Chronicle Tech Forum: Ohio U. President Talks About Network Breaches and Their Aftermath

By SCOTT CARLSON

Article tools

Printer friendly	E-mail article	Subscribe	Order reprints
	Discuss any Chronicle article in our forums
Latest Headlines Photo Finishes a Presidency, and Illustrates a New Risk Robert A. Paxton's departure from Iowa Central Community College shows the danger for college leaders of being caught in a less-than-exemplary moment. The Chronicle's Almanac, 2008-9 Growing South Atlantic States Face Space Crunch Budget Woes Hinder South Central Colleges Default Lists Lead 2-Year Colleges to Avoid Loan Programs Obama Accepts Nomination, Lists Affordable Tuition Among Goals Video: 'I Support Barack Obama' Campaign U. Blog: Continuing Coverage From Denver Scholars Question the Direction of American Political Studies Scientists Who Cheated Had Inattentive Mentors Struggling New Orleans Colleges Could Face Another Storm

Tampa, Fla.

No one envied Roderick J. McDavis's uncomfortable position. Mr. McDavis, who is president of Ohio University, took the stage to describe how he and his university had responded to a series of network-security breaches that made headlines across the country in 2006.

"I know that the majority of you are saying, I'm glad it's him up there and not me," Mr. McDavis told the crowd at The Chronicle's Technology Forum here on Tuesday.

The Federal Bureau of Investigation contacted the university in late April 2006 to tell administrators that their networks had been hacked. The FBI found out about the breach, Mr. McDavis said, because undercover agents on chat rooms had seen hackers bragging about breaking into Ohio University's systems.

A series of breaches followed, which could have led to the exposure of private alumni data and other records.

Mr. McDavis said Ohio University had had a very decentralized information-technology organization and no permanent fire wall at the time. "We didn't take IT seriously," he said.

With the help of consultants, the university hired a chief information officer, created a plan of action, and established a committee to oversee information-technology issues on the campus. The chief information officer became part of the president's cabinet.

Gartner, the consulting firm hired by the university after the breach, said the university needed $7-million to $10-million to make its information services stable and secure. The university has spent $2-million so far, and plans to spend $8-million over the next few years. Mr. McDavis said the university had to delay a fund-raising campaign a year to focus on the crisis.

Technologists in the audience commended Mr. McDavis for having the courage to come forward and talk about the breaches. But many of them wondered whether it would take a crisis to get university leaders to listen to technologists and devote money to security and training. An article in The Chronicle in 2006 revealed that Ohio University had received several warnings from consultants and others about lax security and disorganized technology before the breaches. (Episodes of the podcast Tech Therapy — like this one and this one — have discussed college presidents' dangerous lack of interest in technology.)

"Technology is something everybody wants, but nobody wants to pay for it," an audience member said.

Mr. McDavis said he had learned to pay attention to technology — and stressed that other college presidents should learn to, as well. Ohio University is always vigilant now, he said. "We never want to get to a point again where we are comfortable."