Previous Chronicle Tech Forum: 'Where Did I Leave That Student Data?' |
Next Chronicle Tech Forum: Colleges' Experiences With Emergency-Notification Systems |
February 26, 2008, 12:56 PM ET
Chronicle Tech Forum: Ohio U. President Talks About Network Breaches and Their Aftermath
Tampa, Fla. — No one envied Roderick J. McDavis’s uncomfortable position. Mr. McDavis got on stage to describe how he and his university had responded to a series of network-security breaches, which made headlines across the country in 2006.
“I know that the majority of you are saying I’m glad it’s him up there and not me,” Mr. McDavis told the crowd at The Chronicle’s Technology Forum today.
The Federal Bureau of Investigation contacted the university in late April 2006 to tell administrators that their networks had been hacked. The FBI found out about the breach, Mr. McDavis said, because undercover agents on chat rooms had seen hackers bragging about breaking into Ohio University’s systems.
A series of breaches followed, which could have led to exposure of thousands of private alumni data and other records. Mr. McDavis said that Ohio University had a very decentralized IT organization and no permanent fire wall.
“We didn’t take IT seriously,” Mr. McDavis said.
With the help of consultants, the university responded by hiring a chief information officer, creating a plan of action, and establishing a committee to oversee IT on the campus. The CIO became part of the president’s cabinet.
Gartner, the consulting firm hired by the university after the breach, said that the university needed $7-million to $10-million to make the IT services at the institution stable and secure. The university has spent $2-million so far, and will spend $8-million over the next few years. Mr. McDavis said the university has had to delay a fund-raising campaign a year to focus on the crisis.
Technologists in the audience commended Mr. McDavis for having the courage to come forward and talk about the breaches. But many of them wondered whether university leadership would listen to technologists and devote money to security and training only after a crisis. An article in The Chronicle in 2006 revealed that Ohio University had received several warnings from consultants and others about lax security and disorganized technology before the breaches. (Episodes of the podcast Tech Therapy — like this one and this one — have discussed college presidents’ dangerous lack of interest in technology.)
“Technology is something everybody wants but nobody wants to pay for it,” an audience member said.
Mr. McDavis said he has learned to pay attention to technology — and stressed that other college presidents should learn to, as well. The university is always vigilant now, he said. “We never want to get to a point again where we are comfortable.” —Scott Carlson
Categories: TechForum2008, Leadership
Add Your Comment
Commenting is closed.