Cyber Security for the Digital District

1
Cyber Securityfor the Digital District

• A CoSN Leadership Initiative, in partnership with
  Mass Networks Education Partnership (MNEP)

Project Director Steven E. Miller
www.securedistrict.cosn.org
2
Cyber Security Sponsorship

• Made possible through the generous support of
  education grants from SonicWall, Symantec,
  SurfControl as well as the U.S. Department of
  Education.
• Additional support from Sun Microsystems,
  Microsoft Corporation, and a media partnership
  with District Administration
• in collaboration with the Northwest Regional
  Education Laboratory (NWREL)

Slide 2
3
The Mission
CoSNs Leadership Initiative, Cyber Security for
the Digital District, will deliver strategies and
tools that promote network and information
security to education technology leaders and
policy makers in ways that help technology
contribute to schools primary goal of teaching
and learning.
Slide 3
4
Why Now? True Stories

• Student breaks into system changes grades taps
  into file of Social Security numbers. Parents
  urged to contact credit bureaus.

Devastating virus enters system via laptop
infected at teachers home over weekend.
Blended attacks hit multiple vulnerabilities,
requiring every computer to be individually taken
off line and cleaned multiple times.
Slide 4
5
Incidents Reported to CERT/CC
Computer Emergency Response Team/Coordination
Center
For more info see www.cert.org
6
Attack Sophistication v. Intruder Knowledge
High
Low
Source www.cert.org
7
A Growing Concern

• Increasing permeability of our IT boundaries
  because of growing use of always on broadband,
  wireless, outsourcing and ASP, peer-to-peer
  sharing, mobile hand-held equipment.

• Increasing demand for centralized data banks
  containing increasingly tempting data about
  students and their families.

8
A Growing Concern

• Will our own growing awareness of and concern
  about the vulnerability of our systems morph into
  a loss of public confidence in the technology
  project as a whole?

9
CoSNs Response

• A multi-year Leadership Initiative.

Partnership with leading school technology
leaders and corporations but vendor-neutral and
educator-driven.

• Recognition that different districts have
  different needs
• Size, budget, staffing levels and expertise

Slide 9
10
Three Themes

• People creating a community of trust.
• Policy reducing risk while preparing for
  problems.
• Technology having the right tools to implement
  the policies that serve the learning community.

Slide 10
11
People, Policy, Technology

• Technical issues are the front line. We need
  tools to assess vulnerabilities and close
  security gaps.

• But the way we run our day-to-day operations has
  a bigger impact. Policies procedures set the
  stage.

12
People, Policy, Technology

• People or human issues are the most important
  our users are our most critical asset, as well as
  the source of our most vexing security breaches.

• A successful security program is built on the
  support of users and other stakeholders gained
  by serving their needs and visibly adding value
  to the educational process.

13
Technology, Policy, People

• Money, time, and staff are limited resources.
• Risk can never be eliminated, merely reduced.
• Something will inevitably happen preparation
  for crisis management is an essential part of the
  process.
• Not everyone currently agrees that serious steps
  are needed.

14
Technology, Policy, People

• Districts have varied situations and needs
• Size of student body and/or staff
• Size of budget
• Staff size, sophistication, management tools
• Level of community support
• While expert advice is often invaluable,
  sometimes we can learn the most from each other
  we are the pioneers!

15
Reality Checks

• Schools are for learning
• Technology is a tool to enhance teaching,
  learning, research, and the administrative
  functions that enable them.
• The ethics that lead to security-enhancing
  attitudes and behaviors are related to overall
  ethical conduct in all areas of school life.

16
Cyber Security Initiative Goals

• Useful set of tools for technology leaders,
  policy-makers, and opinion-shapers.
• Background information to better understand the
  issues and provide a framework for discussion
  with other stakeholders
• A research-based approach for planning and
  implementing a security process
• Help education technology leaders analyze where
  their schools stand on security, and what they
  can do to move forward.

Slide 16
17
First Year Deliverables
Background information Case studies Slide
shows Self-assessment profilers and
checklists On-line tools Workshop curriculum
Slide 17
18
First Year Deliverables
Links to other resources Leadership
forums Quarterly newsletter Webcast Other methods
of facilitating sharing and learning within the
CTO community
Slide 18
19
Future Deliverables
On-line courses Policy Briefings News updates
www.securedistrict.cosn.org
Slide 19
20
You Are Important

• Let us know
• What you think you are currently doing well?
• What issues you are still struggling with?
• How information, skills, and tools you would find
  most helpful.

21
You Are Important

• For the future
• Sign up for our newsletter
• Offer to moderate an on-line (anonymous)
  discussion
• Give us feedback on our materials
• Come, or send others, to workshops and events.
• Visit our website www.securedistrict.cosn.org