Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force Steve Worona Director of Policy and Networking Programs EDUCAUSE CISSE Washington,

Similar presentations


Presentation on theme: "An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force Steve Worona Director of Policy and Networking Programs EDUCAUSE CISSE Washington,"— Presentation transcript:

1 An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force Steve Worona Director of Policy and Networking Programs EDUCAUSE CISSE Washington, D.C. June 5, 2003

2 CISSE – Washington, D.C. “I am your worst nightmare!” Dr. Corey Schou, Idaho State

3 CISSE – Washington, D.C. Today’s Highlights from Mary Ann and Dan “Write good code, not cool code” “Do research to solve the right problem” “Seize all reasonable opportunities to partner”

4 CISSE – Washington, D.C. Today’s Highlights from Mary Ann and Dan “Write good code, not cool code” “Do research to solve the right problem” “Seize all reasonable opportunities to partner”

5 CISSE – Washington, D.C. About EDUCAUSE Membership association to advance information technology in higher education 1800 member institutions Colleges, universities, corporate partners Publications, paper and electronic Annual national conference (~7,000) 6 Annual Regional conferences Public policy initiatives

6 CISSE – Washington, D.C. EDUCAUSE: History and Legacy 1998: Merger of CAUSE and Educom Educom b.1964 with Kellogg Foundation grants to encourage use of computing in higher education CAUSE b.1971 from earlier group (1962) formed to exchange hardware/software expertise on compus [Step]Children BITNET NTTF Internet2 CNI

7 CISSE – Washington, D.C. EDUCAUSE Activities: Net@EDU Emerged from NTTF & FARNET Mission: “To advance the evolution of a global networking environment that best supports the transformation of Higher Education through information technology.” ~100 member campuses Annual meeting Working groups PKI Broadband Wireless ICS (VoIP)

8 CISSE – Washington, D.C. EDUCAUSE Activities:.EDU DoC Cooperative Agreement Nov. 2001 Transition from VeriSign/NSI Registrar, Registry Outsourced to VeriSign thru August, 2003 Limitations Old names grandfathered New names limited to accredited inst’s Regional accreditation vs DofEducation list One name/institution Policy issues Systems; licensing; international; …

9 CISSE – Washington, D.C. EDUCAUSE Activities: PKI PKI Working Group (Net@EDU) NSF Middleware Initiative (NMI) Internet2/EDUCAUSE/SURA Common middleware for campus infrastructure and GRIDS Shibboleth, eduperson, … Higher-Ed Root Formerly CREN, now Internet2 Pre-loaded into browsers HEBCA (Higher-Ed Bridge CA) Cloned from FBCA Pilots, old and new HEPKI Council

10 CISSE – Washington, D.C. Other EDUCAUSE Activities EDUCAUSE/Cornell Institute for Computer Policy and Law Annual seminar in Ithaca July 8-11 ANMSI NLII ECAR JCP2P (Higher Education+RIAA/MPAA) EDUCAUSE Live! EDUCAUSE/Internet2 Security TF

11 CISSE – Washington, D.C. The Security TF and the National Strategy Creation of EDUCAUSE/Internet2 Computer and Network Security Task Force – July 2000 See www.educause.edu/security Framework for Action - April 2002 See security.internet2.edu/ActionStatement.pdf National Strategy to Secure Cyberspace Nat’l Strategy Questions - April 20, 2002 See www.gcn.com/cybersecurity Higher Education Contribution to National Strategy to Secure Cyberspace (July 2002) See www.educause.edu/security/national-strategy NSF-Funded Workshops – Summer/Fall 2002 DRAFT Released - September 18, 2002 See www.securecyberspace.gov Release of Nat’l Strategy – February 14, 2003

12 CISSE – Washington, D.C. Framework for Action: April, 2002 Make IT security a higher and more visible priority in higher education Do a better job with existing security tools, including revision of institutional policies Design, develop and deploy improved security for future research and education networks Raise the level of security collaboration among higher education, industry and government Integrate higher education work on security into the broader national effort to strengthen critical infrastructure

13 CISSE – Washington, D.C. National Strategy Priorities A National Cyberspace Security Response System A National Cyberspace Security Threat and Vulnerability Reduction Program A National Cyberspace Security Awareness and Training Program Securing Governments’ Cyberspace National Security and International Cyberspace Security Cooperation

14 CISSE – Washington, D.C. Strategic Objectives of Nat’l Strategy Prevent cyber attacks against America’s critical infrastructures Reduce national vulnerability to cyber attacks; and Minimize damage and recovery time from cyber attacks that do occur

15 CISSE – Washington, D.C. Higher Ed and National Strategy National Strategy encourages colleges and universities to secure their cyber systems by establishing some or all of the following as appropriate: one or more Information Sharing and Analysis Centers to deal with cyber attacks and vulnerabilities; an on-call point-of-contact to Internet service providers and law enforcement officials in the event that the school’s IT systems are discovered to be launching cyber attacks; model guidelines empowering Chief Information Officers (CIOs) to address cybersecurity; one or more sets of best practices for IT security; and, model user awareness programs and materials.

16 CISSE – Washington, D.C. NSF-Funded Workshops 2002 Higher Ed Values and Principles August – Columbia University Security Architecture and Policy August – Chicago Security in the Research Environment October – Washington Higher Education IT Security Summit November – Washington

17 CISSE – Washington, D.C. Higher Ed IT Environments Technology Environment Distributed computing and wide range of hardware and software from outdated to state-of-the-art Increasing demands for distributed computing, distance learning and mobile/wireless capabilities which create unique security challenges Leadership Environment Reactive rather than proactive Lack of clearly defined goals (what do we need to protect and why) Academic Culture Persistent belief that security & academic freedom are antithetical Tolerance, experimentation, and anonymity highly valued

18 CISSE – Washington, D.C. Action Agenda Organization and Information Sharing Education and Awareness Policies, Procedures, and Standards Security Architecture and Tools Incident Response and Reporting Cybersecurity Research & Development

19 CISSE – Washington, D.C. Organization & Info Sharing Goal: To create the capacity for a college or university to effectively deploy a comprehensive security architecture (education, policy, and technology); and to leverage the collective wisdom and expertise of the higher education community. Programs: EDUCAUSE/Internet2 Computer and Network Security Task Force Security Resource for Higher Education Web Site Security Discussion Group Higher Education Information Technology Alliance Research & Educational Networking Information Sharing and Analysis Center (REN-ISAC) Initiatives: Empowering CIO’s and Establishing Authority/Responsibility at the Cabinet Level Identifying 24x7 Campus Contacts for Emergencies and Law Enforcement Requests EDUCAUSE Security Newsletter

20 CISSE – Washington, D.C. Incident Response and Reporting Goal: Improve the ability of higher education institutions to respond to computer incidents and develop appropriate reporting mechanisms for sharing information and measuring progress. Programs: Computer Emergency Response Team/Coordination Center (CERT/CC) Forum of Incident Response Teams (FIRST) Research and Educational Networking ISAC (REN-ISAC) Initiatives: Provide Education and Assistance in the Creation of Incident Response Teams Develop Common Incident Categories Across Higher Education (working with Industry and Government) Establish Incident Reporting Standards, Systems, and Mechanisms

21 CISSE – Washington, D.C. ACE Letter to Presidents Set the tone: ensure that all campus stakeholders know that you take Cybersecurity seriously. Insist on community-wide awareness and accountability. Establish responsibility for campus-wide Cybersecurity at the cabinet level. At a large university, this responsibility might be assigned to the Chief Information Officer. At a small college, this person may have responsibility for many areas, including the institutional computing environment. Ask for a periodic Cybersecurity risk assessment that identifies the most important risks to your institution. Manage these risks in the context of institutional planning and budgeting. Request updates to your Cybersecurity plans on a regular basis in response to the rapid evolution of the technologies, vulnerabilities, threats, and risks.

22 Security Professionals Workshop April 22-23, 2003 Temecula, California

23 CISSE – Washington, D.C. Key Players in Higher-Ed It Security: Important roles for all Researchers Faculty System-admins Network-admins Software companies Hardware companies Students Campus auditors CIO’s Presidents/Provosts Funding agencies Legislators Campus attorneys K-12 teachers Parents …

24 CISSE – Washington, D.C. Opportunities to Collaborate Present at EDUCAUSE conferences Put material in EDUCAUSE library Publish in EDUCAUSE journals Joint conferences, meetings, workshops Feedback loop with REN-ISAC Job opportunities for graduates Studies/surveys via ECAR Vendor communication Cross-link Web pages Your idea here…

25 CISSE – Washington, D.C. For more information and collaboration  www.educause.edu/security  Rodney Petersen, EDUCAUSE  Michael Roberts, Internet2  Dan Updegrove, UT-Austin  Gordon Wishon, Notre Dame


Download ppt "An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force Steve Worona Director of Policy and Networking Programs EDUCAUSE CISSE Washington,"

Similar presentations


Ads by Google