Safeguarding UND: on campus and online
Public Safety Office and University IT double down on campus physical safety and cybersecurity
In the early morning hours of Jan. 6, an attempted sexual assault was reported from within UND’s Noren Hall.
Just one day later, a suspect was in custody.
The rapid resolution came from a video that UND Police shared on social media, showing a man leaving a parked car and walking into the hall around the time of the crime.
“One of the reasons we were able to solve that so quickly was because of the video surveillance that we had installed last summer on the outside of those residence facilities,” UND Chief of Police Eric Plummer told the crowd of the Jan. 25 Provost Forum.
Plummer, who serves as associate vice president for public safety, used this example as just one of many reasons why UND is investing time and resources into Safeguarding UND – a strategic partnership between Public Safety and University Information Technology (UIT) to build up UND’s physical and cybersecurity protection systems and enhance public safety.
Plummer was joined by Chief Information Officer Madhavi Marasinghe to roll out the multifold initiative, which will proactively use infrastructure, software, awareness and training to promote a culture of safety and responsibility aligned with UND’s core values and Strategic Plan Goal No. 5 (foster a welcoming, safe and inclusive campus climate).
“We want to view safety as an investment, with the realization that safeguarding UND is a continuous effort, and is everybody’s responsibility here at the University of North Dakota,” Plummer said.
Preventative measures
The focus of Safeguarding UND is split into three areas – preventative measures, detective measures and corrective measures.
One of those preventative measures is the Enterprise Risk Management Committee (ERM), which recently met for the first time. The ERM is a cross-section of University stakeholders that discusses concerns related to the five areas of risk – financial, operational, strategic, compliance and reputational.
Safeguarding UND will continue to market the SafeCampus smartphone app, which includes safety policies, emergency contacts, a “work/study alone” feature for safety check-ins, and other preventative features.
On the IT side, Marasinghe reminded the audience to familiarize themselves with UND’s acceptable use policies, and that all UND computers must have Microsoft endpoint protection installed. DUO multifactor authentication will continue to be used by UND employees to access sensitive information in PeopleSoft.
Marasinghe recalled a Distributed Denial of Service (DDoS) attack on UND.edu last fall that brought down the server for nearly two-and-a-half days. Her team worked fast with Core Technology Services and the state information technology department, and, “within a week of that attack, we were able to install a software on our UND.edu server to mitigate future attacks,” she said.
Cybersecurity education and training for faculty, staff and students will also be a critical piece of Safeguarding UND, especially surrounding phishing attempts.
“This training is something that we already have available. However, it’s currently voluntary through SafeColleges,” Marasinghe said, adding that phishing attempts have become more sophisticated and frequent, making fraudulent email education crucial.
Detective measures
To detect threats before they happen, Public Safety has guided a two-year upgrade of its integrated systems platform that combines electronic door access, video surveillance, and building automation systems (like alarm monitoring).
Next month, UND will help a company test a cutting-edge technology that detects threats entering a building – such as guns, explosive devices and blades – less invasively and more accurately than a typical metal detector.
“We’re the only higher education institution in the world that’s being allowed to test this system,” Plummer said. “We could be a leader in the U.S. in using this emerging technology.”
Marasinghe confirmed online threat detection will continue with regular vulnerability assessments on UND servers, with reports sent to IT directors for follow-up and mitigation.
She also announced that UND recently signed a contract with the non-profit Internet Watch Foundation, an organization that provides a database of identified child sexual abuse websites. “If anybody tries to go to any of these child sexual abuse websites using the UND network, it will block that person from going to that site and alert our information security staff,” Marasinghe explained.
Corrective measures
The University of North Dakota already has an Emergency Operations Plan, which allows UND to respond to, and recover from, any type of disaster or critical incident. But Plummer said it’s now time to better craft a Continuity of Operations Plan across divisions and departments.
His team has been introduced to software that assists in building out that plan, including succession planning and identifying alternate teaching/office locations and critical functions in the event of a disaster.
Marasinghe said UIT will reengage and potentially expand the scope of the Information Security Incident Response Team (ISIRT), which was created in 2007 to address how to respond to data breaches. Although the team fortunately hasn’t had to respond to a breach recently, Marasinghe noted “there are new cyber threats every second, so we need to be prepared.”
Proposed initiatives
The Safeguarding UND train is already rolling, but Plummer and Marasinghe want to lay down even more tracks.
Marasinghe has proposed a yearlong phishing awareness campaign in which, once a month, UIT will send a phishing email to the UND community. If someone clicks on the email, the individual would have to take instant phishing training.
UND may look to follow the lead of other public research institutions in restricting access to peer-to-peer file sharing sites (e.g., BitTorrent) to protect from illegal activity like copyright violations and child sexual abuse image sharing, with an exemption process for justifiable needs. Recommended by the Title IX consultant, UND is also examining the possibility of scanning UND-owned computers for child sexual abuse material. This project, dubbed Clean Slate, will provide a fresh start to securing UND computers from hosting illegal content.
The UIT team also aims to support encrypted wireless capabilities, DUO authentication for students, and encryption of laptops and other devices to safeguard from data loss or stolen equipment.
Public Safety wants to continue to expand its electronic door access system throughout campus housing and upgrade its Emergency Blue Light systems.
Provost Tom DiLorenzo closed the forum by thanking Plummer and Marasinghe for collaboratively and proactively keeping UND safe on the ground and on the web.
“You are wonderful – experts doing really great work,” DiLorenzo said. “There’s nothing more important than safety, and I feel much better because of your activity over the last year.”
