The Importance of Cybersecurity in University Research Projects

University of Cincinnati Links Research and Security Teams

Williams notes that UC uses several enterprise security solutions, such as anti-virus software, encryption and multifactor authentication. Research projects may require additional tools, he says, such as cloud storage that is certified to comply with certain regulations. The university also makes endpoint detection and response from CrowdStrike available to researchers working with sensitive data, uses Splunk to monitor systems involved in research projects and identifies vulnerabilities through Qualys.

Perhaps just as important as the specific cybersecurity tools are the processes that UC has put in place to connect research teams with information security professionals. The school has a committee, staffed mostly by researchers, charged with making sure that UC’s research projects comply with National Institute of Standards and Technology security standards and guidelines. By appointing a liaison between the research and cybersecurity teams, Williams says, the school has ensured that researchers are implementing additional controls when needed.

“It’s been tremendously helpful,” Williams says.

WATCH: How this SOC at the University of Cincinnati helps protect university assets.

Indiana University Cybersecurity Services Empower Professors

In 2020, Indiana University piloted a project called SecureMyResearch, aimed at offering opt-in cybersecurity services to researchers. Anurag Shankar, a senior security analyst at the university’s Center for Applied Cybersecurity Research who conceived of the idea, initially expected to see little interest, given the resistance he’d faced from professors throughout his career — but to his surprise, the program has “exploded,” with researchers joining voluntarily.

“We’ve reached maybe 50 percent of all faculty members,” Shankar says. “I think it’s because we’ve concentrated on positive messaging. We’re focused on getting work done more quickly and making sure the research is trustworthy. We stress how faculty will have more time to write grants.”

“If you ask researchers to do cybersecurity, that’s basically dead on arrival,” he adds. “And if you want to teach them cybersecurity, it’s the same deal. So, the only way we can actually secure research is by the institution injecting cybersecurity into it.”

Through SecureMyResearch, cybersecurity experts will look at researchers’ existing workflows and provide step-by-step directions to better protect data. Sometimes, they simply connect researchers with existing university resources or help them obtain a specialized tool, such as a specific file encryption software program that would better meet their needs. In other instances, they will help research teams develop privacy practices, such as ensuring that no one is able to overhear remote interviews being conducted for a research project.

“We’ve learned that 80 percent of problems are resolvable within five minutes,” Shankar says. “Some of these are issues that people have been stuck on for six months. Now, they don’t have to figure things out on their own. We give them whatever they need to do their work.”

UC Berkeley Cybersecurity Experts Engage Researchers Early

When cybersecurity teams put up obstacles, researchers will often go around them, says Chris Hoffman, IT and operational director for the Forum for Collaborative Research at the University of California, Berkeley School of Public Health. “They’ll set up their own server and put it under their desk, and they’ll have a graduate student be their system administrator,” he says. “Or they’ll rely on services from other universities.”

To avoid these workarounds and keep research safe, Hoffman tries to work with professors in the early stages of their research. “We don’t want to be playing catch-up,” he says.

Part of this work means simply ensuring that researchers are using the university’s cybersecurity resources, such as firewalls and intrusion detection systems. To ensure that all aspects of data privacy are being considered, Hoffman also makes efforts to connect researchers with other groups on campus, such as the research office that handles compliance for studies involving human subjects.

MORE ON EDTECH: How network upgrades enable universities to accelerate research.

Hoffman’s group has set up specific services for researchers. One of these, the Secure Research Data and Compute platform, offers high performance computing, computing on virtual machines with desktop environments and protected storage for both. Also, the university has rolled out REDCap, a secure web application for building and managing online surveys and databases that was originally created at Vanderbilt University to support HIPAA compliance in research.

In addition to boosting security, Hoffman says, these efforts are enabling new research. “There is research that professors have wanted to do, but previously they couldn’t do it at Berkeley,” he says. “So, part of this is about faculty recruitment and retention.”

“This also gives confidence to our partners that we’re doing the right things with their information,” Hoffman adds. “We’re able to be a responsible partner while also supporting the kind of creative, next-generation research that our campus is known for.”