Page 12 - Publication6
P. 12
Security in the Education Sector stores announced over the past few years. It happens. IT
On the subject of the state of security within the education security at all levels of government operates under financial
sector, Jordan says there is quite a bit of disparity and still constraints, making pretty good security a challenge.�
much room for improvement, especially at the local level.
The good news is, some progress is being made in higher Threat Intelligence Sharing
education, as exemplified by the University of Virginia and The sharing of threat intelligence is a hot topic following
Virginia Tech, who nearly a decade ago made the move President Obama�s recently released Executive Order and
to remove SSNs as employee/student tracking numbers – the announcement of a new agency to allow more data to
they proved it can be done, and Jordan says governments, be shared between the government and the private sector,
healthcare providers, and other education systems need to and Virginia is ahead of the curve in this respect, having
follow suit. after newly elected Governor Terry McAuliffe formed a
Cyber Security Commission almost a year ago.
At the local level though, pre-schools thru high schools are
very behind in educating students about the risk of using �It�s a broad effort determined to address as many aspects
the Internet, smart devices as well as securing their of cybersecurity as possible and create ways to raise the
networks. level of cybersecurity awareness, enhance sensitive data
security, improve critical infrastructure cybersecurity and
�Both areas are critically important and both areas appear develop a State Security Operations Center with an adjunct
to be off the radar screen of school superintendents and Competency Center to assist small business starts-up,
school board members. Next time you attend a school mid-size and critical infrastructure providers in the state,
board meeting, ask them when was the last time they had along with educational materials for schools, colleges and
a network risk assessment and if they have annual third- universities,� Jordan said.
party risk assessments performed – or if you want to nail
them, ask them how many BOTNET infections their
network has had in the past twelve months,� Jordan said. “It’s all about
�If there is a dramatic pause, you know the answer for sure
is they are not engaged in cybersecurity enough to even be relevant threat
in touch with the basic best practices. Though they should
intelligence
be.�
Jordan says that depending upon the size of the district, it sharing”
is quite likely there have been successful network
infections, but that they are not necessarily considered
unusual events.
�It�s all about relevant threat intelligence sharing. The
Virginia SOC will have access to volumes of information
�School systems are known to be riddled with BOTNETS –
and sift through what is relevant to Virginia cybersecurity
and we all know what follows those infections. I worry
practitioners. Even cybersecurity public service
about school systems becoming launching pads for DDoS
announcements are under consideration. Keep your eye
attacks or malware distribution,� he said.
on Virginia. It�s about to leave the twentieth century when
it comes to cybersecurity.�
�There have been major incidents at state-controlled data
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 3