increases efficiency in the military through measures such as base closures.
Now, as a liaison between Fort Gordon and the greater community, it plays a major role in preparing for cyber growth.
Since the announcement of the U.S. Army Cyber Command’s move to Augusta, Fort Gordon has received about $2 billion in infrastructure investment, with another $2 billion projected through 2028, said Dr. Tom Clark, the alliance’s executive director, who was the Army’s Signal Regimental Command sergeant major at the fort when he retired in 2011. A total of $900 million will go toward building a world-class cyber campus on base.
“So, all those 1965 buildings that are on Fort Gordon now — some will remain and get retrofitted, but you will have a brand-new facility there,” Clark said.
Besides this federal investment in cyber infrastructure through the military, Augusta has received heavy support from the state of Georgia.
In 2017, Gov. Nathan Deal announced the state would invest $100 million in a new cyber facility in downtown Augusta — Georgia’s largest investment of this kind to date. The new facility, named the Hull McKnight Georgia Cyber Center, will have two buildings that total 332,000 square feet.
The center will house an incubator, classrooms and a cyber range. It will serve as a place for fostering innovation, training the cyber workforce and supporting law enforcement and the military.
“Hackers do not attack along the same vein every single time,” said Stanton Gatewood, the state’s chief information security officer. “The cyber range and the infrastructure we are building in Augusta will allow us to be that versatile and that mobile. And as these attacks and threats grow, we must grow.”
To support all this investment from the federal and state governments, the City of Augusta has authorized $12 million to build a parking deck for the Georgia Cyber Center. The city also has a development plan for downtown Augusta to attract businesses and commerce to the area, Gatewood said.
Infrastructure alone, however, could not guarantee success. Augusta would also need a well-trained cyber workforce to survive the tsunami.
“Despite Army Cyber Command’s high-tech profile, people are at the core of what we do,” said Charlie Stadtlander, chief of public affairs for the U.S. Army Cyber Command. “We’re going to be looking for talented professionals to join our team.”
In order to provide this pool of talented cyber workers, community partners and all levels of government have invested in educational initiatives.
The Alliance for Fort Gordon, for example, has focused on promoting cyber curricula in local high schools and creating after-school programs to teach students cybersecurity, Clark said. One such program is Cyber Patriot, which divides students into teams like after-school sports programs. In 2016, the Augusta area had only eight cybersecurity teams. That number increased to 81 in 2017.
Support from Fort Gordon was also crucial in making initiatives like this one succeed. Fort Gordon has a program called “Adopt a High School,” which assigns a brigade-sized unit to a high school in the area. When schools need support from Fort Gordon, they can call their unit on post to get help.
“It’s an amazing partnership,” Clark said.
Georgia elected officials have also been supportive of educational efforts.
“Augusta will act as the hub of cyber innovation — bringing together state, local and federal officials, academia, and businesses in the community to work towards the same mission,” said U.S Rep. Rick Allen. “As a member of the House Education and Workforce Committee, I am focused on ensuring that we have a skilled workforce who can immediately step into the jobs created by the expanding cyber opportunities in Augusta. It is crucial that we have top-notch career training programs, like those at Augusta University, to ensure that we have workers ready to fill the jobs in the area.”
Augusta University has expanded its cyber curriculum, created a master’s degree in information security management and founded the School of Computer and Cyber Sciences in order to better serve its students.
“The fight in cyberspace requires a team approach from the government, corporate sector and academia. Augusta University and its Center of Academic Excellence-accredited cybersecurity program is a great ally in this collaborative effort,” said Adm. Michael S. Rogers, former director of the NSA and the U.S. Cyber Command. “Institutions like these are leading the way in developing new cyber warriors who are ready to enter the workforce. The need for cybersecurity is growing exponentially in so many industries. Augusta University is helping to meet that demand.”
The university’s Cyber Institute has also been a force in building the K-12 pipeline through outreach programs, such as the Girls Who Code club, which tries to bridge the gender gap in technology, and the NSA-sponsored GenCyber Camps, which get young students started in the cyber field.
Since 2014, Augusta University has worked to bring the public, private and nonprofit sectors together to share knowledge during its Cyber Georgia education summit. Past speakers include former CIA Director John Brennan and former NSA Deputy Director Richard Ledgett.
The investment in cyber education hasn’t come just from Augusta. Other University System of Georgia institutions are also preparing the workforce and conducting research in the field. In fact, six Georgia universities, including Augusta University, have been recognized by the NSA and the Department of Homeland Security as a National Center of Academic Excellence.
While Georgia universities have focused on education, the state of Georgia has focused on midterm and short-term training, Gatewood said. To that end, the state created the Georgia Cybersecurity Workforce Academy, which taught 11 courses to 47 information security officers in 2017.
The state will increase the number of courses to 22 in 2018 and will expand training to analysts, disaster recovery planners, incident responders and policymakers. Classes are conducted online but will soon be offered in the Georgia Cyber Center. The center’s cyber range will play a crucial role in training this workforce.
“When I was in the military, we learned in the classroom how to take apart our guns and everything about our weapons and things like that, but you really hone your skills when you go to the firing range,” Gatewood said. “Cyber ranges are so flexible and extensible in that you can literally create an individual’s entire network within the cyber range. Having the cyber range allows us to continually hone the skills of cybersecurity professionals.”
With all the infrastructure and cyber workforce investment pouring into the Augusta area, Clark believes the region will be “the place to be” for cybersecurity around the globe. He’s not the only one: A 2017 Fortune magazine story lists Augusta as one of the seven cities that could become the world’s cyber capital (see p. 31).
“Augusta was considered the dark horse, but no other horse is going to get fed like we are,” Clark said.
Giving golf a run for its money
The first time Tom Patterson, chief trust officer for Unisys, a global information technology provider, gave an interview to a reporter in Augusta, he said cyber was going to give golf a run for its money.
The reporter laughed.
Patterson was serious.
“I close every speech with that and ask how we are doing now,” Patterson said. “The Masters is the Masters; we love that. But in terms of the impact to this community at large, cyber is giving golf a run for its money already, and it’s only going to get better.”
Patterson said the 2014 decision to bring his company to Augusta was intentional.
“We saw the coming cyber wave, and we saw the business advantages to being at the front of that wave in Augusta,” Patterson said. “We were the first big company to decide consciously to move here because of cyber. We are not the last. We don’t expect to be the only.”
Part of that decision to move to Augusta hinged on what the area has to offer.
“Our associates look for good quality of life and low cost of living,” Patterson said. “They want that work-life-learn-play combination. If they want a big house in the suburbs and a good school system, or they want a cool loft downtown and a walk to the bars, Augusta has it all.”
As a community partner, Unisys helped the Alliance for Fort Gordon create an initiative to brand the area as the Fort Gordon Cyber District, a two-state, seven-county region that has everything employees and their families need.
“Whatever you are looking for, we’ve got it here,” Patterson said. “The Cyber District can deliver whatever kind of lifestyle an employee is looking for.”
With this new branding, Unisys wants to show other companies there is great benefit to moving to the region.
“We hoped when we came down that others would follow,” he said. “And, in fact, two years later, others have followed. There are lots of companies moving down here and we expect a lot more in the coming years.”
The partnerships and the widespread integration of cyber into the Augusta community are all crucial elements that will help the region generate cutting-edge cyber innovations and become an epicenter of the country’s cyber growth.
“Our ability to make gains in cyber is in no small part driven by the partnerships we are able to make. It is a team sport that needs to include the public and private sectors,” Rogers said. “We need the diversity of thought and the innovations of technology to build and invest in a nimble cyber workforce in order to meet the ever-changing cyberthreats.”
Cyber innovation and growth, in turn, will play a vital role in keeping the nation safe from cyber threats like Agent.btz — the attack that started it all.
Heslen, who witnessed that attack firsthand and is now watching the effects of the tsunami it created hit his hometown, knows better than most people the importance of all the cybersecurity investment in the Augusta area.
“If people don’t get conscious about cybersecurity, they’re going to be eaten alive. We live in a digital world now, and threats are pervasive,” said Heslen, who is now an assistant professor of intelligence and security studies at Augusta University. “The importance of cyber and signal’s intelligence to the military for winning wars … will only grow, and Augusta will play an incredibly important role in helping to secure the nation’s networks in the future.”