May 14 2008

Hi-Ed Networks 'Hostile' Environments

DHS official says centers of academic excellence and collaborative exercises are keys to IT security.

DHS official says centers of academic excellence and collaborative exercises are keys to IT security.

The government’s top cybersecurity officer called the higher education computer network environment one of the more “hostile” in the country for security threats.

During a recent conference on higher education IT security in Washington, D.C., Greg Garcia, assistant secretary for cybersecurity and communications at the Department of Homeland Security said computer networks on college campuses are “under constant attack from outside and from within.” The nature of campus networks is to be open, he says, for access by a variety of users. That makes them attractive to attackers looking for easy access and a variety of other electronic hostility.

The unique environment that higher education computers and computer networks operate in makes them an attractive target for a variety of suspects, including criminals, highly motivated on-campus “hacktivists” looking to disrupt their college’s network and casual student hackers on campus looking for a challenge.

It’s the criminal element that concerns Garcia the most. To counter what he calls increasingly complex and sophisticated assaults from the outside by attackers looking to mine credit-card information, Social Security numbers and other personal identity information, or those who would take over network facilities, colleges and universities must learn to recognize the increasing level of sophistication among online attackers.

Garcia urges continued support for centers of academic excellence (CAEs) for IT at colleges and universities across the country, as well as support for collaborative exercises among government, private industry and higher education.

CAEs, he says, are a key players in IT security development. There are 86 CAEs at various universities in 34 states devoted to educating IT security experts, he says. Support for the Research and Education Networking Information Sharing and Analysis Center (REN ISAC) is also needed, he says. The REN ISAC project is a joint effort between EDUCAUSE, Indiana University and Internet2. REN ISAC monitors and analyzes threat activities and information it receives from a variety of sources online and through its relationships with other universities.

More collaborative work among universities and the government to develop more secure systems and more knowledgeable IT security personnel is also a key part of a robust defense. DHS’s recent Cyber Storm II National Cyber Security Exercise brought together IT experts in government, private industry and universities in a cyber-wargame to test the nation’s computer and communications infrastructure. Such events offer an opportunity for universities to collaborate in developing defenses against evolving security threats, Garcia adds.