International Research Universities Launch a Cybersecurity Forum in Singapore

Cybersecurity is a topic with an ever-increasing significance in almost all aspects of our lives and, of course, in higher education institutions. The inaugural International Alliance of Research Universities (IARU) Cybersecurity Forum held last month in Singapore brought together thought leaders and explored best practices and management insights of member universities’ Information Technology (IT) services. In a world of digital disruptions and cybersecurity threats, it was not surprising that ETH Zurich’s peer universities face similar challenges.

IARU offers various forums in order for some of the world’s leading universities to share experiences. Cybersecurity is one of the issues that all universities face. Its challenges often do not end on campus, but spread across personal, organizational, national, and possibly even international boundaries. Cybersecurity presents a truly global challenge.

The IARU Cybersecurity Forum aimed to address these challenges by offering a place for university IT service teams to share their experiences and thoughts on this topic. Stemming from an initiative of National University Singapore (NUS) several IT services managers met on 4 – 5 April 2018. The group included IT representatives from: NUS, Australian National University, University of Cape Town, Peking University, University of Tokyo, University of Copenhagen, and of course ETH Zurich. While representatives from UC Berkley, Yale, Cambridge, and Oxford - members of the IARU network - will also benefit from the outcomes of the Cybersecurity Forum, their representatives were unable to attend.

In our discussions, it quickly became obvious that we all face similar challenges. Phishing scams that solicit users to reveal personal or private information are becoming increasingly more sophisticated. Ransomware – software that blocks access to systems or networks until a sum of money is paid impacts our ability to respond punctually. We concluded that ransomware would likely be a growing issue in the future. Finally, the IT services teams of some of the universities reported instances of “Advanced Persistent Threats” (APT). These are highly sophisticated attacks on a network typically performed by intelligence agencies or global companies. They are designed in such a way as to steal information from an organization without anyone noticing it and, therefore, can remain undetected for a long period of time. IT services from universities who have not noticed an APT most likely have not yet discovered it. All of the forum’s participants believed that this type of threat would be observed more frequently and continue to occur more often.
In addition, all IT colleagues from IARU universities confirm that finding a balance between academic freedom and necessary security controls is a considerable challenge. Whilst awareness for cyber-risks has improved significantly, some researchers still use academic freedom as an excuse for not implementing basic security measures. Luckily, this small minority continues to shrink over time. By far, most faculty members seek support in this matter.
IARU is launching a Cybersecurity Forum led by National University of Singapore.
The inaugural meeting took place at NUS. (photo credit: Cybersecurity Forum 2018)
During my discussions with colleagues’ from all over the world, I also realized that ETH Zurich is in a privileged situation. We are well prepared for current and upcoming cybersecurity risks as we have a dedicated network security group, an IT-security officer, information security officers in all departments and administrative areas, and will soon employ a Chief Information Security Officer. Most other universities plan similar structures and, to some extent, have already taken steps to implement an improved support network. However, not one of the universities has developed a network security plan on the same level as ETH Zurich’s structure, perhaps with the exception of NUS. In my discussions, I also confirmed that we are focusing on the right topics: awareness, 2-factor authentication, smart segmentation, security monitoring of our network, signing and encrypting emails, and other advanced email security capabilities.

All of the forum participants committed to continue to share their experiences and to intensify our collaborations, particularly regarding awareness campaigns, information sharing - in case of new threats and incidents, and in our successes with specific technological measures (e.g. 2-factor authentication, security monitoring of networks and systems). We plan to create virtual workgroups for these topics and to reconvene next year in Cape Town, South Africa and, perhaps, in Zurich for a future meeting.
Overall, I felt that this conference with top tier international research universities was extremely helpful and I am convinced that cybersecurity will continue to be on hot topic for universities.
by Dr. Rui Brandao
The International Alliance of Research Universities (IARU), established in 2006, is a network of 11 international research-intensive universities from 9 countries across the globe. Its members share similar values, a global vision and a commitment to educating future world leaders. Central to these values is the importance of academic diversity and international collaboration as reflected in IARU's principles.
Read More
Dr. Rui Brandao is Director of IT Services at ETH Zurich.