Presented at THETA 2019 (The Higher Education Technology Agenda), Wollongong, 20 May 2019.
University libraries are increasingly exposed to cybersecurity threats, with prominent recent examples including:
- a 3-day distributed denial of service (DDoS) attack on the Library of Congress
- ransomware attacks on PCs in US public libraries, and
- the Silent Librarian phishing campaign, which affected 26 Australian universities. Researchers mistakenly believed their library accounts would be closed and provided log-in credentials enabling the the of research.
As few librarians are trained in key aspects of cybersecurity there is an urgent need for greater collaboration with cybersecurity professionals to accurately identify and effectively mitigate risks. Griffith University’s Library Technology Services manages a portfolio of so ware applications, most of which are cloud-hosted. Applications and integrations are under increased scrutiny and we now engage more with staff from Cyber Security Services in Digital Solutions, particularly when we evaluate new applications or perform major upgrades.
Cyber Security Services offers support across three main categories: process, technology, and people. In this presentation I discussed both technical and non- technical actions being taken to uplift the Library’s overall cybersecurity maturity. This included increased focus on the security architecture of software applications, demanding more mature cybersecurity approaches from our vendors and service providers, regularly reviewing processes for protecting log-in credentials, and addressing staff information and training needs.
While this work is essential it is also challenging, in terms of project budgets and timelines, stakeholder perceptions, and the allocation of staff resources. I discussed how library and cybersecurity professionals can work together to build capability, both at the level of individual institutions and across the sector.
Working together to strengthen
cybersecurity in university libraries
Why do we need to work together?
2004ACM/IEEE Joint Conference on Digital Libraries
Not only will [digital libraries] serve as repositories of
knowledge and information, and as the primary
mechanism for its retrieval and distribution, but they will
be the focal point for the integration of information and
scholarship across all boundaries of application,
language, and media… they will also inevitably become
the target of malicious attack by people seeking
Joel Birnbaum, Hewlett Packard
So what kinds of things
can we usefully work on?
Knowledge & skills
Password / account
Product / vendor
So why is it so hard in practice?
Wood, Phillip. 2014. “Walls of Straw – the Cyber Risks to Higher Education.”
Insights 27 (2): 192–97. https://doi.org/10.1629/2048-7754.160.
The dilemma of information protection is a challenge in
universities, where restricting access can inhibit
information flow and the development of ideas…. This
need to balance ‘need to know’ with ‘need to flow’ can
mean that levels of protection need to be compromised
so that information routes and the freedom to work
within them can be maintained. This compromise is
How we work together
is just as important as
what we work on.
Australian Library and Information Association
Core Values Statement
Australian Information Security Association
Code of Ethics
You may be surprised at how similar our values
and concerns are.
Costa, Arthur L., and Bena Kallick. 1993. “Through the Lens of a Critical
Friend.” Educational Leadership 51(2): 49–51.
A critical friend…is a trusted person who asks provocative
questions, provides data to be examined through
another lens, and offers critique of a person's work as a
friend. A critical friend takes the time to fully understand
the context of the work presented and the outcomes
that the person or group is working toward. The friend is
an advocate for the success of that work.
• Tim Lane, IT Security Projects Manager, Griffith University and Chair,
CAUDIT Cybersecurity Community of Practice
• My Library Technology Services team
Get in touch:
Manager, Library Technology Services
LinkedIn | Twitter