Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Working together to strengthen cybersecurity in university libraries

Working together to strengthen cybersecurity in university libraries

Presented at THETA 2019 (The Higher Education Technology Agenda), Wollongong, 20 May 2019.

University libraries are increasingly exposed to cybersecurity threats, with prominent recent examples including:

- a 3-day distributed denial of service (DDoS) attack on the Library of Congress
- ransomware attacks on PCs in US public libraries, and
- the Silent Librarian phishing campaign, which affected 26 Australian universities. Researchers mistakenly believed their library accounts would be closed and provided log-in credentials enabling the the of research.

As few librarians are trained in key aspects of cybersecurity there is an urgent need for greater collaboration with cybersecurity professionals to accurately identify and effectively mitigate risks. Griffith University’s Library Technology Services manages a portfolio of so ware applications, most of which are cloud-hosted. Applications and integrations are under increased scrutiny and we now engage more with staff from Cyber Security Services in Digital Solutions, particularly when we evaluate new applications or perform major upgrades.

Cyber Security Services offers support across three main categories: process, technology, and people. In this presentation I discussed both technical and non- technical actions being taken to uplift the Library’s overall cybersecurity maturity. This included increased focus on the security architecture of software applications, demanding more mature cybersecurity approaches from our vendors and service providers, regularly reviewing processes for protecting log-in credentials, and addressing staff information and training needs.

While this work is essential it is also challenging, in terms of project budgets and timelines, stakeholder perceptions, and the allocation of staff resources. I discussed how library and cybersecurity professionals can work together to build capability, both at the level of individual institutions and across the sector.

18f92035c4f596246944242e7da9f991?s=128

Sam Searle

May 20, 2019
Tweet

Transcript

  1. Working together to strengthen cybersecurity in university libraries

  2. None
  3. Why do we need to work together?

  4. None
  5. 2004ACM/IEEE Joint Conference on Digital Libraries Not only will [digital

    libraries] serve as repositories of knowledge and information, and as the primary mechanism for its retrieval and distribution, but they will be the focal point for the integration of information and scholarship across all boundaries of application, language, and media… they will also inevitably become the target of malicious attack by people seeking unauthorized information. Joel Birnbaum, Hewlett Packard
  6. None
  7. Culture & comms Cybersecurity capacity in higher ed Cloud Legacy

    solutions Stagnant market conditions Accidental systems librarians Shadow library IT
  8. So what kinds of things can we usefully work on?

  9. People Awareness Knowledge & skills Communities Technology Vulnerability scans Penetration

    tests Password / account management Company ratings Process Data classification Product / vendor assessments Early adopters
  10. Sounds great! (In theory…) So why is it so hard

    in practice?
  11. Wood, Phillip. 2014. “Walls of Straw – the Cyber Risks

    to Higher Education.” Insights 27 (2): 192–97. https://doi.org/10.1629/2048-7754.160. The dilemma of information protection is a challenge in universities, where restricting access can inhibit information flow and the development of ideas…. This need to balance ‘need to know’ with ‘need to flow’ can mean that levels of protection need to be compromised so that information routes and the freedom to work within them can be maintained. This compromise is essential…
  12. None
  13. A proposition: How we work together is just as important

    as what we work on.
  14. Community Prudence Preparedness Integrity Trust Inclusion Access Diversity Exclusion Security

    Conformity
  15. Compare Australian Library and Information Association Core Values Statement with

    Australian Information Security Association Code of Ethics You may be surprised at how similar our values and concerns are.
  16. Costa, Arthur L., and Bena Kallick. 1993. “Through the Lens

    of a Critical Friend.” Educational Leadership 51(2): 49–51. A critical friend…is a trusted person who asks provocative questions, provides data to be examined through another lens, and offers critique of a person's work as a friend. A critical friend takes the time to fully understand the context of the work presented and the outcomes that the person or group is working toward. The friend is an advocate for the success of that work.
  17. Thanks to: • Tim Lane, IT Security Projects Manager, Griffith

    University and Chair, CAUDIT Cybersecurity Community of Practice • My Library Technology Services team Get in touch: Sam Searle Manager, Library Technology Services samantha.searle@griffith.edu.au https://orcid.org/0000-0002-0619-5756 LinkedIn | Twitter