CoSN CTO Council Taking TCO to the Classroom 3D: Data-driven Decision Making CoSN's Annual K-12 School Networking Conference CoSN CoSN's Emerging Technologies Series CoSN Compendium Safeguarding the Wired Schoolhouse Accessible Technologies for All Students I am interested in becoming a member of CoSN Remove Me from the Secure District Listserv
Cyber Security for the Digital District Quarterly Newsletter
Brought to you by CoSN

Fall 2004



Contents

CoSN Leadership Initiative Launches Free Newsletter

Welcome to the first newsletter of CoSN’s Cyber Security for the Digital District leadership initiative. Like the project as a whole, this newsletter is designed to help K-12 policy-makers and technology leaders assess and improve the security of their technology systems in order to protect the safety of staff and students, contribute to the educational mission of their schools, and maintain community support.

Cyber safety and cyber security are overlapping but distinct issues. Safety concerns individual behavior – the things people should do to protect themselves. It’s a bit like teaching children to cross an intersection only when the light is green. Security focuses on creating a less risky environment – like making sure that the intersection has a working traffic light!

In this rapidly evolving area we must not only learn from the experts, but also build on each other’s hard-earned experience. While there are volumes of material about cyber security available, little of it is written from a specifically K-12 perspective. There is much to learn!

Join the conversation!

Web Site Update Provides New Tools

On September 20th, the Cyber Security web site www.securedistrict.org was officially relaunched with a new set of powerful tools for school leaders. The press event announcing the relaunch generated articles in a variety of e-bulletins, newsletters, and magazines. The tools help local leaders assess the current status of their security preparations and to know how to prioritize needed improvements. The tools include:

For the CIO, CTO, Technology Director, or other person who runs the district technology systems:

Cyber Security Webcast on October 6 from 1:00 - 2:00 PM.

"Creating a Productive Dialogue About Cyber Security Between Technology Leaders and Policy Makers" is the focus on the first of CoSN’s 2004-2005 Webcast series. The staff of the Cyber Security for the Digital District initiative will lead this interactive session. Participants will have a chance to discuss a problem-scenario, listen to case studies and ask questions of the district presenters, and learn more about the tools available on the initiative’s web site.

To participate, you need to sign up for the event at www.cosn.org/events/webcasts/register.cfm. Individual CoSN members get two complementary passes to the webcast series. Institutional and corporate members get six. Members pay a discounted rate of $39/webcast for additional viewings. Non-members pay $59/webcast. Once registered, you will be sent a confirmation email with login instructions.

Cyber Security Workshops Available

CoSN’s Cyber Security for the Digital District initiative has created workshop curriculum suitable for one-hour, half-day, and full-day sessions. The staff can come deliver the workshops at your site, or you can use the materials to lead your own sessions. For more information, please contact us via email at security@massnetworks.org.

Cyber Security Project Articles Now in Print

The Cyber Security staff is regularly asked to write articles for national magazines. Articles have already appeared in:

Additional articles written by initiative staff will appear in:

  • Today’s Schools (October)
  • Scholastic Administr@tor (November)

The Cyber Security project also receives frequent mention in the press. For example, an editorial in the August T.H.E. Journal says:

"There are a variety of approaches to security in educational institutions. A typical approach is to identify a problem, such as viruses, and then attack it or shield the institution from the problem. A more holistic approach is asset-based. This is the approach advocated by the Consortium for School Networking (CoSN) in a monograph titled 'Cyber Security: Protecting Your District's Mission and Assets' (www.cosn.org). This approach is very different in that it focuses on the assets of the educational institution first, along with an analysis of the assets' vulnerabilities. The focus on assets rather than threats helps to ensure that the most important assets get attention first. The process still allows for less important assets to be addressed, especially if the solution is easy and/or inexpensive. Mixed into this process is a careful consideration of laws, budget, technical staff, as well as a thorough evaluation of threats."

CoSN Project Provides K-12 Security Focus for National Alliance

In response to the federal government's call to improve the security of our nation’s electronic communication systems, a National Cyber Security Alliance has been created to promote awareness and action. A key focus of one of the NCSA subgroups is helping small business, at-home users, colleges, and K-12 schools.

As part of its work, the Alliance has created a web-accessible database. Much of the material is safety-oriented, helping individuals increase their understanding of the issue and how they should act in order to protect themselves and others.

However, cyber security is the foundation of the Alliance's mission. For the K-12 arena, the Alliance is drawing on CoSN’s materials and tools. The Alliance website is: www.staysafeonline.info.

CoSN Compendium Contains Security Article

The CoSN Compendium is a series of eight monographs exploring timely issues of importance to K-12 technology decision makers. One of the monographs focuses on Cyber Security issues.

A summary of the Compendium material is available on the initiative website www.cosn.org/resources/compendium/index.cfm.

All the monographs from the 2004 CoSN Compendium, as well as those from the 2003 CoSN Compendium, are available for free in PDF format to all CoSN members. Non-members can purchase either complete copies of the Compendium, or individual monographs, from the CoSN catalog www.cosn.org/catalog/index.cfm.

Grunwald Survey Asks Local Leaders about Security

CoSN and the Peter Grunwald organization recently conducted a major survey of district-level technology leaders. Among the questions were several about security. This is what we found:

  • Eight out of ten districts (80%) consider network security very important, rating its importance as 8+ out of 10 on a 10-point scale, especially districts that are highly technically developed. (85% of high tech districts consider network security very important, versus 77% of low tech districts.)

  • The dominant network security problem districts face is anonymous external attacks (e.g. worms, viruses)—eight of ten districts (80%) name this as a "top 3" problem. But nearly half (48%) also say insufficient IT staffing has created serious security risk.

    • Staffing problems are particularly prevalent in large districts (56%), very poor districts (57%), and districts in the South (53%).

    • Relatively high percentages of wealthy (40%), suburban (36%), and high tech (35%) also report serious security problems from internal hackers.

    • More than four in ten (41%) small districts say regular hardware and software failures are making them vulnerable, while more than a third (35%) of Western districts say insufficient maintenance has become a serious security problem.

    • Nearly a third (30%) of the poorest districts say theft and vandalism are serious network security problems, a problem relatively few districts of other types report (15%).

  • Lack of staffing is cited by more than six in ten districts (61%) as a top barrier to improving network security. Nearly half (46%) also cite insufficient budgets.

    • In addition, four in ten districts (40%), including nearly six in ten of the poorest districts (59%) say that end user inexperience has also been a barrier in improving security.

    • Not surprisingly, the poorest (76%), largest (70%), and Southern (71%) are especially likely to cite staffing as a problem in improving security.

    • Relatively few districts cite actual budget cuts (17%) or lack of IT staff training (15%) as barriers to security improvements.

  • Improving service (50%), not saving money (22%) or avoiding hires (18%), is the dominant reason for outsourcing among districts that engage in it. This is especially true of districts in the Northeast (68%).

Expert Advice: Peer-to-Peer Networks

(In each newsletter, this section will present a quick tip about best practice from someone with deep experience in this field and knowledge of K-12 realities This contribution is from Dave Dorosin, Director of Solutions Marketing at SonicWall, one of the Cyber Security initiative’s Platinum sponsors.)

You're probably aware of the bandwidth problems posed by today's peer-to-peer applications. But, did you realize that peer-to-peer applications also pose serious liability and security risks?

We've all heard of file-sharing applications like Gnutella, Kazaa, and BearShare, which students use to swap files. If this is happening on your school network it could land you in legal hot water with the Recording Industry Association of America (RIAA). It could also raise questions of liability under the Children's Internet Protection Act (CIPA), since these new applications allow students to share any data files, including pornographic images and movies.

Peer-to-peer applications also create security risks, opening your network to backdoor attacks. Given their popularity and the fact that they use the same ports as Web traffic, they have become prime targets for virus writers. The destructive MyDoom virus actually spread through the file sharing application Kazaa as well as email.

So what can you do to keep peer-to-peer applications in check? You can set your filtering solution to block common Web sites where students download peer-to-peer applications. However, due to their popularity, these applications are being made available on hundreds of new Web sites daily. A better alternative is to detect these applications on your network and block their use. To do this, you need a solution that can look deeper into the traffic flowing across your network. Fortunately, a new generation of deep packet inspection firewalls are available that are able to detect and block at the application level. Not only do they prevent peer-to-peer and instant messaging, but they also protect your network from other application level threats.

CoSN Annual Conference: Accepting Workshop Proposals Until September 27

The Consortium for School Networking (CoSN) will be holding its 10th Annual K-12 School Networking Conference on March 22 & 23, 2005 at the Renaissance Hotel in Washington, DC. The conference theme is Beyond Wires and Boxes: Using Technology for Transformation.

CoSN is soliciting presentations on the ways the Internet and information technologies can improve teaching and learning in the K-12 classroom with a focus on:

  • The role of visionary leadership in technology implementation
  • The use of data to transform teaching and learning
  • The role of students in transforming the learning environment
  • The use of technology as a tool for educational transformation
  • The essential skills required by key technology leaders
  • Best practices from around the world

This is an excellent opportunity for you as sponsors of the Cyber Security for the Digital District initiative to highlight the work of your key customers. Applications may only be submitted by individuals from school districts, intermediate/county service units, state agencies or non-profit organizations. Companies that have been working on projects that pertain to the conference program/focus should encourage their clients to submit a presentation application.

Submissions should be of high interest and relevance to the intended conference participants (key district, state and national technology leaders). In addition, they should provide "cutting edge" and practical "how to" information. I know that all of you are involved in working with these "cutting edge" school districts – so encourage them to submit a proposal.

Additional information is available at www.k12schoolnetworking.org/present/index.cfm.

Please remember that the deadline for submission is September 27, 2004. Late proposals will not be accepted.

Thanks to Our Sponsors

This project would not exist without the support of our sponsors. Founding Platinum Level Sponsors include:

SonicWall

SurfControl

Symantec

United States Department of Education

Northwest Education Regional Laboratory
(in association with the Northwest Technology Consortium)

Founding Gold Level Sponsors include:

BellSouth Foundation

Enterasys

Microsoft

Sun Microsystems

Our Media Sponsor is:

Technology and Learning Magazine

Partnering with CoSN on the implementation of the initiative is:

Mass Networks Education Partnership


Disclaimer Text