As digital technology facilitates easier collaboration between researchers and institutions, there is increasing interest in disrupting these information flows in the form of cyberattacks
Universities should collaborate internally between departments and externally with other institutions to identify best practice for mitigating cybersecurity threats without compromising privacy, according to experts.
A panel at THE Cybersecurity UK 2022, hosted in partnership with Elsevier, discussed how to combat cybersecurity threats across the research ecosystem.
Moderator Pascal Hetzscholdt, senior director of content at Wiley, said that the Covid-19 pandemic had brought a “digital transformation”, which may be one reason the higher education sector was seeing an increase in cyberattacks. He asked the panellists to elaborate on the unique complexities of the tertiary education ecosystem.
Jos Westerbeke, library IT specialist and IT demand manager at Erasmus University Rotterdam, said successful research collaboration within and between institutions required efficient access to resources.
“Universities are connected to each other but also researchers work together across different institutions and use all kinds of authentication to access the resources,” Westerbeke said. “Libraries use many of these kinds of resources and platforms to provide scholarly information, like journals and ebooks, for example. So, there are a lot of things to do when it comes to security and privacy.”
Daniel Ayala, managing partner at Secratic, a strategic information security and privacy consultancy, said universities were “open environments” that encourage collaboration, but also large organisations with diverse departments.
“When it comes to securing things, the approaches are often different by part of the university. The approaches to doing it, the collaboration across institution means you can't necessarily take a single answer and apply it to everybody,” he said. “It’s basically a city. You’ve got everything from hospitals and police departments to teaching and research. And that requires a lot of expertise across a lot of different areas.”
Westerbeke is co-founder of FIM4L, a federated identity management for libraries. Federated identity management allows users to access different applications and resources using the same digital identity. However, he said, a challenge for libraries was balancing safe and efficient access to resources with privacy.
“Better security could provide better privacy. But as a library we are concerned about privacy issues,” he said. “It’s not always that better security provides better privacy. So that’s a bit difficult for us.”
Ayala, who has worked as chief information security officer for both a large research university and a content company that supplies libraries, said relationships between IT professionals and the rest of the institution were crucial.
“Starting at home, inside the institution and building a strong relationship is really imperative,” he said. “Spending time and focus on the relationships between security and the rest of the university. There’s no single way to paint that approach, but it’s about investing the time in the relationships and understanding what they all do.
“We’ve made significant inroads as a security profession to move away from being the people that just say no to things. And reminding or making sure that people across campus understand that it’s about how do we gateway to be able to do the things you need to do to achieve the mission of the university.”
Hetzscholdt asked if universities should be labelled “critical infrastructure”, with access to additional funding and protection.
“Categorically, absolutely yes,” Ayala replied. “Watching the research community through Covid really demonstrated the importance of the research that’s happening in universities. The importance of that science to the community really does mean that it’s critical infrastructure.”
The panel:
- Daniel Ayala, managing partner at Secratic
- Pascal Hetzscholdt, senior director of content, Wiley (chair)
- Jos Westerbeke, library IT specialist and IT demand manager, Erasmus University Rotterdam
Watch the session on demand above or on the THE Connect YouTube channel.
Find out more about Elsevier.