25
An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force Steve Worona Director of Policy and Networking Programs EDUCAUSE CISSE Washington, D.C. June 5, 2003

An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

Embed Size (px)

DESCRIPTION

An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force. Steve Worona Director of Policy and Networking Programs EDUCAUSE CISSE Washington, D.C. June 5, 2003. “I am your worst nightmare!”. Dr. Corey Schou, Idaho State. Today’s Highlights from Mary Ann and Dan. - PowerPoint PPT Presentation

Citation preview

Page 1: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

An Introduction to EDUCAUSEand the

EDUCAUSE/Internet2Security Task Force

Steve WoronaDirector of Policy and Networking Programs

EDUCAUSE

CISSEWashington, D.C.

June 5, 2003

Page 2: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

“I am your worst nightmare!”

Dr. Corey Schou,Idaho State

Page 3: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

Today’s Highlights fromMary Ann and Dan “Write good code, not cool code” “Do research to solve the right

problem” “Seize all reasonable opportunities

to partner”

Page 4: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

Today’s Highlights fromMary Ann and Dan “Write good code, not cool code” “Do research to solve the right

problem” “Seize all reasonable opportunities

to partner”

Page 5: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

About EDUCAUSE Membership association to advance

information technology in higher education

1800 member institutions Colleges, universities, corporate

partners Publications, paper and electronic Annual national conference (~7,000) 6 Annual Regional conferences Public policy initiatives

Page 6: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

EDUCAUSE:History and Legacy 1998: Merger of CAUSE and Educom

Educom b.1964 with Kellogg Foundation grants to encourage use of computing in higher education

CAUSE b.1971 from earlier group (1962) formed to exchange hardware/software expertise on compus

[Step]Children BITNET NTTF Internet2 CNI

Page 7: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

EDUCAUSE Activities:Net@EDU Emerged from NTTF & FARNET Mission: “To advance the evolution of a global

networking environment that best supports the transformation of Higher Education through information technology.”

~100 member campuses Annual meeting Working groups

PKI Broadband Wireless ICS (VoIP)

Page 8: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

EDUCAUSE Activities:.EDU DoC Cooperative Agreement Nov.

2001 Transition from VeriSign/NSI Registrar, Registry

Outsourced to VeriSign thru August, 2003 Limitations

Old names grandfathered New names limited to accredited inst’s

Regional accreditation vs DofEducation list One name/institution

Policy issues Systems; licensing; international; …

Page 9: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

EDUCAUSE Activities:PKI PKI Working Group (Net@EDU) NSF Middleware Initiative (NMI)

Internet2/EDUCAUSE/SURA Common middleware for campus

infrastructure and GRIDS Shibboleth, eduperson, …

Higher-Ed Root Formerly CREN, now Internet2 Pre-loaded into browsers

HEBCA (Higher-Ed Bridge CA) Cloned from FBCA Pilots, old and new HEPKI Council

Page 10: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

Other EDUCAUSE Activities EDUCAUSE/Cornell Institute for

Computer Policy and Law Annual seminar in Ithaca July 8-11

ANMSI NLII ECAR JCP2P (Higher Education+RIAA/MPAA) EDUCAUSE Live! EDUCAUSE/Internet2 Security TF

Page 11: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

The Security TF and theNational Strategy Creation of EDUCAUSE/Internet2 Computer and Network

Security Task Force – July 2000See www.educause.edu/security

Framework for Action - April 2002See security.internet2.edu/ActionStatement.pdf

National Strategy to Secure Cyberspace Nat’l Strategy Questions - April 20, 2002

See www.gcn.com/cybersecurity Higher Education Contribution to National Strategy to Secure

Cyberspace (July 2002)See www.educause.edu/security/national-strategy

NSF-Funded Workshops – Summer/Fall 2002 DRAFT Released - September 18, 2002

See www.securecyberspace.gov Release of Nat’l Strategy – February 14, 2003

Page 12: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

Framework for Action:April, 2002 Make IT security a higher and more visible priority in

higher education Do a better job with existing security tools, including

revision of institutional policies Design, develop and deploy improved security for future

research and education networks Raise the level of security collaboration among higher

education, industry and government Integrate higher education work on security into the

broader national effort to strengthen critical infrastructure

Page 13: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

National Strategy Priorities A National Cyberspace Security

Response System A National Cyberspace Security

Threat and Vulnerability Reduction Program

A National Cyberspace Security Awareness and Training Program

Securing Governments’ Cyberspace National Security and International

Cyberspace Security Cooperation

Page 14: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

Strategic Objectives of Nat’l Strategy

Prevent cyber attacks against America’s critical infrastructures

Reduce national vulnerability to cyber attacks; and

Minimize damage and recovery time from cyber attacks that do occur

Page 15: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

Higher Ed and National StrategyNational Strategy encourages colleges and universities to secure their cyber systems by establishing some or all of the following as appropriate:

one or more Information Sharing and Analysis Centers to deal with cyber attacks and vulnerabilities;

an on-call point-of-contact to Internet service providers and law enforcement officials in the event that the school’s IT systems are discovered to be launching cyber attacks;

model guidelines empowering Chief Information Officers (CIOs) to address cybersecurity;

one or more sets of best practices for IT security; and, model user awareness programs and materials.

Page 16: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

NSF-Funded Workshops 2002 Higher Ed Values and Principles

August – Columbia University Security Architecture and Policy

August – Chicago Security in the Research Environment

October – Washington Higher Education IT Security Summit

November – Washington

Page 17: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

Higher Ed IT Environments Technology Environment

Distributed computing and wide range of hardware and software from outdated to state-of-the-art

Increasing demands for distributed computing, distance learning and mobile/wireless capabilities which create unique security challenges

Leadership Environment Reactive rather than proactive Lack of clearly defined goals (what do we need to protect

and why) Academic Culture

Persistent belief that security & academic freedom are antithetical

Tolerance, experimentation, and anonymity highly valued

Page 18: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

Action Agenda Organization and Information

Sharing Education and Awareness Policies, Procedures, and Standards Security Architecture and Tools Incident Response and Reporting Cybersecurity Research &

Development

Page 19: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

Organization & Info SharingGoal: To create the capacity for a college or university to effectively deploy

a comprehensive security architecture (education, policy, and technology); and to leverage the collective wisdom and expertise of the higher education community.

Programs: EDUCAUSE/Internet2 Computer and Network Security Task Force

Security Resource for Higher Education Web Site Security Discussion Group

Higher Education Information Technology Alliance Research & Educational Networking Information Sharing and Analysis

Center (REN-ISAC)Initiatives: Empowering CIO’s and Establishing Authority/Responsibility at the

Cabinet Level Identifying 24x7 Campus Contacts for Emergencies and Law

Enforcement Requests EDUCAUSE Security Newsletter

Page 20: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

Incident Response and ReportingGoal:

Improve the ability of higher education institutions to respond to computer incidents and develop appropriate reporting mechanisms for sharing information and measuring progress.

Programs: Computer Emergency Response Team/Coordination Center

(CERT/CC) Forum of Incident Response Teams (FIRST) Research and Educational Networking ISAC (REN-ISAC)Initiatives: Provide Education and Assistance in the Creation of Incident

Response Teams Develop Common Incident Categories Across Higher Education

(working with Industry and Government) Establish Incident Reporting Standards, Systems, and Mechanisms

Page 21: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

ACE Letter to Presidents Set the tone: ensure that all campus stakeholders know

that you take Cybersecurity seriously. Insist on community-wide awareness and accountability.

Establish responsibility for campus-wide Cybersecurity at the cabinet level. At a large university, this responsibility might be assigned to the Chief Information Officer. At a small college, this person may have responsibility for many areas, including the institutional computing environment.

Ask for a periodic Cybersecurity risk assessment that identifies the most important risks to your institution. Manage these risks in the context of institutional planning and budgeting.

Request updates to your Cybersecurity plans on a regular basis in response to the rapid evolution of the technologies, vulnerabilities, threats, and risks.

Page 22: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

Security Professionals Workshop

April 22-23, 2003 Temecula, California

Page 23: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

Key Players in Higher-Ed It Security:Important roles for all

Researchers Faculty System-admins Network-admins Software companies Hardware companies Students Campus auditors

CIO’s Presidents/Provosts Funding agencies Legislators Campus attorneys K-12 teachers Parents …

Page 24: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

Opportunities to Collaborate Present at EDUCAUSE conferences Put material in EDUCAUSE library Publish in EDUCAUSE journals Joint conferences, meetings,

workshops Feedback loop with REN-ISAC Job opportunities for graduates Studies/surveys via ECAR Vendor communication Cross-link Web pages Your idea here…

Page 25: An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

CISSE – Washington, D.C.

For more information and collaboration www.educause.edu/security

Rodney Petersen, EDUCAUSE Michael Roberts, Internet2 Dan Updegrove, UT-Austin Gordon Wishon, Notre Dame