A Collaborative Approach to Cybersecurity is Higher Ed’s Best ShieldLuc Roy | Chief Information Officer, Laurentian University
Cybersecurity is a top of mind issue for all CIOs, and higher education is no exception.
As in other sectors, cyber-attacks in higher education are directly and indirectly related to money. Estimated in the billions (and maybe trillions) of dollars, the cybercrime economy is based on a number of online activities, including the sale of stolen information like emails, passwords, research materials and intellectual property; extortion attempts or unauthorized access to systems.
Universities are targets of cybercrime for a variety of reasons, including their limited resources, complex governance processes and increased participation in the global economy—and while an inclusive, open and collegial culture is a critical success factor for academic environments, it poses a unique security challenge.
The responsibility of Chief Information Officers, Chief Information Security Officers (CSIOs) and IT security support staff in combating cybersecurity threats at universities is enormous. Thankfully, university IT departments are aware of the gaps in cybersecurity and are working to address them individually and collectively.
In response to these relentless cyber threats, higher education institutions have banded together to create collegial, collaborative and proactive initiatives that aim to tackle cybersecurity on a national, provincial and local basis. Through the Canadian University Council of Chief Information Officers (CUCCIO)—a not-for-profit, member-based organization that represents the voice of IT in Canadian higher education—as well as a variety of national and provincial initiatives, universities are working together to help each other and the sector address these challenges.
Examples of Collaborative Initiatives on Cybersecurity:
CUCCIO’s Security Special Interest Group (SIG)
The Security SIG is made up of CISOs from across Canada who regularly and actively share security-related information, including vulnerabilities and best practices for mitigation.
CANARIE’s Joint Security Project
CANARIE’s Joint Security Project was established in 2017 to bolster cybersecurity across Canada’s research and education institutions, and to help develop a national view of the security position of institutions connected to the National Research and Education Network (NREN).
Ontario’s Shared Chief Information Security Officer (Shared CISO)
Hosted by ORION in Ontario, five universities and three colleges united to fund and pilot a shared CISO position to guide the participating universities on security governance, framework, guidance, assessment and much more. The pilot program is close to completion, and ORION is planning to set up a shared CISO service for Ontario higher education institutions. Shared CISO initiatives are being pursued in a number of other provinces as well.
Canadian Shared Security Operations Centre (CanSSOC)
Six universities have joined together to undertake a proof-of-concept project for a shared Canadian higher education security operations center. The project participants are investing significant time and money to address concerns related to the increasing frequency, complexity and severity of cyber security threats facing higher education institutions, and to develop a shared solution for the unsustainable scope and costs of successfully managing these threats, including early prevention, detection and mitigation.
Provincial research and education networks, co-funded and coordinated by CANARIE, aim to identify and implement standard and shared SIME technologies at the provincial level.
In December 2018, CUCCIO, in collaboration with CAUBO (the Canadian Association of University Business Officers), delivered a workshop for senior university leaders to not only increase awareness of the issues and challenges related to cybersecurity but also to provide practical advice and guidance.
This workshop has resulted in ongoing discussions around cybersecurity—within universities, through provincial organizations such as CSAO (Council of Senior Administrators of Ontario), the Ontario University CIO council (OUCCIO) and their college equivalent (Ontario College Council of Chief Information Officers), and at the national level between CUCCIO and CAUBO.
Lastly, earlier this year the Canadian federal government announced $500M of funding over 5 years to address cybersecurity across the country and in many sectors.
Safety in Numbers
Although higher education’s collegial, open and collaborative culture may make our institutions a prime target for cybercrime, it is this same collegial, open and collaborative environment that will provide our sector with the advantage it needs to bolster its defenses, protect our individual and collective assets, and fight against the ever-present threat of cybercrime.
Author Perspective: Administrator