In an era where cyber threats are increasingly sophisticated and pervasive, the Office of Information Technology (OIT) Cyber Security department is spearheading a comprehensive update to Georgia Tech cybersecurity measures through the Institute’s very first cybersecurity strategic initiative. Designed to span three to five years, the initiative aims to fortify Tech’s cybersecurity defenses, safeguard the community against cyber threats, and lead innovation across academic cybersecurity practices. 

Cyber Security began exploring Ideas for a campus initiative after overseeing a combination of emerging cyber  threats to Georgia Tech students, faculty, and staff, and the evolution of regulatory landscapes that govern data security over the past couple of years. “We recognized the need for a robust framework that not only reacts to – but anticipates – security challenges,” said Jennifer Rhodes, interim chief information security officer. "We convened panels of internal and external cybersecurity experts to craft this initiative, but there is still work to be done.”  

The campus has already seen some of the initiative’s efforts at play, including: the June implementation of Verified Duo Push two-factor authentication (2FA), to strengthen the security of logins to Institute systems (in part, a response to payroll fraud recently experienced by some employees across the University System of Georgia, including the Institute, through OneUSG Connect); an upgrade to GlobalProtect, the campus’ remote-access Virtual Private Network —or VPN— solution; and heightened notification to campus members to alert of discovered phishing and 2FA Duo push and call scams. 

The recent establishment of the Data Governance division within OIT Cyber Security also marks a significant enhancement to its cybersecurity framework. The division will ensure that data protection and compliance are woven into every facet of the department’s efforts, providing a strategic advantage in managing and securing data assets.  

The Cyber Security Strategic Initiative outlines a plan that articulates commitment to three strategic cybersecurity themes, structured to address comprehensive aspects of cybersecurity:  

1. Lead in Cybersecurity: Aimed at establishing Georgia Tech as a beacon of innovation and resilience, this theme focuses on fostering partnerships with industry and academia, enhancing community outreach, and integrating cybersecurity into business operations. 
2. Manage Cybersecurity Risks: This theme underscores the importance of robust policy development, comprehensive compliance management, and proactive risk assessment to safeguard the Institute’s information assets. 
3. Build Cybersecurity Capability: To empower Georgia Tech students, faculty, and staff, this theme leverages cutting-edge data analytics and collaborative initiatives to enhance the community’s defensive capabilities. 

The strategic initiative will be implemented in phases, with the first to focus on enhancing existing foundational policies and campus engagement and awareness. “We hope the outcomes of this strategic overhaul not only include the enhancement of protection against data breaches but also to community resiliency in response to cyber threats as well as a strengthened culture of cybersecurity awareness across the campus,” Rhodes added. “Soon, we will announce listening sessions and a road show to share more about the initiative and what’s upcoming for our students, faculty, and staff. Community input and involvement is crucial for the success of our work.” 

To learn more about the Cybersecurity Strategic Initiative for Georgia Tech, visit h oit.gatech.edu/GTCyberInitiative. The campus community is also invited to share comments and ideas on the initiative by emailing contact@security.gatech.edu.