CyberArch History

UGA CyberArch History

The UGA CyberArch program is a cybersecurity initiative that aims to help communities and organizations improve their cyber resilience. It is an example of how UGA leverages its resources and partnerships to address the critical issue of cybersecurity in the 21st century.

It started as a pilot led by Paul Brooks and Angel Jackson in two counties with the Archway Community program. The pilot offered community training, vulnerability assessments, and annual conferences on cybersecurity topics. However, the program faced challenges in scaling up and adapting to provide services to more communities throughout Georgia.

In 2021, the UGA CyberArch committee explored the MIT Cybersecurity Clinic model. The MIT Cybersecurity Clinic provided two missing pieces. First, the clinic involved students in conducting organizational assessments and, second, the clinic model condensed the timeframe to a semester. UGA contacted Larry Susskind at MIT and Ann Cleveland at U.C. Berkeley to learn more about the clinic model and join the then emerging Consortium of Cybersecurity Clinics. The UGA CyberArch committee decided to run a second pilot program using the MIT model in the spring of 2022, and received an overwhelming response from students who wanted to participate in the program.

In the fall of 2022, the UGA CyberArch program expanded its scope and integrated the UTSA Community Cybersecurity Maturity Model (CCSMM), which provided a nationally recognized approach, a measurement tool, and a way to track progress and impact of the program. UGA contacted Natalie Sjelin, UTSA’s Director of Training for the CCSMM, and learned how to apply the model to the UGA CyberArch program. Students who applied for the program were then required to take a course on the CCSMM through TEEX. The UGA CyberArch program recruited 24 students and 6 organizations for the fall semester and assigned them to work on different dimensions of the CCSMM, as well as secondary projects such as developing a cybersecurity conference and a website. The UGA CyberArch program also adopted a new platform called Cytex, developed by Broadstone Technologies, LLC, which streamlined the process of conducting and reporting the organizational assessments.

During late fall of 2022, UGA began researching the Center for Internet Security (CIS) Controls, Version 8 and found another missing piece in that these controls provided, a nationally recognized standard of cybersecurity protocols. Using the concept of the Implementation Groups, the student interns were guided to focus on identifying the questions being asked currently within the MIT and UTSA CCSMM models and aligning these questions with the 56 safeguards. This alignment of the CIS Controls, IG1, became one of the primary focuses of the student activity for early spring semester 2023. It helped identify duplicate questions and determine which CIS IG1 safeguards were not being addressed. Students were then guided to create additional questions that related to those safeguards not being addressed.  

Ultimately, this alignment of questions with the safeguards provides a means to map the question to the safeguard and generate a final report corresponding to the CIS controls and safeguards. The students then provide an organization specific recommendations to achieve compliance and determine the organization's level of maturity.

The UGA CyberArch program is an example of how UGA adapts and innovates to provide the best service to its partners.