From the CIO
Mandatory Duo Authentication Provides Second Layer of Data Protection
Two is better than one. That’s why NetID Two-Factor Authentication (2FA) is a key component to the division’s plan of securing campus IT infrastructure and protecting the campus community’s personal information and data.
NetIDs are a crucial part of the Texas A&M experience, empowering systems across campus and protecting personal information and data. Over FY19, the Division of IT and IT staff across campus worked together to implement two-factor authentication for all accounts to enhance security and comply with Texas A&M System Regulation 29.01.03. Over 100,000 students, parents, employees, affiliates and former students are protected by Texas A&M’s two-factor authentication, with monthly authentications reaching over 1.3 million in August 2019.
“With Texas A&M’s growing network of students, employees and affiliates, mandatory two-factor authentication required one of the largest 2FA enrollments in the country,” said Dee Childs, Vice President for Information Technology and CIO at Texas A&M University. “Everyone in the Division of IT was committed to making this process as painless as possible by using iterative enrollment deadlines for different groups throughout the year.”
Iterative enrollment also allowed the Division of IT to reduce technical issues and ensure there were enough support staff available to aid campus members in the enrollment process. Additionally, the Division of IT worked directly with college IT directors to assist with onboarding faculty and staff.
To raise awareness and ease the enrollment process, the Division of IT created a communication campaign, “Two is Better than One.” Targeted communications were sent to each enrollment group before their respective deadlines. The rolling communication campaign and collaborative efforts from IT units across campus encouraged each group to sign up for Duo before their respective deadlines.
"With Texas A&M’s growing network of students, employees and affiliates, mandatory two-factor authentication required one of the largest 2FA enrollments in the country."
The goal — to get as many people to enroll as possible before respective deadlines — was successful thanks to a collaborative effort from IT units across campus.
To learn more about Duo two-factor authentication, visit duo.tamu.edu.
Student Cybersecurity Employee Discovers Unknown Vulnerability
Students working together to locate and disable vulnerabilities to keep Texas A&M University safe. That’s how Principal Security Operations Engineer Chris Wiley describes the division’s Cybersecurity Apprenticeship Program (CAP).
Created in 2018, CAP was designed to add an additional layer of security monitoring to campus while preparing students for the booming cybersecurity industry — which currently has a shortage of approximately three million professionals. The long-term goal of the program is to help position Texas A&M University as the leader in cybersecurity education.
The initial group of 10 students was chosen from over 100 applicants in a technology discipline who possess an understanding in networking, application protocols and programming languages. Candidates went through a rigorous interview process and took a comprehensive technical test. The top applicants were selected for the paid student employee positions.
"Through their work and in the classroom, we’re teaching them how to actually be proactive security investigators."
“CAP is very innovative in that the students are working on live, real-world data,” Wiley said. “The students are seeing signals and data crossing every country, since there are scholars on campus from different universities around the world. In a typical school setting, the students would be working on pre-canned, vanilla case material.”
Wiley explained that real-world data makes each day challenging for the students and compared the job to an emergency room doctor who treats hundreds of various health issues daily. The program’s extensive training has caught the attention of several corporate sponsors, including EY (formerly Ernst & Young), FireEye Mandiant and Extra Hop. Wiley noted these companies as leaders in the security industry that mutually promote the program, helping Texas A&M become known as a leader in cybersecurity education for the industry.
“We are giving the students access to all of the material so they can study on their own for the various certifications,” he explained. “Through their work and in the classroom, we’re teaching them how to actually be proactive security investigators. We want them to find the vulnerabilities and problems before the alert sounds, because alerts only tell you what was learned yesterday.”
First-year CAP students perform security event triage which grows into the second year of signal analysis, a practice that hearkens back to the early days of signal analysis in the Army Signal Corps. The big difference, Wiley says, is that “we’re not listening to radio waves, we are looking for the bits – the ones and zeros in certain patterns.”
While performing regular signal analysis over the past year, one of the CAP students noticed unusual signal behavior, researched it, and discovered malware being distributed through legitimate apps that would activate the device’s microphone so the malware could track the user through voice and other data. This allowed Texas A&M to track the malware and stop it before it spread across the university.
Upon discovery, the team sent an alert to infected individuals informing them of the malware and giving instructions for removal. They also communicated the find campus-wide so others could avoid the malicious app.
The incident also tested the bona fides of CAP, since the student detected a zero-day vulnerability, meaning it was a security hole unknown to software vendors and antivirus firms.
“This student had only been in our program for seven months and discovered zero day,” he said. “That’s huge because cybersecurity pros typically have to work 10 or 20 years before they can find zero day.”
CAP is a unique opportunity that allows participants to learn in boot camp style classes while working on real world problems with real world security systems and tools that most will go years in the industry before being given the same opportunities. Upon graduation, CAP students will leave Texas A&M University with their degree, security certified, and years of deep security experience that will allow them entry into the security industry.
Campaign Urges Campus Community to Report Suspicious Emails
Texas A&M is not immune to phishing scams, which is the use of email claiming to be a trustworthy entity to trick users into revealing credit card or other personal information. Since such scams can wreak a great deal of havoc in a short period of time, timely reporting of such messages is critical.
To ensure reporting has harmony, or more than one voice, the division launched a “See a Fake” campaign encouraging the campus community to report suspicious emails to Help Desk Central (HDC). The campaign featured Aggie icons such as Reveille and humorous headlines like, “Hounded by email scams? Report phishing. Keep Aggieland safe!”
The campaign utilized email, social media posts, digital signage across campus and physical signage in seven Open Access Labs (computer labs).
Prior to the campaign, Help Desk Central had 19 tickets open regarding suspected malicious email. In the 30 day period of the campaign, HDC had 123 tickets reporting possible phishing attempts.
Chronicle of Higher Ed Features Security Efforts
Cybersecurity is a team effort, especially when protecting research and private information for a campus as large as Texas A&M University.
The Division of IT was recognized for its efforts with three awards and inclusion in a special guide from the Chronicle of Higher Education entitled, “A Campus Culture of Cybersecurity: How to teach your faculty, students and staff to be more secure.”
"It’s an honor for Texas A&M to be included in the Chronicle of Higher Education guide and to have our cybersecurity efforts recognized."
The guide highlights the “innovative and comprehensive ways” Texas A&M, Harvard University and the Rochester Institute of Technology “educate and motivate people about good security practices.”
The division’s annual online cybersecurity games, released in recognition of National Cybersecurity Awareness Month each October, are highlighted in the report. Throughout the year, the division also releases other communications campaigns “that use innovative visual presentation and graphics to make the messaging fun” and raise awareness.
“It’s an honor for Texas A&M to be included in the Chronicle of Higher Education guide and to have our cybersecurity efforts recognized,” said Dee Childs, Vice President for IT and Chief Information Officer. “Universities are prime targets for cyberattacks, so it is imperative that we continually educate the campus community on the importance of good security practices.”
The 2018 campaign, Aggie LIFE, also won a Best of Texas award for Innovation in Gamification from the Center for Digital Government. Aggie LIFE was also named “Best Computing Services Website” and honored for “Best General Service Promo Materials” from the national Special Interest Group on University and College Computing Services (SIGUCCS). The campaign was also mentioned in the Texas Department of Information Resources 2020-24 State Strategic Plan for Information Resources Management.