$30 off During Our Annual Pro Sale. View Details »

Working together to strengthen cybersecurity in university libraries

Working together to strengthen cybersecurity in university libraries

Presented at THETA 2019 (The Higher Education Technology Agenda), Wollongong, 20 May 2019.

University libraries are increasingly exposed to cybersecurity threats, with prominent recent examples including:

- a 3-day distributed denial of service (DDoS) attack on the Library of Congress
- ransomware attacks on PCs in US public libraries, and
- the Silent Librarian phishing campaign, which affected 26 Australian universities. Researchers mistakenly believed their library accounts would be closed and provided log-in credentials enabling the the of research.

As few librarians are trained in key aspects of cybersecurity there is an urgent need for greater collaboration with cybersecurity professionals to accurately identify and effectively mitigate risks. Griffith University’s Library Technology Services manages a portfolio of so ware applications, most of which are cloud-hosted. Applications and integrations are under increased scrutiny and we now engage more with staff from Cyber Security Services in Digital Solutions, particularly when we evaluate new applications or perform major upgrades.

Cyber Security Services offers support across three main categories: process, technology, and people. In this presentation I discussed both technical and non- technical actions being taken to uplift the Library’s overall cybersecurity maturity. This included increased focus on the security architecture of software applications, demanding more mature cybersecurity approaches from our vendors and service providers, regularly reviewing processes for protecting log-in credentials, and addressing staff information and training needs.

While this work is essential it is also challenging, in terms of project budgets and timelines, stakeholder perceptions, and the allocation of staff resources. I discussed how library and cybersecurity professionals can work together to build capability, both at the level of individual institutions and across the sector.

Sam Searle

May 20, 2019

More Decks by Sam Searle

Other Decks in Technology


  1. Working together to strengthen
    cybersecurity in university libraries

    View Slide

  2. View Slide

  3. Why do we need to work together?

    View Slide

  4. View Slide

  5. 2004ACM/IEEE Joint Conference on Digital Libraries
    Not only will [digital libraries] serve as repositories of
    knowledge and information, and as the primary
    mechanism for its retrieval and distribution, but they will
    be the focal point for the integration of information and
    scholarship across all boundaries of application,
    language, and media… they will also inevitably become
    the target of malicious attack by people seeking
    unauthorized information.
    Joel Birnbaum, Hewlett Packard

    View Slide

  6. View Slide

  7. Culture
    & comms
    capacity in
    higher ed

    View Slide

  8. So what kinds of things
    can we usefully work on?

    View Slide

  9. People
    Knowledge & skills
    Vulnerability scans
    Penetration tests
    Password / account
    Company ratings
    Data classification
    Product / vendor
    Early adopters

    View Slide

  10. Sounds great!
    (In theory…)
    So why is it so hard in practice?

    View Slide

  11. Wood, Phillip. 2014. “Walls of Straw – the Cyber Risks to Higher Education.”
    Insights 27 (2): 192–97. https://doi.org/10.1629/2048-7754.160.
    The dilemma of information protection is a challenge in
    universities, where restricting access can inhibit
    information flow and the development of ideas…. This
    need to balance ‘need to know’ with ‘need to flow’ can
    mean that levels of protection need to be compromised
    so that information routes and the freedom to work
    within them can be maintained. This compromise is

    View Slide

  12. View Slide

  13. A proposition:
    How we work together
    is just as important as
    what we work on.

    View Slide

  14. Community

    View Slide

  15. Compare
    Australian Library and Information Association
    Core Values Statement
    Australian Information Security Association
    Code of Ethics
    You may be surprised at how similar our values
    and concerns are.

    View Slide

  16. Costa, Arthur L., and Bena Kallick. 1993. “Through the Lens of a Critical
    Friend.” Educational Leadership 51(2): 49–51.
    A critical friend…is a trusted person who asks provocative
    questions, provides data to be examined through
    another lens, and offers critique of a person's work as a
    friend. A critical friend takes the time to fully understand
    the context of the work presented and the outcomes
    that the person or group is working toward. The friend is
    an advocate for the success of that work.

    View Slide

  17. Thanks to:
    • Tim Lane, IT Security Projects Manager, Griffith University and Chair,
    CAUDIT Cybersecurity Community of Practice
    • My Library Technology Services team
    Get in touch:
    Sam Searle
    Manager, Library Technology Services
    [email protected]
    LinkedIn | Twitter

    View Slide