Cybersecurity Policy

The U.S. Department of Education has issued a Notice of Proposed Rulemaking with proposed regulations pertaining to the Family Education Rights and Privacy (FERPA). Among other things, "the proposed regulations respond to changes in information technology and address other issues identified through the Department's experience administering FERPA," according to the Notice. Additionally, the regulations are needed to implement amendments to FERPA contained in the USA Patriot Act and the Campus Sex Crimes Prevention Act, to implement two U.S. Supreme Court decisions interpreting FERPA, and to make other necessary changes.

Among the IT-related changes are:

The EDUCAUSE/Internet Security Task Force provided a briefing to the CSIS Commission on Cyber Security for the 44th Presidency on March 12, 2008, during the event "Improving Cybersecurity: Recommendations from Private Sector Experts". A 1-page summary of the briefing is available, as well as the complete transcript.

The Center for Strategic and International Studies (CSIS) has established a Commission on Cyber Security for the 44th Presidency – the administration that will take office in January 2009.  The goal of the nonpartisan Commission is to develop recommendations for a comprehensive strategy to improve cyber security in federal systems and in critical infrastructure.

The EDUCAUSE/Internet2 Security Task Force has been invited to provide input to the Commission and welcomes your comments in the following areas:

In this EDUCAUSE Live! podcast, join host, Steve Worona, for the topic "What Price Insularity? Reflections About Computer Security Failings". Steve's guest is Fred Schneider, Professor of Computer Science at Cornell University.

Presentation slides for this audio can be found here.

Why is it risky for technologists to ignore the nontechnical context where their systems will be deployed? Furthermore, what is the risk when policymakers ignore the limits and potential of technology? How can we structure dialogue between technologists and policymakers to address what could be termed as "security failings"—to revisit identity theft, electronic voting machines, digital rights management, and network neutrality?

In this free January 4 EDUCAUSE LIVE! seminar, What Price Insularity? Reflections About Computer Security Failings, presenter Fred Schneider, professor of computer science, Cornell University, will consider these and other questions.

The Department of Homeland Security's National Cyber Security Division worked with subject matter experts from government, the private sector, and academia to develop an umbrella framework that establishes a national baseline representing the essential knowledge and skills IT security practitioners must have to perform their jobs. The IT Security EBK builds directly on established work and is not intended to represent a standard, directive, or policy by DHS. Instead, it further clarifies key IT security terms and concepts for well-defined competencies, identifies notional security roles, and defines primary functional perspectives to help advance the IT security training and certification landscape as we strive to ensure that we have the most qualified and appropriately trained IT security workforce possible.

The Department of Homeland Security's National Cyber Security Division worked with subject matter experts from government, the private sector, and academia to develop an umbrella framework that establishes a national baseline representing the essential knowledge and skills IT security practitioners must have to perform their jobs. The IT Security EBK builds directly on established work and is not intended to represent a standard, directive, or policy by DHS. Instead, it further clarifies key IT security terms and concepts for well-defined competencies, identifies notional security roles, and defines primary functional perspectives to help advance the IT security training and certification landscape as we strive to ensure that we have the most qualified and appropriately trained IT security workforce possible.

The Congressional Internet Caucus Advisory Committee's State of the Net Conference will be held on January 30, 2008, in Washington, D.C. The conference offers attendees unparalleled opportunities to network and dialogue on key technology and information policy issues. Attendees include a mix of academics, consumer groups, industry, and government. In 2007, over 50 percent of the attendees were policy staff from Congressional offices and governmental agencies. There is a significant registration discount for non-profit and academic organizations. For more information or to register, go to http://netcaucus.org/conference/2008/

In a hearing before the U.S. House of Representatives Homeland Security Committee Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, subcommittee chair Rep. James R. Langevin (Dem.-RI) said, “I have great apprehension about the current framework DHS is creating with the sector specific plans (SSP’s) as they relate to cybersecurity.”  He continued, “The Federal government and the American people want to ensure there is a high level of cybersecurity protections on our critical infrastructure.

The attached recording provides coverage of a 14 minute interview with BT Counterpane's Bruce Schneier. Listen in as he shares some insightful words about privacy along with interesting commentary about ethics, cybersecurity and blogging. Don't forget the video (or audio) of his session in Seattle too.