Reducing cyber threats at IU: a multi-layered, proactive undertaking

IU’s Todd Herring, writing for EdTech, helps put into perspective one of the challenges facing universities as they secure their cyber borders:

Daniel Calarco

Daniel Calarco

“Establishing information technology best practices within a university setting has been, and continues to be, no easy task. Unlike accounting practices, which evolved over centuries, IT erupted over the course of a few decades.”

Herring and other IT leaders at Indiana University were quoted or featured in publications this month providing insights and leadership about cybersecurity issues facing higher education:

  • Brad Wheeler, vice president for information technology and CIO, and Daniel Calarco, chief of staff, prepared a case study for EDUCAUSE Review about IU’s efforts to adopt a policy for cyber risk mitigation and responsibility. They wrote, “The policy is already achieving its primary goal: to reduce the threat surface area of the university’s many servers, which are potential targets for bad actors (identity thieves, hackers, and countries looking to steal intellectual property).”
  • Herring is director of membership services for Research and Education Networking Information Sharing and Analysis Center, or REN-ISAC. His article provides a historical perspective for IT security in higher education but also some frank observations of challenges (funding, political/cultural resistance) faced by IT pros at a departmental level. His article also provides resources.
  • Kim Milford, director of REN-ISAC, was quoted in a Chronicle of Higher Education article that does a nice job explaining the vulnerabilities of the U.S. Department of Education databases – making sense of congressional hearings that featured “highly technical testimony from government investigators,” along with “anger and acronyms.”

Kim Milford

Kim Milford

As Wheeler and Calarco point out in their piece, IU “is home to nearly 115,000 students, 9,000 faculty, and 11,000 staff across eight campuses … Despite the university’s approaches to multi-layered defense, the collective cyber threat surface area is vast.”

These articles and insights all point to proactive steps university IT leaders have taken. Prompted by no major incident, they instead have worked to reduce the likelihood of such an incident occurring at IU. While it is impossible to eliminate risk, the “threat surface” can be reduced one angle at a time.

“The Internet, by its very nature, is a community,” Milford said. “Steps that IU takes to protect our environment help protect other organizations (and vice versa) by reducing access to unmanaged computers and by providing guidance through information sharing communities like REN-ISAC.”

REN-ISAC is based at IU and affiliated with Public Safety and Institutional Assurance, which falls under the Office of the Executive Vice President for University Academic Affairs and the Office of the Vice President for IT and CIO.

Tags: , , , , , , ,