Re: Cyberattacks Down?

[Joe St Sauver <JOE () OREGON UOREGON EDU>]

Hi,

#If the situation in Universities is really better,

and I think it is...

#rather than just a
#smaller fraction due to our early adopter status, then we have some
#valuable things to offer private industry to help them make a more
#attractive networked computer experience.  Even if our situation is not
#really any better, maybe we should invest in creating a better commodity
#network/computer experience for private industry to adopt.

After talking with commercial-side colleagues, I've developed a laundry
list of ways we in higher ed differ from them, differences which impact
their ability to deal with their infested customers:

-- Geolocality differences...

   Even if you're a university with twenty or thirty thousand users, those
   users are typically located in a limited geographic area, e.g., a campus
   or city typically. This geolocality means that you have options that a
   commercial provider may not have:

   -- users can get a clean up CD by just dropping by in person

   -- users can bring laptops or other systems in for remedial attention

   -- "house calls" (well, office calls or dorm calls or whatever) are a
      possibility

   Contrast that with a national ISP that might have users spread across
   multiple states, and for whom truck rolls cost outrageous amounts
   (you'll see anything from $50 to $250 or more depending on who you look
   at). Typical interaction, if the user has already been taken off line,
   is a mailed CD, which takes multiple days to arrive in most cases.

-- Fear of driving customers away...

   In the commercial case, a customer/provider relationship exists.
   Customer is paying for service, and disabling that service often results
   in loss of a customer. In the higher ed space, the customer may be
   paying indirectly for service via a tech fee or other funding
   mechanism, but the customer is largely captive, which allows for
   a greater range of options when dealing with abuse or compromised
   machines w/o financial risk to the "provider" university.

-- Fate sharing...

   The University-as-provider is also motivated by fate sharing: we use
   the service we provide to customers, and if we allow it to get
   grossly junked up, and we get blocked, we (as users) get blocked up
   just as our customers get blocked. Contrast that with commercial
   providers where the corporate domain may be kept carefully separated
   from the consumer domain.

-- Legal influences...

   The worst of the providers come from heavily "common carrier"-ized
   segments of the industry, where the lawyers have a preconditioned
   desired to stay away from content issues to the greatest extent
   possible. They want to provide connectivity, what happens after that
   is something they really don't want to get into. Universities, on
   the other hand, have historically been willing to respond to
   complaints (copyright infringement, etc.), as good neighbors.

-- Strict business case analysis...

   In many cases the worst of the providers also take a strict
   "business case" approach to issues: tasks do not get done if
   they negatively impact the bottom line. Customers, although willing
   to squeal loudly once they've become dunged up, may not be
   willing to back that up with their checkbooks.
   Business-case-oriented ISPs are not willing to give away freebees.
   Result: infestations persist.

Etc., etc., etc.

This is one case where tech transfer isn't the issue, it really is a
different market and a different mind set, I think.

Regards,

Joe

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.