Educause Security Discussion mailing list archives
Re: Cyberattacks Down?
From: Joe St Sauver <JOE () OREGON UOREGON EDU>
Date: Mon, 13 Dec 2004 11:13:45 -0800
Hi, #If the situation in Universities is really better, and I think it is... #rather than just a #smaller fraction due to our early adopter status, then we have some #valuable things to offer private industry to help them make a more #attractive networked computer experience. Even if our situation is not #really any better, maybe we should invest in creating a better commodity #network/computer experience for private industry to adopt. After talking with commercial-side colleagues, I've developed a laundry list of ways we in higher ed differ from them, differences which impact their ability to deal with their infested customers: -- Geolocality differences... Even if you're a university with twenty or thirty thousand users, those users are typically located in a limited geographic area, e.g., a campus or city typically. This geolocality means that you have options that a commercial provider may not have: -- users can get a clean up CD by just dropping by in person -- users can bring laptops or other systems in for remedial attention -- "house calls" (well, office calls or dorm calls or whatever) are a possibility Contrast that with a national ISP that might have users spread across multiple states, and for whom truck rolls cost outrageous amounts (you'll see anything from $50 to $250 or more depending on who you look at). Typical interaction, if the user has already been taken off line, is a mailed CD, which takes multiple days to arrive in most cases. -- Fear of driving customers away... In the commercial case, a customer/provider relationship exists. Customer is paying for service, and disabling that service often results in loss of a customer. In the higher ed space, the customer may be paying indirectly for service via a tech fee or other funding mechanism, but the customer is largely captive, which allows for a greater range of options when dealing with abuse or compromised machines w/o financial risk to the "provider" university. -- Fate sharing... The University-as-provider is also motivated by fate sharing: we use the service we provide to customers, and if we allow it to get grossly junked up, and we get blocked, we (as users) get blocked up just as our customers get blocked. Contrast that with commercial providers where the corporate domain may be kept carefully separated from the consumer domain. -- Legal influences... The worst of the providers come from heavily "common carrier"-ized segments of the industry, where the lawyers have a preconditioned desired to stay away from content issues to the greatest extent possible. They want to provide connectivity, what happens after that is something they really don't want to get into. Universities, on the other hand, have historically been willing to respond to complaints (copyright infringement, etc.), as good neighbors. -- Strict business case analysis... In many cases the worst of the providers also take a strict "business case" approach to issues: tasks do not get done if they negatively impact the bottom line. Customers, although willing to squeal loudly once they've become dunged up, may not be willing to back that up with their checkbooks. Business-case-oriented ISPs are not willing to give away freebees. Result: infestations persist. Etc., etc., etc. This is one case where tech transfer isn't the issue, it really is a different market and a different mind set, I think. Regards, Joe ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Cyberattacks Down? Jere Retzer (Dec 07)
- <Possible follow-ups>
- Re: Cyberattacks Down? Jordan Wiens (Dec 08)
- Re: Cyberattacks Down? Barbara Griffith (Dec 08)
- Re: Cyberattacks Down? Cam Beasley, ISO (Dec 08)
- Re: Cyberattacks Down? Joe St Sauver (Dec 08)
- Re: Cyberattacks Down? John Kristoff (Dec 08)
- Re: Cyberattacks Down? Wayne Wilson (Dec 13)
- Re: Cyberattacks Down? Joe St Sauver (Dec 13)