CoSN CTO Forum Helps Launch Cyber Security Project

The Cyber Security Leadership Initiative was officially announced at the National Association of School Board’s Teaching & Learning (T+L²) conference in Anaheim, California on October 23, 2003.

CoSN CTO Council’s Cyber Security Forum gave us an opportunity to build enthusiasm among our key constituency as well as to give Council members a chance to let us know about their interests and needs. This fourth gathering of the CoSN CTO Council attracted people from approximately 25 states. The agenda began with an introduction by Council Chair Ed Zaiontz, Executive Director of Information Services in the Round Rock Independent School District in Texas. This was followed by a presentation about the CoSN initiative by Steve Miller, and a case study report by Jerry Crisci and Lenny Vento from Scarsdale, New York describing their experience working with Carol Woody, from the Software Engineering Institute at Carnegie Mellon University, on an “asset-based” approach to risk analysis called OCTAVE.

The remainder of the session was an informal “focus group” in which participating CTOs met in small groups to discuss the issues that most concerned them about K-12 network security. Among the items mentioned, and that will become integrated into CoSN’s Cyber Security initiative, are:

• How to explain security issues to stakeholders?
• What kinds of operational policies most contribute to or undermine security?
• How to balance the tension between tight boundaries around your IT system and the need to share information with parents, as well as the need for students and teachers to have interactions with people outside the firewall?
• What kind of staff positions and skills are needed to maintain security?
• How to best support “techie teachers” who want to use technology for exciting projects but often aren’t technical enough to avoid security mishaps?
• How to estimate the cost of various security strategies?
• How to quantify the “loss of learning opportunity costs” when security is breached?
• What are the implications of evolving national laws, regulations, and court decisions?
• How to deal with specific technologies such as wireless, mobile devices, VPNs, single sign-on systems, outsourcing, etc.?

The attending CTO’s also asked for:

• Tools to help them inform stakeholders in public education about security issues;
• Sample policies on security;
• Case studies of best practice in schools and business;
• Templates and tools for self-audits and security evaluations;
• Information about grant opportunities.

Following the CTO Forum, we held a press conference at which the Project’s lead sponsors gave short statements of support, including John Bailey of the United States Department of Education. The announcement, along with our press release, must have hit a nerve because the project attracted widespread media attention in the weeks immediately following the T+L2 event. We had appearances in:

• Converge Online, “CoSN Launches Cyber Security for the Digital District” (11/03)
• District Daily, “New Partnership Addresses Security Risks” (10/31)
• eSchool News, “Security, Assessment Highlight Technology + Learning Conference” (10/30)
• WTOP-Radio 1500 AM (Washington, D.C.), “Computer Security in Schools Stepped Up” (10/24)
• Desktop EdNET Pro, “Consortium for School Networking Launches ‘Cyber Security for the Digital District’ Initiative”, (10/24)
• UPI, “Analysis: Computer security stepped up” (10/23)
• T+L2: “Virtual Press Room” (10/23)
• Zambezi Times, “Computer security stepped up” (10/23)
• Washington Times, “Computer security stepped up” (10/23)
• Kensei-con.net, “The Consortium for School Networking Launches ‘Cyber Security for the Digital District’ Initiative” (10/23)