Click here to receive your FREE subscription to Campus Technology
Features
IT Security on Campus: A Fragile Equilibrium
4/29/2003
A slew of legislation and industry regulations are pending that will force changes to your security policies and values on your campus. Will your security bubble burst?
The internet's ubiquity has blurred
the lines between cyberspace and the physical world—the nation's power grid,
water supplies, and other critical infrastructure—raising cybersecurity risks
to unprecedented heights. Likewise, universities and colleges must now deal
with infrastructure security as well as the traditional defense against hackers
breaking into their systems and gaining unauthorized access to protected data.
In some quarters, however, we in the university community are considered as much a part of the problem as we are part of the solution. Consider the first large-scale cyber attack in February 2000 against prominent Internet sites such as eBay.com, Amazon.com, and Dell.com: Many university computers were used in the attack. At the time, there was speculation about the possibility of lawsuits for negligence against institutions that had not properly secured their computers and thus made the attack possible. After all, a 16-year-old perpetrated the attack using well-known computer vulnerabilities. With our largest institutions having tens of thousands of unevenly managed computers and possessing very big pipes to the Internet, our systems are often used not as targets, but as launch points for attacks against others.
Providing appropriate levels of security in the higher education environment is not an easy problem. Our institutions often are decentralized environments, akin to small cities, with hundreds of departments and diffuse authority systems. Cybersecurity is complex to begin with and becoming more so every day. IT staffs are already overloaded or under-funded. And there is often a lack of understanding about the importance and complexity of IT security. How many people, for example, faced with a barrage of passwords to remember, write them down on a sticky note and place it in a desk drawer beside them?
More importantly, our core values—including academic freedom, freedom of speech, and respect for individual privacy—encourage the open exchange of information and ideas, not exactly a security-minded moral framework. Balancing these imperatives is at the heart of the debate we must now engage in and act upon.
Where to Begin
This challenge is becoming sharper and more vexing by the day as pressures mount
from outside the campus. For instance, there is a slew of legislation now pending
that will affect higher education's security, which is inextricably intertwined
with—and sometimes on collision with—our values. Organizations with whom we
work, such as credit giant Visa U.S.A., impose IT security restrictions. And
more may be coming, especially if we appear reluctant or resistant to do our
part—whether or not that is actually the case.
We need to think hard about how we balance these conflicting goals as well as how we articulate what we decide. To that end, an understanding of some of the requirements being imposed externally on colleges and universities in the IT security area is a good place to begin.
Recommended Reading
- Beck Technology Donates DProfiler to Colleges, Universities
Beck Technology recently announced that it will donate its DProfiler software platform to colleges and universities for use in construction-related coursework.
- Microsoft Adds Gen 4 Datacenters for Cloud Computing
Microsoft is initiating the fourth in a series of datacenter upgrades to enable its cloud computing services, according to a Microsoft blog post Tuesday. And, like everything else in the software world, being highly modular is a good thing.
- Can You Operate as a Virtual Being?
Now that we are conducting at least a part of our business of education virtually and often meeting in virtual environments, let's explore the really big question for academics in a Web 2.0 era...
- Columbia Center To Smooth Web Operations with Collaboration Suite
A college or university without a Web site is inconceivable today, but with every site comes the challenge of managing content. Some sort of automated system is a given, but how much should the site's content management system integrate with other aspects of the campus computing infrastructure?
- IBM's Pass It Along: Mapping Memes Toward A Learning Organization
How IBM's new release is following through on old challenges... big ones.
- North Idaho College To Provide Accessible Lecture Recordings for Disabled Students
North Idaho College will be implementing a new classroom capture system as part of an effort to provide accessible education to students with disabilities. The college will be using SpeakerBox from ClearSky Systems for the lecture capture program beginning in January 2009.
