Re: IHEs & NATIONAL STRATEGY: Single Point-Of-Contact

["Bruhn, Mark S." <mbruhn () INDIANA EDU>]

A 24X7 higher education ISAC will help here, I think.  The people
staffing such an org will know the higher education community, and will
be technically able to triage incident reports.  The first
limited-service iteration of a higher education ISAC (for Research and
Educational Networking) will be at Indiana University, associated with
the Global Network Operations Center, which is already 24X7.  See
http://globalnoc.iu.edu/.  We are poised (legal people doing final
review) to sign an MOU with the NIPC.

Whilst we certainly don't want to publish home numbers widely to law
enforcement and ISPs, having a higher education ISAC with that
information shouldn't (at least in my opinion) be problematic.  If a
report or situation associated with a particular campus is bad enough,
the ISAC operators would attempt to contact the person(s)identified for
that campus.

The theory here is that ISPs (as members of the IT ISAC) and law
enforcement (as part of the law enforcement ISAC) will make reports to
the NIPC, as well as directly to other ISACs if warranted.  The NIPC
will pass that along to the other ISACs.  The REN-ISAC will take that
information, do some analysis, and make sure it gets to the campuses
that need to have it.  Or, to all campuses for which they have contact
information, if it's a more global threat.

Operational details of the REN-ISAC will be sent out widely, once they
are developed.  There is also a white paper that discusses a
full-service ISAC that may (should absolutely, I think) succeed the
REN-ISAC.  We will post that to the Task Force web site as soon as I can
discuss that with Rodney Petersen.

M.

Mark S. Bruhn
Chief IT Security and Policy Officer
Office of the Vice President for Information Technology and CIO
Indiana University
812-855-0326


-----Original Message-----
From: Kevin Shalla [mailto:Kevin.Shalla () IIT EDU] 
Sent: Monday, September 23, 2002 10:30 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] IHEs & NATIONAL STRATEGY: Single
Point-Of-Contact


I believe it would be a good idea if it were cost-free, but alas it is
not.  I agree with others that the single person of contact is not
really
feasible - for most campuses the campus police office would probably be
the
only office staffed 24 X 7.  The police could have an on-call list of
whom
to call during which times.  Problems with this could be the false
alarms -
how could campus police triage and determine whether this is a serious
problem (hundreds of computers are launching denial of service attack)
versus moderate problem (one computer is scanning another computer)
versus
annoyances (one computer has a virus, and it probably came from a
computer
on our campus).  Large universities could afford additional staffing to
support this plan, small colleges would find this burdensome.

At 02:41 PM 9/19/2002 -0400, Rodney Petersen wrote:
> One of the recommendations in the "National Strategy To Secure
> Cyberspace" (www.securecyberspace.gov) is that "each college and
> university should consider establishing a point-of-contact, reachable
at
> all times, to Internet service providers (ISPs) and law enforcement
> officials in the event that the school's IT systems are discovered to
be
> launching cyber attacks."
>
> Is this a good idea?
>
> How could it be implemented across higher education?
>
> What are obstacles or challenges for moving forward with this
> recommendation?
>
> Other comments or insights?


Kevin Shalla
Manager, Student Information Systems
Illinois Institute of Technology
<mailto:Kevin.Shalla () iit edu>

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at
http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.