Center Aims to Improve Cybersecurity in Higher Ed.

Story Author: Indiana University Media Relations
Publish Date: April 25, 2005
Source Publication: IUB

Center Aims to Improve Cybersecurity in Higher Ed.

BLOOMINGTON , Ind. (04/25/2005) -- When it comes to protecting themselves from computer hackers and securing personal information, do colleges and universities make the grade?

In the murky world of cyberspace, it's hard to judge how secure an organization is from intruders. In recent months, a slew of security breaches -- including those that crippled commercial data warehouses ChoicePoint and LexisNexis -- has many institutions feeling increasingly exposed and on edge.

"The whole nation is talking about cybersecurity, especially in higher education," said Fred Cate, Distinguished Professor of Law at the Indiana University School of Law-Bloomington and director of IU's Center for Applied Cybersecurity Research, which researches computer and Internet security issues.

At a time when many academic institutions are working to increase the number of cybersecurity researchers, the center, which was founded in 2002, has been seeking ways to combat information security challenges. Its major research initiatives focus on real-world problems such as "phishing," identity theft and terrorism, and its scholars and practitioners advise industry, government and academic leaders in their efforts to thwart computer hackers.

As part of its efforts to improve cybersecurity in higher education, the center will host the Indiana Higher Education Cybersecurity Summit on Thursday and Friday (April 28-29) at the University Place Conference Center on the campus of Indiana University-Purdue University Indianapolis. The summit, which is being co-sponsored by the Office of the Vice President for Information Technology at IU, will bring together information assurance professionals from Indiana's leading universities and colleges and other public institutions to share best practices, research and trends in cybersecurity.

Amit Yoran ( picture left ) former director of the National Cybersecurity Division in the U.S. Department of Homeland Security, will deliver the keynote address to the conference on April 28. Yoran was appointed by President Bush in 2003 as the administration's cyber chief, responsible for coordinating national activities in cybersecurity. Now CEO of Yoran Enterprises, he will discuss "Enterprise Risk Management in the Cyber World."

At last year's conference, Richard Clarke, former White House cybersecurity czar, emphasized the need for academic institutions to secure their cyberspace. Indeed, several high-profile data releases have occurred in colleges and universities over just the past year, tarnishing the reputation of security efforts in all of higher education.

Across higher education, as well as in the business, government and not-for-profit sectors, incidents in computer hacking and identity theft continue to rise in frequency, severity, sophistication and impact. They compromise intellectual property and institutional data, disrupting critical systems and depleting scarce fiscal resources.

Because information technology infrastructures at colleges and universities often are very complex, and management of digital systems is often spread out over many departments, no institution can be entirely immune to cyber-attacks. But Cate believes a "highly coordinated effort at the highest level of leadership" can minimize the effect these attacks have.

"Engagement in the discussion is a critical step in developing strategies that will deter attacks, reduce vulnerabilities and help to ensure that disruptions are infrequent, of minimal duration and cause the least damage possible," he said.

CACR, which is based at IU's Bloomington and Indianapolis campuses, is one of the nation's fastest-growing information assurance programs. It works to enhance the security and integrity of information systems, technologies and content, while drawing on the university's wide range of scholarly expertise in computer science, informatics, accounting and information systems, criminal justice, law, organizational behavior, public policy and related disciplines. CACR's leaders come from the IU School of Law-Bloomington and the IU School of Informatics as well as University Information Technology Services.

The center also is spurring the development of an interdisciplinary curriculum in cybersecurity. It recently was awarded a $50,000 grant from Microsoft to develop a "trustworthy computing" course to introduce students to the fundamentals of responsible computer use. The course will include concepts from computer science, law, policy, ethics, organizational behavior, economics and sociology.

Cate said the center is concerned not only with how to improve cybersecurity, but also its efficiency, cost, and impact on individuals, the public and the economy. Students in undergraduate and graduate programs in cybersecurity at IU are developing high-level technical understanding of information assurance as well as a broader awareness of the practical, legal, economic and behavioral contexts.

For more about the Center for Applied Cybersecurity Research and the Indiana Higher Education Cybersecurity Summit, including instructions on attending the conference, go to http://cacr.iu.edu/.

The summit will take place on the IUPUI campus at the University Place Conference Center and Hotel, located on the corner of Michigan Street and University Boulevard in Indianapolis.

To speak to Fred Cate, contact Ryan Piurek, IU Media Relations, at 812-855-5393.

©2005 The Trustees of Indiana University, All Rights Reserved