NACUBO

My NacuboWhy Join: Benefits of Membership

E-mail:   Password:   

 Remember Me? | Forgot password? | Need an online account?

Business and Policy Areas
Business and Policy Areas
Loading

Final Cybersecurity Strategy Released

February 14, 2003

The Bush administration released a revised cybersecurity plan on February 14, which outlines steps that the government, private sector, and citizens should take to counteract online attacks. The higher education community, led by a collaboration between EDUCAUSE and Internet2, was active in the developmental stages of the strategy, which spanned a period of several months.

In April and November of 2002, the White House solicited comments on “The National Strategy to Secure Cyberspace” draft, calling upon members of the higher education community, in particular, to shape the plan. In the draft stages, the strategy identified issues for continued analysis and debate, as well as several actions that colleges and universities could take individually and collectively to increase security in general and in regard to programs already underway. The final plan is a scaled-back strategy that includes recommendations for citizens and the private sector, and specifies steps the government should take to protect federal information systems.

The cyberspace security strategy delineates the vulnerabilities of higher education institutions, the 5-point Framework for Action, and recommendations for securing cybersystems. The following text from the full report details the importance of awareness in the higher education sector.

Institutions of Higher Education (IHEs)
Awareness plays an especially important role in increasing the cybersecurity of IHEs. As recent experience has shown, organized attackers have collectively exploited many insecure computer systems traceable to the campus networks of higher education as a platform from which to launch denial-of-service attacks and other threats to unrelated systems on the Internet. Such attacks harm not only the targeted systems, but also the owners of those systems and those who desire to use their services. IHEs are subject to exploitation for two reasons: (1) they possess vast amounts of computing power; and (2) they allow relatively open access to those resources. The computing power owned by IHEs is extensive, covering over 3,000 schools, many with research and significant central computing facilities.

The higher education community, collectively, has been actively engaged in efforts to organize its members and coordinate action to raise awareness and enhance cybersecurity on America’s campuses. Most notably, through EDUCAUSE, the community has raised the issue of the Strategy’s development with top leaders of higher education, including the American Council on Education and the Higher Education IT Alliance. Significantly, through this effort, top university presidents have adopted a 5-point Framework for Action that commits them to giving IT security high priority and to adopting the policies and measures necessary to realize greater system security.

(1) make IT security a priority in higher education;
(2) revise institutional security policy and improve the use of existing
security tools;
(3) improve security for future research and education networks;
(4) improve collaboration between higher education, industry, and
government; and
(5) integrate work in higher education with the national effort to strengthen critical infrastructure.

Colleges and universities are encouraged to secure their cybersystems by establishing some or all of the following as appropriate:

(1) one or more ISACs [Information Sharing and Analysis Centers] to deal with cyberattacks and vulnerabilities;
(2) model guidelines empowering Chief Information Officers to address cybersecurity;
(3) one or more sets of best practices for IT security; and
(4) model user-awareness programs and materials (A/R 3-5).

The full report is available via the White House Web site at http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf