When Atlanta’s government was hit with a crippling ransomware attack in March that took out dozens of city systems, Army Col. Eric Toler was focused on the war in Afghanistan. But Toler, who retired from the Army last month, says he’ll be reading up on the cyberattack on Atlanta as he starts his new position as the first executive director of the new Georgia Cyber Center, a new $100 million state facility dedicated to cybersecurity businesses and educational facilities.
Toler, who started at the Cyber Center on Monday, spent most of his 27-year military career building up the Army’s cyberwarfare capabilities, including a stint as the commander of the National Security Agency’s outpost at Fort Gordon in Augusta, not far from the campus of Augusta University, where the Georgia Cyber Center recently opened.
Entering this new job, Toler says he wants to leverage that military and government experience with the business and academic sectors to grow the cybersecurity talent pool.
“I know if we don’t bring all three of those entities together and get the talent of all three together, we’re going to be vulnerable as a nation,” he said in a recent interview with StateScoop. “What we’re here to do is to crate some of the world’s best cybersecurity professionals.”
The Cyber Center’s first 167,000-square-foot building opened July 10 , with Georgia Gov. Nathan Deal and other officials touting what’s believed to be the largest single investment in cybersecurity by a state government. A second building is scheduled to open by December, bringing the center’s physical presence to 332,000 square feet.
State officials hope to fill the two buildings with a variety of academic and commercial tenants, including Augusta University’s new cyber range, which will be staffed in part by students pursuing computer science and information technology degrees; a 340-seat auditorium; office space for cybersecurity firms; and a nonprofit startup incubator. It will also be home to the Georgia Bureau of Investigation’s new cybercrime unit.
Toler, though, believes all of those different entities have a purpose in the Cyber Center’s shared objective.
“Regardless of whether you work in government or private industry, you’re helping secure our nation,” he said. “There may be different motivations, but at the end of the day we’re here to protect ourselves whether monetarily or — no kidding — from a serious security perspective. Government can’t keep up by itself, academia can’t keep up by itself and, frankly, private industry can’t. But when you bring all that together and collaborate you can help mitigate the threat much better.”
An Arkansas native who entered the Army in 1990, Toler says he eventually landed on the cybersecurity track “by chance.” Four years after being commissioned as a field artillery officer, Toler switched to signals intelligence, leading to tours in Bosnia, Kosovo and Afghanistan, among other destinations. But it was during an assignment at the Pentagon about a decade ago, when Toler was a major, that he got pulled into cyber.
“I was the team lead, making sure our forces were properly trained and equipped with the abilities to exploit adversary communications,” he said. “I had a friend that was doing something else and my boss came in.”
Toler’s supervisor, a colonel, asked the pair, “Which one of you knows what ‘IO’ stands for?”
“Sir, that’s intel oversight,” Toler recalled his friend answering, incorrectly.
“Nah, that’s not what I’m looking for,” the colonel said.
Toler said he answered next: “Sir, information operations.”
That was the correct answer, prompting the colonel to bring Toler to a meeting discussing computer network operations as one of the core components of the Army’s information-gathering capabilities, and developing it as a distinct command with its own budget. Toler was eventually put in charge of the Network Warfare Battalion, the Army’s first cybersecurity unit.
That command also gave Toler experience in leading large and growing organizations. Starting out with a team of about 100, the Network Warfare Battalion expanded over a few years to about 500. The NSA’s Georgia Cryptologic Center, which he led later, employs thousands.
While the Army kept Toler focused on threats from other countries’ cyber operations, the Georgia Cyber Center is meant to develop solutions for the threats that target state and local government, the private sector, individuals and other slices of civilian life. And that means promoting one of the most basic cybersecurity lessons for any entity: making sure individual users can identify and avoid obvious attacks.
A lack of that knowledge can yield expensive consequences, such as those Atlanta is still incurring since its ransomware experience. Six months after the attack, the city has already paid out more than $5 million to rebuild affected systems and improve its security protocols, and expects to spend another $9.5 million in the next year. And the entire episode began when a single city employee opened a phishing email.
“The way [cyberattack targets] are getting exploited is that one person who just clicks on the wrong link,” Toler said. “There’s a lot of basic education that our state and across the nation needs. That’s something we can provide.”
Ultimately, Toler sees cybersecurity as a shifting landscape that requires a great deal collaboration to get even a whiff of control over.
“You think counterinsurgency is complicated?” he said. “Well, get in to cyber and it really blows you away. We’re just going really fast right now. But you have to. Whether it’s a nation-state or a criminal organization sponsored by a nation-state, or just some hackers trying to make money, it goes back to that fundamental education for our entire workforce.”