Prepared
Cyber Security Integration (CSI) Keeps Texas A&M Safe During Pandemic
When the pandemic began, network attacks against Texas A&M University initially plummeted. But, as the crisis continued, attacks increased to almost 10 times pre-lockdown levels as attackers anticipated servers and devices would be difficult to patch and update remotely. Fortunately, the Cyber Security Integration (CSI) tool, a custom tool developed by the Division of IT, made the heightened threat level manageable.
The success of the application was highlighted in a 2020 Educause presentation, "Cyber Security Integration: Automating Toward End-User-Driven Security," led by security team members Kristen Kubenka and Gil Munoz.
The CSI interface automates security screening processes and allows existing tools to work together. The tool greatly exceeded expectations and now puts security information "at the fingertips" of IT professionals across campus.
CSI helped the security team close 97 percent of campus vulnerabilities by January 2020 - before the pandemic began. After initially plummeting, the risks increased dramatically and CSI identified the most vulnerable systems so concerns could be quickly addressed and alleviated.
Munoz helped develop the tool and shares how it helps information flow effectively between security systems.
" As a result (of CSI) we have seen a major improvement in our security and risk posture across campus."
"As we developed CSI, it went from being a small web application to a collection of applications and utilities with a powerful library that talks to the systems that have all the information regarding the security of our network," he explains.
IT admins can log into the web application to generate scans, review results, request firewall openings and closures, and see possible vulnerabilities. The security team also uses CSI to generate a list of systems with critical vulnerabilities so system administrators can be contacted.
"CSI has set up clear lines of communication between our security systems," says Munoz. "We turn this data into actionable information and make it available to system administrators to act on. As a result we have seen a major improvement in our security and risk posture across campus."
Platforms Offer Innovation, Cloud Resource Management
Texas A&M is a world-class research university, conducting over $900 million of research in 2019. Although the pandemic posed some obstacles for researchers, Texas A&M was ready to meet the challenge with the Secure Technologies for Aggie Researchers (STAR) and Aggie Innovation Platform (AIP), designed to harness the full potential of cloud-based resources.
Texas A&M Health IT designed STAR as a research-focused platform offering robust security for controlled, confidential or restricted data, flexible payment options, and scalable storage. STAR significantly accelerates the time to initiate formal research activities and opened for pilot testing in July with 43 participants from around the university. STAR is scheduled for university-wide, general availability this spring.
STAR shined when Health IT was charged with creating a COVID dashboard for campus. The platform coordinated data from various sources, including self reporting through Research Electronic Data Capture (REDCap) databases and other inputs. The dashboard was essential in giving university leadership real-time data that allowed students and employees to return to campus safely.
" AIP is less about getting people to the cloud and more about doing things in an innovative way to prepare us for the future."
"STAR's secure, cloud-based platform enabled us to deploy the dashboard much faster than before," said Dr. Joshua Kissee, Director of Research, Academic & Health IT Services. "Thanks to AWS (Amazon Web Services), which STAR utilizes, our code continuously pulls in current data."
The Division of IT is currently developing the Aggie Innovation Platform (AIP) that will provide expertise, a quickly executable framework and a secure, scalable infrastructure enabling the university to effectively and efficiently build and deliver services in the cloud.
"AIP is less about getting people to the cloud and more about doing things in an innovative way to prepare us for the future," says William Deigaard, Associate Vice President of Enterprise Platforms, Cloud and Shared Services. "We spend a great deal of time working on ways to automate the cloud, it's all about efficiency. We believe AIP will revolutionize the practice of IT on campus."
To find the correct cloud services that meet specific requirements, campus members can use the new Data Classification and Research Resource tools.
Assistant CIO Program Increases Communications, Transparency
Texas A&M's Assistant Chief Information Officer (ACIO) program has not only increased IT communications across the university, but strengthened the pandemic response of participating colleges and divisions. The success of the program was highlighted in a 2020 EDUCAUSE conference breakout session.
Dee Childs, Vice President and CIO for Texas A&M University, established the program after a peer review for the College of Veterinary Medicine & Biomedical Sciences (CVM) prompted the dean to ask how the units could collaborate more.
"I had the idea of assembling a group of people who reported to their college, business or research unit while simultaneously reporting to the Division of IT," Childs explained. "I believed we could improve engagement, communication and transparency while increasing the trust between the division and participating units."
The initial partnership with Dr. Eleanor M. Green, dean of the CVM and Dr. Jorge A. Vanegas, dean of the College of Architecture, added Kris Guye and Chrissie Cordray as inaugural members of the program. Darvis Griffin joined the program in 2020 from the Division of Student Affairs. Childs and all three ACIOs highlighted the program in the EDUCAUSE session.
" As ACIOs, we work to ensure IT strategies and initiatives are not only in line with the mission of the university, but also meet the unique needs of the departments and colleges we serve."
"When the pandemic began, the College of Architecture used a specialized application to stream virtual desktops and apps to browsers so our students and faculty could work from home," Cordray stated. "The Division of IT helped set up the shibboleth integration, which allowed the College of Architecture students to log into the service with their NetIDs."
Guye agreed that increased communication allowed a quick response at the onset of the pandemic, as the Division of IT helped CVM establish a full-service outdoor network to check-in animals in less than six hours.
Griffin said he is proud to be a part of the program, since it allows him to be the formal liaison between the Division of Student Affairs and the Division of IT.
"As ACIOs, we work to ensure IT strategies and initiatives are not only in line with the mission of the university, but also meet the unique needs of the departments and colleges we serve," Griffin observed. "I truly believe the ACIO program is already a success at Texas A&M."
Due to its early success, the program continues to grow. In January 2021, Chris Court from the Bush School of Government and Dr. Joshua Kissee of Texas A&M Health joined the ranks of ACIOs.
Data Classification Tool Helps Researchers Protect Data, Find Secure Technology
As research and other key university functions become more reliant on the cloud, security and data regulations are a major concern. Fortunately, when the pandemic began, the Division of Information Technology was developing unique tools to more easily classify data and quickly determine data management - the Data Classification Tool.
" These tools will allow not just principal investigators, but the entire workflow chain, to manage and maintain the data in a much more progressive manner."
The innovative tool is now live and being demonstrated to groups of researchers across campus to rave reviews.
The Data Classification Tool poses a series of straightforward yes/no questions to help users determine the appropriate classification of their data. Once the data is properly identified, researchers are able to view a list of available technologies that meet the compliance standards of their data. This tool allows users to view available technology platforms that will appropriately protect the data while fulfilling specific research needs.
Texas A&M Privacy Director John Pryde says the tools will benefit the entire A&M research structure and the university's reputation.
"These tools will allow not just PIs (principal investigators), but the entire workflow chain, to manage and maintain the data in a much more progressive manner." He points out, "Our ability to use these tools for documenting data classification ensures we are meeting the operational requirements that apply to this data by law."
Associate Director for IT Risk, Policy and Data Management Adam Mikeal had the idea for the tools while working with campus IT pros on various policy changes. Another important tool developed at the same time is the Impact Calculator, which helps determine the impact on the security of a college or division that would result from loss, damage, or the inability to access information resources.
"I saw how the requirements of the controls catalog are difficult to visualize," Mikeal said. "I thought a set of calculators that guide a user through a series of questions in a 'wizard-like' model would help the campus better understand things like data classification or IT impact level."
"My initial expectation was that the typical user of the calculators would be IT professionals as they went about their duties, especially annual risk assessment requirements," he continued. "While this is clearly a common use case, other audiences like faculty and researchers have emerged as an important constituency."
Mikeal says modifications and improvements will continue to be made to the tools as the user base increases, while the same yes/no approach of the Data Classification Tool and Impact Calculator will be used for other problem spaces.
Pryde says the dynamic nature of the tools will make them indispensable to the university.
"What makes these tools even better is they can be adjusted as feedback is given or as technology and laws change," Pryde says. "Also, we will have a historical, documented analysis of the data. Even if we were incorrect in the classification, this will help with reviews and outside audits."
* Special recognition goes to the following for their work on the tools: Lon Berquist, Daniel Janecek, Joe Mancha, Dion McInnis, Xavier Porter and David Sustaita.
Division of IT Responds to SolarWinds Hack
Just as the effects of the pandemic continued beyond the 2020 fiscal year, so did security concerns.
In the early morning hours of December 13, America's Cyber & Infrastructure Security Agency (CISA) issued an emergency directive calling for federal civilian agencies to power down servers running SolarWinds Orion products. The tech company's system had been compromised by hackers and was inserting malicious code into software updates, affecting governmental departments such as the US Treasury, and Homeland Security. The breach also hit a number of big tech companies, including Cisco, Intel and VMware.
Fortunately, one Division of IT employee saw the warning in the middle of the night and immediately reached out to his supervisor. To quickly mitigate the security risk, the Division of IT shut down four servers. After a thorough forensics search of Texas A&M's IT infrastructure, the division learned its installations were not affected. Two new servers were built from scratch using the latest version of SolarWinds deemed safe by the CISA.
"Systems administrators Gregory Jones, Robert Cooper, Christopher Thompson and the rest of our team jumped on this immediately and didn't take any chances," said Zac Sanders, associate director of systems engineering. "Their quick and proactive actions ensured the university's data was not compromised."