EDUCAUSE Computer and Network Security Task Force Rodney J. Petersen Director, Policy and Planning Office of Information TechnologyUniversity of Maryland
Service Provider Security According to Gartner, service providers must implement a solid set of security services to safeguard applications and data across the following areas: • Network • Platform • Applications • Operations • End Services
Headlines • FBI Advises Windows XP Users On Measures to Block Hackers • AOL confirms security hold in AOL Instant Messenger (AIM) • GroupWise users grapple with security bug • Wireless security riddled with flaws • Washtech.com Web Site Hacked
U.S. unprepared for IT warfare Top computer security experts told a congressional committee in October that the U.S. isn’t producing the talent or the funding needed to confront the information warfare threats the country now faces.
Lieberman IT security fund Senator Joseph Lieberman, chairman of the Senate Governmental Affairs Committee, has called for the creation of a $1 billion IT fund that would enhance homeland and information security while providing a much-needed boost to the sagging economy.
Billions needed for IT security At least $10 billion in federal funding is needed to ensure adequate homeland cyberdefenses, according to the president of the Information Technology Association of America (ITAA), an industry group that represents more than 500 IT companies around the country.
IT Spending On Security • 53 percent of IT managers said they expect to devote a higher proportion of their total IT budgets to security compared with spending in 2001 • 59 percent of companies said they expect their 2002 IT budgets to decline or stay the same as their 2001 budgets
Consumers Security Concerns • More than 70 percent of Americans are at least “somewhat concerned” about Internet and computer security in the wake of the Sept. 11 attacks • Roughly 74 percent of Americans are worried that the information they give out online could be stolen or misused “Keeping the Faith: Government, Information Security and Homeland Cyber Defense” - Survey of the Information Technology Association of America
Future of Law and Technology • What sorts of Internet privacy measures, those to enhance and those to diminish or prevent privacy and anonymity, will be acceptable in the wake of September 11 terrorist attacks, and what will fly under the radar using prevention of terrorism as an excuse? -Jessica Litman, Professor, Wayne State University Law School • Congress will pass legislation to encourage companies to share cyber-security data with the government, by exempting such data from disclosure under the Freedom of Information Act and by providing antitrust protection for companies that collaborate on cyber-security matters. -Ivan Fong, Senior Counsel, General Electric
Discussion Question What types of information security challenges does your organization face?
Justice Dept. To Hire More Computer Crime Attorneys The U.S. Justice Department has begun soliciting hundreds of resumes from attorneys skilled in computer crime and intellectual property law in an effort to keep pace with a growing caseload of cybercrime prosecutions.
“We can and must do better” “If we don’t do this, people simply won’t be willing – or able – to take advantage of all the other great work we do. Trustworthy Computing is the highest priority for all the work we are doing. When we face a choice between adding features and resolving security issues, we need to choose security.”Bill Gates, Microsoft Corporation
Cyberspace Security Czar • Richard Clark, Special Advisor to the President for Cyberspace Security • Expected to be included in efforts coordinated by the Office of Homeland Security • Chairman of a yet-to-be-appointed government-industry board on critical infrastructure systems
NIST New IT Security Effort The Department of Commerce’s National Institute of Standards and Technology (NIST) awarded $5 million total in funding in October for nine research grants that will enhance security for critical infrastructures such as electrical grids and air traffic control systems.
NIPC and IT Security • The interagency National Infrastructure Protection Center (NIPC) at FBI Headquarters serves as a national critical infrastructure entity for threat assessment, warning, vulnerability, and criminal and national security investigation, and response. • See http://www.nipc.gov
NIPC Infragard Initiative • Special agents are working with community-based computer security professionals to determine how to better protect critical information systems in the public and private sectors. • Computer Crimes Task Force • http://www.infragard.net
USA PATRIOT Act • Electronic Surveillance, primarily to prevent terrorist acts • Computer Trespassers • Electronic Crimes Task Force to be coordinated by the U.S. Secret Service • State Computer Crime Initiatives
Critical Infrastructure Assurance Office • Development of a National Strategy to Secure Cyberspace • Issues: • Home Users • Enterprises • Sectors • National • Global
Cyber-Security Preparedness Act Senator John Edwards introduced legislation last week to promote stonger password protections and high-tech tools to block computer “worms.” The Act, which would cost about $350 million over five years, would apply at first to federal agencies, then expand to include government contractors.
Gartner Research Note In the post-September 11 world, academic institutions will have to combine better security infrastructure with a more rigorous “social contract” that attaches responsibilities to user rights.
Discussion Question What steps have you taken to address computer and network security challenges at your institution?
EDUCAUSE Computer and Network Security Task Force To work with noted security experts and partner associations including Internet2 to identify short-term actions and long-term projects to address systems security problems in higher education. It will support activities such as, a technical toolkit to help Chief Information Officers get ahead of the security curve and a policy toolkit to help campuses properly address the associated legal and ethical issues.
Task Force Leadership Dan Updegrove, co-chair Vice President for Information Technology University of Texas at Austin Gordon Wishon, co-chair Chief Information Officer University of Notre Dame
Committee on Detection, Prevention and Response Co-Chairs: Steve Hansen, Computer Security Officer Stanford University Jack Suess, Chief Information Officer University of Maryland, Baltimore County
Committee on Policy and Legal Issues Co-Chairs: Mark Bruhn, University IT Policy Officer Indiana University Rodney Petersen, Director, IT Policy & Planning University of Maryland
Committee on Education and Awareness Co-Chairs: Michelle Norin, Director for IT Outreach University of Arizona Gordon Wishon, Chief Information Officer University of Notre Dame
Committee on Emerging Technologies Co-Chairs Clifford Collins, Chair I2 Security Working Group OARnet Ken Klingenstein Director, Middleware Initiative, Internet2 Chief Technology, University of Colorado
Funding Proposal Proposal for Identifying and Implementing a Coordinated Strategy for Computer and Network Security for Higher Education
Identify Problem and Develop Preliminary Plans • Phase One (months 1-3) • Convene Meeting of Computer & Network Security Experts • Convene Meeting of Research, Security, and Policy Experts • Commission Papers, Reports, and Case Studies
Develop Plan and Implementation Strategy • Phase Two (month 4) • Convene Summit on Computer & Network Security in Higher Education • Convene Meeting of Task Force on Computer and Network Security
Implement Plan and Strategies • Phase Three (months 5-16) • Pursue Implementation Strategies • Convene Quarterly Meetings of Task Force on Computer and Network Security • Commission Additional Papers, Reports, and Case Studies • Outreach: Publications and Presentations
Evaluate Plan and Prepare for Next Steps • Phase Four (months 17-18) • Convene Second Meeting of Computer & Network Security Experts • Convene Second Summit on Computer & Network Security
Discussion Question How can the EDUCAUSE Computer and Network Security Task Force help you and your institution improve IT security?
Task Force Priorities • Refine Organizational Structure • Revitalize Volunteer Network • Submit Grant Proposal • Participate In Government Initiatives • Coordinate Higher Education Activities • Outreach and Education
For more information: Visit http://www.educause.edu/security or Contact Rodney Petersen Email: Rodney@umd.edu Phone: 301.405.7349