Cybersecurity

Securing the University

Cybersecurity incidents occur every 11 seconds in the United States, costing consumers more than $1 trillion annually and threatening higher education, government and industry. Texas A&M University must stay vigilant, with over 8,200 wireless access points across campus and over 62,000 devices on the network at any point in time.

Conceptual a large padlock protected by a shield with researchers and developers inside to represent Texas A&M's status as a leader in cybersecurity.

Currently, the Division of IT inspects and blocks hundreds of millions of attacks including sophisticated nation-state led attacks. This provides us with the data and experience to enhance the university’s security posture while discovering solutions to current and future challenges to cyber safety.

Leading the Way

Texas A&M University is poised to become a national leader in cybersecurity and identity and the first choice for security research. We will partner with Texas A&M researchers and research organizations in the realms of security and identity, improve and increase the data- and security-related capabilities for our researchers and scientists, and develop government and higher education partnerships focused on solving security, identity, data and risk management problems.

To this end, several goals have been set for the next five years.

  • Set the bar for effective enterprise security in higher education.
  • Educate and train the future leaders of cybersecurity.
  • Create innovative security data management research programs that benefit the university, state and nation.
  • Work with our faculty and agencies to become a national leader in academic research in cybersecurity and identity, addressing major unsolved technical and policy challenges.

Securing Tomorrow

The current cybersecurity skills gap across the country is a challenge. Educating and training future leaders of cybersecurity is a core component of our mission. The division currently offers an innovative Cybersecurity Apprenticeship Program (CAP), which allows selected students to have hands-on experience in identifying and stopping attacks. Designed to add an additional layer of security monitoring to campus, the long-term goal of CAP is to help position Texas A&M University as the leader in cybersecurity education while also preparing students for the booming cybersecurity industry.

Achievements

a laptop showing examples of External User Warning Tags

Tags Help Detect Suspicious Email

To help fight phishing, the division activated external sender tags across campus email accounts in October. The tags clearly identify messages received from external or suspicious sources.

New Exchange Restrictions Protect Campus

IMAP and POP3 services on Exchange are now restricted to IP addresses within the United States, Qatar and other territories where Texas A&M has campus locations. The day before restrictions were implemented, an attack resulted in over 900,000 failed IMAP logins and 5,000 locked NetID accounts. After the change, only a single user account was locked due to IMAP failure.

Cybersecurity Apprenticeship Program a Success

The Cybersecurity Apprenticeship Program (CAP) accepted 22 new students to work on live, real-world data. Upon graduation, CAP participants leave Texas A&M security certified with years of deep security experience. The National Security Agency (NSA) has recognized the CAP program.

Prepared for the Future

The division hosted a disaster planning meeting with the IT Advisory Committee (ITAC) to discuss lessons learned from COVID-19 and the unprecedented freeze in February 2021. Attendees reviewed hybrid teaching models and discussed additional support needed to mitigate future disasters.

cellphone and Duo authentication portal. This image also highlights the change in how long Duo remembers a user on a device

Duo Updates Strengthen Security

Alert notifications are now sent to campus members when a new device is added to their Duo NetID Two-Factor Authentication account. Duo’s “remember me” function was also reduced to five days. The changes were in response to detected phishing attempts aimed at compromising Duo accounts.

the Football Fever 2021 logo alongside an illustration of Kyle Field and questions in the cybersecurity game

Football Fever Secures the Win

Over 11,000 campus members took to the digital field during the “Football Fever: Secure the Win” cybersecurity campaign in October. The annual event, which coincides with Cybersecurity Awareness Month, tested the security acumen of campus members.

SPF Prevents Envelope Spoofing

The Sender Policy Framework (SPF) authentication method now prevents @tamu.edu email envelopes from being spoofed.

DMARC Email Protocol Enacted

The Domain-based Message Authentication, Reporting and Conformance (DMARC) email protocol was enabled for inbound messages to prevent external domains from being spoofed when sending email to Texas A&M recipients. Once the protocol is fully implemented in early 2022, Texas A&M will be the first university to activate this valuable security feature.

Change to SMTP AUTH Improves Protection

SMTP AUTH now requires approval since it cannot use multi-factor authentication. Campus members already using the service do not require approval to continue using it.

Detecting Sensitive Data Across Campus

The number of endpoints being scanned for PII and other sensitive data with the Spirion Sensitive Data Manager has increased and is now over 12,500 devices.

Firewall Openings Reduced

To reduce the attack surface at the campus border, firewall openings unused for 365 consecutive days are removed. The number of openings has been reduced by about 20%.

Maximizing Value

Contract Streamlining Saves Money for System, Division

The Texas A&M University System and the Division of IT are saving $120,000 over three years after renegotiating the Cisco Duo Two-Factor Authentication contract. The System and division are working to streamline additional contract management for shared System-wide IT services.

Automated SSL Certificate Requests Save Time

The Automated Certificate Management Environment (ACME) service for SSL certificate requests rolled out. This opt-in service provides campus members a means to automate and streamline the application of SSL certificates to production environments. Use of this service avoids manual approval and submittal processes resulting in considerable human resource savings and eliminating delays.

Cybersecurity Alert Templates Save Time, Increase Communication

The division developed a set of standardized email templates to communicate cybersecurity threats to campus members, along with a process to quickly create additional templates as new scenarios arise. Not only will these templates save critical minutes during a cyber attack, but they ensure clear communication to campus on actions needed.

Partner Success

Mays Helps Campus Locate PII

Mays Business School helped create a best practices document to assist campus members use of the Spirion Data Loss Prevention (DLP) platform. DLP scans over 7.8 billion files monthly to detect Personally Identifiable Information (PII) such as social security numbers, bank account information and credit card details.

System and Division Increase Sharing of Intelligence Data

The Texas A&M University System and the Division of IT are streamlining the process for sharing cyber threat intelligence data. The System Operations Center further streamlined the process by adding the Flashpoint Intelligence Platform to the existing analysis capabilities and Texas A&M’s Filex service to discover users with compromised credentials.

Go to next section:
Cloud Technologies