security-IT-password

Should colleges adopt White House cybersecurity plan?


The Obama administration on Feb. 12 released its long-awaited cybersecurity framework as colleges and universities struggle in the fight against a barrage of cyber attacks that have compromised millions of pieces of personal data.

cybersecurity-white-houseThe White House’s cybersecurity framework, roundly criticized by privacy rights groups for a host of watered-down provisions, was meant to provide digital security basics for small businesses to corporations to college campuses.

The Department of Commerce’s National Institute of Standards and Technology (NIST) consolidated input from the private and public sectors in creating the cybersecurity framework’s set of standards, best practices, and guidelines.

The high level summary of the White House’s cybersecurity framework includes the following: Identify, protect, detect, respond, recover.

The tiered approach included in the cybersecurity framework is meant to allow organizations and universities to more easily assess risk management in protecting data.

Colleges and universities of every size have reported a spate of data breaches and cybersecurity attacks over the past year, causing consternation among students, faculty, and parents whose private information is stored on campus servers.

More than half of colleges and universities transmit various kinds of sensitive information – including financial details – over unencrypted channels, according to a survey conducted by HALOCK Security Labs, a security firm based in Illinois.

One-fourth of the 162 institutions included in HALOCK’s survey said they advised students and parents to send personal information – including W2 documents – via eMail.

University of Delaware (UD) in July joined the long line of higher education’s data breach victims, with a compromised university system yielding personal information on 72,000 past and present employees. University officials notified those affected by the breach by mail or eMail.

Elite schools are hardly immune from data breaches. Stanford University last summer announced a security breach of its information technology infrastructure that impacted an unknown number of people associated with the campus.

The University of Wisconsin was one of many schools to see a deluge of cyber attacks from Chinese IP addresses in 2013. UW officials said there were more than 100,000 Chinese cyber attacks every day on the campus’s IT infrastructure.

Oregon Health & Science University notified patients last year that their OHSU health information was stored on an internet-based eMail and/or document storage service, also known as a “cloud” computing system. Although the internet-based service provider (Google Drive, Google Mail) is password-protected and had security measures and policies in place to protect information, it was not an OHSU business associate with a contractual agreement to use or store OHSU patient health information.

Follow Denny Carter on Twitter @eCN_Denny.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.