The Georgia Institute of Technology is one of the United States’ top public research universities. In total more than 45,000 students study in person at the main campus in Atlanta, along with campuses in France and China, as well as through distance and online learning.
With nearly US$1.3bn annually in research awards across all six colleges and the Georgia Tech Research Institute, Georgia Tech’s mission is to develop leaders who advance technology and improve the human condition. Its mission and strategic plan are focused on making a positive impact in the lives of people everywhere.
As explained by Leo Howell, Georgia Tech’s Chief Information Security Officer, an evolution has taken place when it comes to cybersecurity since he joined the organisation in October 2021. There have been two aspects to this evolution: balancing cybersecurity with innovation, while promoting the importance of cybersecurity across the whole organisation.
“What I want to do is to limit friction to our researchers and students who are looking to develop the new frontier of technology,” he says. “At the same time, while we're doing that, we're also trying to stop the bad guys from disrupting what we're doing and stealing our research data.”
As Howell describes, his second focus has been around promoting cybersecurity as a matter of collective responsibility. “My mission is to get non cybersecurity people to realise that we're all responsible for our defences. My staff gets paid to do security, of course, but everybody that works at Georgia Tech is a part of that defence structure.
“Almost two years in, I'm starting to see colleagues across campus embrace these ideals and it's starting to pay dividends as we work to mature some of our capabilities.”
Cybersecurity challenges at Georgia Tech
Like many other large research universities, Georgia Tech faces a number of cybersecurity challenges. One of the biggest challenges is the constant onslaught of threats from nation states who are looking to gain access to Georgia Tech’s valuable research data and intellectual property.
“Some of the most important breakthroughs in history have taken place at Georgia Tech, and I expect that to continue into the future,” Howell explains. “As a result, we have to skillfully manage how we do cybersecurity in a way that we don't cause too much friction to the academic and research mission.”
These very breakthroughs are the reason why Georgia Tech represents such a target. “We must apply the right amount of security to reduce that risk. We run on research, one of our main sources of revenue, and so we have to demonstrate to our federal funders as well as private funders that we are worthy of these investments and that we are being good stewards of the research data and the intellectual property that comes from it. Otherwise, cybersecurity risks eventually becoming an existential threat to what we do as an organisation.”
As Howell describes, today’s cybersecurity challenges expand beyond just typical traditional digital assets.
“We're like a small city,” he says. “Anything you can imagine that a city does, we also do at Georgia Tech. We have people who live here, we have a police department, we have roads that run through campus. We have just the regular facilities of a city, and at the same time we're an open city because we want to have people coming through easily. So you can just imagine then, all the things that are connected to our network.”
The complexity of this attack surface creates complications. “Now we're worried about protecting people's health, safety and wellbeing because these kinds of threats are becoming real possibilities,” Howell adds. “Just imagine, for example, the risk associated with threat actors getting access to our building automation system or water management system or fire control systems. This is not just about data anymore, it's about the safety of people.”
AI in Georgia Tech’s operations
Georgia Tech has a longstanding involvement in AI research. However, when it comes to operations, Howell acknowledges that AI technologies are at an "early stage of maturity" regarding data security and privacy.
“On the research side, Georgia Tech has been actively engaging in AI research and education for many years,” he observes. “Just this year we launched an AI hub to unite campus research and development and commercialisation efforts.”
From an operational perspective, Howell explains that the organisation is cautiously embracing AI technologies. “A number of AI platforms like ChatGPT, Bing and Copilot, all these tools that are coming out these days are offering very powerful capabilities, but they are at the early stages of maturity when it comes to data security and privacy capabilities. And so I would say AI is at a starting point for us right now in the operational sense.
“Many of our technology partners have begun including AI capabilities as default into their products, and we're starting to leverage some of these capabilities,” he adds. “So we embrace AI capabilities that are being added, but we're really working to understand the risk before we just jump in full blown, because we still have to protect privacy and security of data.”
Partnerships - Elastic and Deloitte
Given the complexity and the scope of Georgia Tech, the organisation has partnered with many technology and consulting vendors as an extension of its staff.
“Right now we're working with Deloitte to help us assess our identity and access management function and then develop plans for modernising that over the next few years. We're also working with them to assess and develop plans for maturing our overall campus network architecture, so we can make this more 21st century and put us in a place where we can really meet the current and future needs of our business partners across campus.”
Another of Georgia Tech’s key cybersecurity partners is Elastic, which is helping when it comes to cybersecurity data decision analytics.
“With all the things we're working on in terms of leveraging cybersecurity data for decision making, Elastic is one of our key partners helping us to mature that process and that set of services,” Howell comments.
“They're also helping us to turn cybersecurity data into value for not just the security operations centre (SOC) and our IT colleagues across campus, but sometimes students or faculty may want that data as part of their research or academic activities. The team at Elastic are working with us to figure out how to make that happen in a secure and safe way.”
Highlighting the importance of these partnerships, Howell describes these relationships as an extension of the team at Georgia Tech.
“It's more than a transactional relationship for me,” he says. “Strong partners build a relationship with you by spending the time to learn your organisation, understand your strategic objectives, and provide you with some form of insights in how they can help you get there.
“Our partners like Elastic and Deloitte are key pieces to that defence mission so we don't feel like we have to go it alone.”
An exciting future ahead at Georgia Tech
Howell is optimistic about the upcoming initiatives, with Georgia Tech significantly investing in its cybersecurity programme. “We're in the process of developing our three to five year strategic plan, off the back of the IT strategic plan that was just developed by our CIO. So we're working to ensure that the cybersecurity strategic plan aligns with that.”
As part of that strategy, Howell is working to mature Georgia Tech’s identity and access management capabilities, and to leverage data as a part of that decision about who gets access to systems.
“We're advancing our cyber security data analytics capabilities from what I like to call an archaeological approach to more of a meteorological approach to cybersecurity data analytics,” he says. “I do not just want to recreate what took place in the past. I want to be able to predict what is about to happen in the future in terms of my defences.”
Georgia Tech is also working on advancing the SOC, embracing security orchestration, automation and response technologies. “We're also leveraging our students to be a part of our workforce as we continue our journey towards something that looks more like an autonomous SOC.”
Future perspectives: The increasing role of AI
With almost 25 years in the industry, Howell has a balanced view of what lies ahead. “What we protect will change, but who we protect from will not change much. Nation states are still going to continue to try to steal our research and intellectual property, organised crime will continue to steal personally identifiable information.”
“The fundamentals will not change much. At the end of the day, threat actors are very pragmatic and efficient people. So they're going to continue to exploit organisations through things like phishing and social engineering techniques because it works, why break it? They'll continue to exploit existing and zero day vulnerabilities for as long as organisations refuse to invest appropriately in these areas.”
In conclusion, Howell anticipates that AI will increasingly play a role on both sides of the cybersecurity landscape. “While the good guys like myself are adapting AI capabilities to help make sense of the complex surface area and associated risks, AI will also be leveraged by the bad guys to improve their attacks against us, and they don't have to follow any rules.”