an introduction to educause and the educause/internet2 security task force

Click here to load reader

Post on 30-Dec-2015




0 download

Embed Size (px)


An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force. Steve Worona Director of Policy and Networking Programs EDUCAUSE CISSE Washington, D.C. June 5, 2003. “I am your worst nightmare!”. Dr. Corey Schou, Idaho State. Today’s Highlights from Mary Ann and Dan. - PowerPoint PPT Presentation


  • An Introduction to EDUCAUSEand theEDUCAUSE/Internet2Security Task ForceSteve WoronaDirector of Policy and Networking Programs EDUCAUSE

    CISSEWashington, D.C.June 5, 2003

    *CISSE Washington, D.C.

    I am your worst nightmare!Dr. Corey Schou,Idaho State

  • Todays Highlights fromMary Ann and DanWrite good code, not cool codeDo research to solve the right problemSeize all reasonable opportunities to partner

  • Todays Highlights fromMary Ann and DanWrite good code, not cool codeDo research to solve the right problemSeize all reasonable opportunities to partner

  • About EDUCAUSEMembership association to advance information technology in higher education1800 member institutionsColleges, universities, corporate partnersPublications, paper and electronicAnnual national conference (~7,000)6 Annual Regional conferencesPublic policy initiatives

  • EDUCAUSE:History and Legacy1998: Merger of CAUSE and EducomEducom b.1964 with Kellogg Foundation grants to encourage use of computing in higher educationCAUSE b.1971 from earlier group (1962) formed to exchange hardware/software expertise on compus[Step]ChildrenBITNETNTTFInternet2CNI

  • EDUCAUSE Activities:[email protected] from NTTF & FARNETMission: To advance the evolution of a global networking environment that best supports the transformation of Higher Education through information technology.~100 member campusesAnnual meetingWorking groupsPKIBroadbandWirelessICS (VoIP)

  • EDUCAUSE Activities:.EDUDoC Cooperative Agreement Nov. 2001Transition from VeriSign/NSIRegistrar, RegistryOutsourced to VeriSign thru August, 2003LimitationsOld names grandfatheredNew names limited to accredited instsRegional accreditation vs DofEducation listOne name/institutionPolicy issuesSystems; licensing; international;

  • EDUCAUSE Activities:PKIPKI Working Group ([email protected])NSF Middleware Initiative (NMI)Internet2/EDUCAUSE/SURACommon middleware for campus infrastructure and GRIDSShibboleth, eduperson, Higher-Ed RootFormerly CREN, now Internet2Pre-loaded into browsersHEBCA (Higher-Ed Bridge CA)Cloned from FBCAPilots, old and newHEPKI Council

  • Other EDUCAUSE ActivitiesEDUCAUSE/Cornell Institute for Computer Policy and LawAnnual seminar in Ithaca July 8-11ANMSINLIIECARJCP2P (Higher Education+RIAA/MPAA)EDUCAUSE Live!EDUCAUSE/Internet2 Security TF

  • The Security TF and theNational StrategyCreation of EDUCAUSE/Internet2 Computer and Network Security Task Force July 2000 See for Action - April 2002 See Strategy to Secure CyberspaceNatl Strategy Questions - April 20, 2002 See Higher Education Contribution to National Strategy to Secure Cyberspace (July 2002) See Workshops Summer/Fall 2002DRAFT Released - September 18, 2002 See www.securecyberspace.govRelease of Natl Strategy February 14, 2003

  • Framework for Action:April, 2002Make IT security a higher and more visible priority in higher educationDo a better job with existing security tools, including revision of institutional policiesDesign, develop and deploy improved security for future research and education networksRaise the level of security collaboration among higher education, industry and governmentIntegrate higher education work on security into the broader national effort to strengthen critical infrastructure

  • National Strategy PrioritiesA National Cyberspace Security Response SystemA National Cyberspace Security Threat and Vulnerability Reduction ProgramA National Cyberspace Security Awareness and Training ProgramSecuring Governments CyberspaceNational Security and International Cyberspace Security Cooperation

  • Strategic Objectives of Natl StrategyPrevent cyber attacks against Americas critical infrastructuresReduce national vulnerability to cyber attacks; andMinimize damage and recovery time from cyber attacks that do occur

  • Higher Ed and National StrategyNational Strategy encourages colleges and universities to secure their cyber systems by establishing some or all of the following as appropriate:one or more Information Sharing and Analysis Centers to deal with cyber attacks and vulnerabilities;an on-call point-of-contact to Internet service providers and law enforcement officials in the event that the schools IT systems are discovered to be launching cyber attacks;model guidelines empowering Chief Information Officers (CIOs) to address cybersecurity;one or more sets of best practices for IT security; and,model user awareness programs and materials.

  • NSF-Funded Workshops 2002Higher Ed Values and PrinciplesAugust Columbia UniversitySecurity Architecture and PolicyAugust ChicagoSecurity in the Research EnvironmentOctober WashingtonHigher Education IT Security SummitNovember Washington

  • Higher Ed IT EnvironmentsTechnology EnvironmentDistributed computing and wide range of hardware and software from outdated to state-of-the-artIncreasing demands for distributed computing, distance learning and mobile/wireless capabilities which create unique security challengesLeadership EnvironmentReactive rather than proactiveLack of clearly defined goals (what do we need to protect and why)Academic CulturePersistent belief that security & academic freedom are antitheticalTolerance, experimentation, and anonymity highly valued

  • Action AgendaOrganization and Information SharingEducation and AwarenessPolicies, Procedures, and StandardsSecurity Architecture and ToolsIncident Response and ReportingCybersecurity Research & Development

  • Organization & Info SharingGoal:To create the capacity for a college or university to effectively deploy a comprehensive security architecture (education, policy, and technology); and to leverage the collective wisdom and expertise of the higher education community.Programs:EDUCAUSE/Internet2 Computer and Network Security Task ForceSecurity Resource for Higher Education Web SiteSecurity Discussion GroupHigher Education Information Technology AllianceResearch & Educational Networking Information Sharing and Analysis Center (REN-ISAC)Initiatives:Empowering CIOs and Establishing Authority/Responsibility at the Cabinet LevelIdentifying 24x7 Campus Contacts for Emergencies and Law Enforcement Requests EDUCAUSE Security Newsletter

  • Incident Response and ReportingGoal:Improve the ability of higher education institutions to respond to computer incidents and develop appropriate reporting mechanisms for sharing information and measuring progress.Programs:Computer Emergency Response Team/Coordination Center (CERT/CC)Forum of Incident Response Teams (FIRST)Research and Educational Networking ISAC (REN-ISAC)Initiatives:Provide Education and Assistance in the Creation of Incident Response TeamsDevelop Common Incident Categories Across Higher Education (working with Industry and Government)Establish Incident Reporting Standards, Systems, and Mechanisms

  • ACE Letter to PresidentsSet the tone: ensure that all campus stakeholders know that you take Cybersecurity seriously. Insist on community-wide awareness and accountability.Establish responsibility for campus-wide Cybersecurity at the cabinet level. At a large university, this responsibility might be assigned to the Chief Information Officer. At a small college, this person may have responsibility for many areas, including the institutional computing environment. Ask for a periodic Cybersecurity risk assessment that identifies the most important risks to your institution. Manage these risks in the context of institutional planning and budgeting.Request updates to your Cybersecurity plans on a regular basis in response to the rapid evolution of the technologies, vulnerabilities, threats, and risks.

  • Security Professionals Workshop

    April 22-23, 2003 Temecula, California

  • Key Players in Higher-Ed It Security:Important roles for allResearchersFacultySystem-adminsNetwork-adminsSoftware companiesHardware companiesStudentsCampus auditorsCIOsPresidents/ProvostsFunding agenciesLegislatorsCampus attorneysK-12 teachersParents

  • Opportunities to CollaboratePresent at EDUCAUSE conferencesPut material in EDUCAUSE libraryPublish in EDUCAUSE journalsJoint conferences, meetings, workshopsFeedback loop with REN-ISACJob opportunities for graduatesStudies/surveys via ECARVendor communicationCross-link Web pagesYour idea here

  • For more information and Petersen, EDUCAUSEMichael Roberts, Internet2Dan Updegrove, UT-AustinGordon Wishon, Notre Dame