EDUCAUSE Computer and Network Security Task Force

Rodney J. PetersenDirector, Policy and Planning

Office of Information Technology

University of Maryland

Service Provider Security

According to Gartner, service providers must implement a solid set of security services to safeguard applications and data across the following areas:

Network Platform Applications Operations End Services

Headlines FBI Advises Windows XP Users On

Measures to Block Hackers AOL confirms security hold in AOL

Instant Messenger (AIM) GroupWise users grapple with

security bug Wireless security riddled with flaws Washtech.com Web Site Hacked

U.S. unprepared for IT warfare

Top computer security experts told a congressional committee in October that the U.S. isn’t producing the talent or the funding needed to confront the information warfare threats the country now faces.

Lieberman IT security fund

Senator Joseph Lieberman, chairman of the Senate Governmental Affairs Committee, has called for the creation of a $1 billion IT fund that would enhance homeland and information security while providing a much-needed boost to the sagging economy.

Billions needed for IT security

At least $10 billion in federal funding is needed to ensure adequate homeland cyberdefenses, according to the president of the Information Technology Association of America (ITAA), an industry group that represents more than 500 IT companies around the country.

IT Spending On Security 53 percent of IT managers said they

expect to devote a higher proportion of their total IT budgets to security compared with spending in 2001

59 percent of companies said they expect their 2002 IT budgets to decline or stay the same as their 2001 budgets

Consumers Security Concerns More than 70 percent of Americans are

at least “somewhat concerned” about Internet and computer security in the wake of the Sept. 11 attacks

Roughly 74 percent of Americans are worried that the information they give out online could be stolen or misused“Keeping the Faith: Government, Information Security and Homeland Cyber Defense” - Survey of the Information Technology Association of America

Future of Law and Technology

What sorts of Internet privacy measures, those to enhance and those to diminish or prevent privacy and anonymity, will be acceptable in the wake of September 11 terrorist attacks, and what will fly under the radar using prevention of terrorism as an excuse?

-Jessica Litman, Professor, Wayne State University Law School Congress will pass legislation to encourage companies to

share cyber-security data with the government, by exempting such data from disclosure under the Freedom of Information Act and by providing antitrust protection for companies that collaborate on cyber-security matters.

-Ivan Fong, Senior Counsel, General Electric

Discussion Question

What types of information security challenges does your organization face?

Justice Dept. To Hire More Computer Crime Attorneys

The U.S. Justice Department has begun soliciting hundreds of resumes from attorneys skilled in computer crime and intellectual property law in an effort to keep pace with a growing caseload of cybercrime prosecutions.

“We can and must do better”

“If we don’t do this, people simply won’t be willing – or able – to take advantage of all the other great work we do. Trustworthy Computing is the highest priority for all the work we are doing. When we face a choice between adding features and resolving security issues, we need to choose security.”

Bill Gates, Microsoft Corporation

Cyberspace Security Czar Richard Clark, Special Advisor to

the President for Cyberspace Security

Expected to be included in efforts coordinated by the Office of Homeland Security

Chairman of a yet-to-be-appointed government-industry board on critical infrastructure systems

NIST New IT Security Effort

The Department of Commerce’s National Institute of Standards and Technology (NIST) awarded $5 million total in funding in October for nine research grants that will enhance security for critical infrastructures such as electrical grids and air traffic control systems.

NIPC and IT Security The interagency National Infrastructure

Protection Center (NIPC) at FBI Headquarters serves as a national critical infrastructure entity for threat assessment, warning, vulnerability, and criminal and national security investigation, and response.

See http://www.nipc.gov

NIPC Infragard Initiative Special agents are working with

community-based computer security professionals to determine how to better protect critical information systems in the public and private sectors.

Computer Crimes Task Force http://www.infragard.net

USA PATRIOT Act Electronic Surveillance, primarily

to prevent terrorist acts Computer Trespassers Electronic Crimes Task Force to be

coordinated by the U.S. Secret Service

State Computer Crime Initiatives

Critical Infrastructure Assurance Office Development of a National

Strategy to Secure Cyberspace Issues:

Home Users Enterprises Sectors National Global

Cyber-Security Preparedness Act

Senator John Edwards introduced legislation last week to promote stonger password protections and high-tech tools to block computer “worms.” The Act, which would cost about $350 million over five years, would apply at first to federal agencies, then expand to include government contractors.

Gartner Research Note

In the post-September 11 world, academic institutions will have to combine better security infrastructure with a more rigorous “social contract” that attaches responsibilities to user rights.

Discussion Question

What steps have you taken to address computer and network security challenges at your institution?

EDUCAUSE Computer and Network Security Task Force

To work with noted security experts and partner associations including Internet2 to identify short-term actions and long-term projects to address systems security problems in higher education. It will support activities such as, a technical toolkit to help Chief Information Officers get ahead of the security curve and a policy toolkit to help campuses properly address the associated legal and ethical issues.

Task Force Leadership

Dan Updegrove, co-chair

Vice President for Information Technology

University of Texas at Austin

Gordon Wishon, co-chair

Chief Information Officer

University of Notre Dame

Committee on Detection, Prevention and Response

Co-Chairs:

Steve Hansen, Computer Security Officer Stanford University Jack Suess, Chief Information OfficerUniversity of Maryland, Baltimore County

Committee on Policy and Legal Issues

Co-Chairs:

Mark Bruhn, University IT Policy OfficerIndiana University

Rodney Petersen, Director, IT Policy & Planning

University of Maryland

Committee on Education and Awareness

Co-Chairs:

Michelle Norin, Director for IT OutreachUniversity of Arizona Gordon Wishon, Chief Information OfficerUniversity of Notre Dame

Committee on Emerging Technologies

Co-Chairs

Clifford Collins, Chair I2 Security Working Group

OARnet Ken KlingensteinDirector, Middleware Initiative, Internet2Chief Technology, University of Colorado

Funding Proposal

Proposal for Identifying and Implementing

a Coordinated Strategy for Computer and Network Security

for Higher Education

Identify Problem and Develop Preliminary Plans Phase One (months 1-3)

Convene Meeting of Computer & Network Security Experts

Convene Meeting of Research, Security, and Policy Experts

Commission Papers, Reports, and Case Studies

Develop Plan and Implementation Strategy Phase Two (month 4)

Convene Summit on Computer & Network Security in Higher Education

Convene Meeting of Task Force on Computer and Network Security

Implement Plan and Strategies Phase Three (months 5-16)

Pursue Implementation Strategies Convene Quarterly Meetings of Task

Force on Computer and Network Security

Commission Additional Papers, Reports, and Case Studies

Outreach: Publications and Presentations

Evaluate Plan and Prepare for Next Steps Phase Four (months 17-18)

Convene Second Meeting of Computer & Network Security Experts

Convene Second Summit on Computer & Network Security

Discussion Question

How can the EDUCAUSE Computer and Network Security Task Force help you and your institution improve IT security?

Task Force Priorities Refine Organizational Structure Revitalize Volunteer Network Submit Grant Proposal Participate In Government Initiatives Coordinate Higher Education

Activities Outreach and Education

For more information:

Visit http://www.educause.edu/security

orContact Rodney Petersen Email: Rodney@umd.edu

Phone: 301.405.7349