Skip to Content, Navigation, or Footer.
The Daily Cardinal Est. 1892
Monday, November 04, 2024
uw regents.jpg
University of Wisconsin Regent John Miller, chair of the Regents' Audit Committee, speaks during a Feb. 8 committee meeting.

‘This is a very different world’: 4 takeaways from Regents cybersecurity, data infrastructure talks

The University of Wisconsin Board of Regents looked at expansions to cybersecurity insurance, new database projects and third-party data management procedures during Thursday meetings.

The University of Wisconsin Board of Regents looked at expansions to cybersecurity insurance, new database projects and third-party data management procedures during meetings Thursday.

The Board of Regents said cybersecurity is a constant risk for higher education institutions, which host a trove of sensitive and valuable data — student information, employee information, research data and more that make for a lucrative target for hackers. Along with increased risk have come widespread federal and state investments in cybersecurity funding and resources. 

In recent months, critics raised data security concerns toward two publicized data security incidents in the UW System: a third-party National Security Clearinghouse breach in which UW System records and personal information were compromised and a security flaw at UW-Madison which left graduate program letters of recommendation publicly available on search engines.

Here’s what the Board of Regents said about cybersecurity and data privacy Thursday.

Higher education cybersecurity risks are widespread across all institutions

The Board of Regents said there are inherent increased risks for universities in the cybersecurity sector. 

“This is a very different world” than some years prior, Regent Kyle Weatherly told attendees while discussing cybersecurity insurance costs. 

That led to new programs and initiatives across the UW System cybersecurity suite. A fall 2023 pilot partnership with the University of Indiana’s OmniSOC, a shared 24/7 security operation center across multiple state universities, is meant to provide “extended monitoring” for a reduced cost compared to in-house services, according to UW System Chief Information Security Officer Edward Murphy.

The same holds for replacements in “advanced” authentication policy for students and employees, Murphy said, and the rollout of new multi-factor authentication procedures across the UW System.

‘Tighter controls,’ need for expanded incident response

Murphy said the UW System wants to prioritize speed and accessibility in incident response alongside vendor assessment protocols for campus partners.

“When attacks happen after hours — Friday six o’clock seems to be a popular time for them to happen — the less the impact will be if we can know about it and respond,” Murphy said.

Enjoy what you're reading? Get content from The Daily Cardinal delivered to your inbox


uw regents-1.jpg
Edward Murphy, UW System associate vice president & chief information security officer, speaks to the Board of Regents during a February 8 Audit Committee meeting.


Steven Hopper, UW System associate vice president for learning and information technology services, said the system is looking to standardize risk assessment for third-parties across its universities rather than having duplicated risk assessments across multiple campuses.

Part of lessening impact will also depend on more stringent controls for “privileged accounts” — staff members like IT employees who can broadly affect and change technical environments through account permissions. 

“We want to see what we can do to harden those,” Murphy said.

Awareness and training programs assist employees in best cybersecurity practices

The UW System rolled out phishing awareness campaigns to all system employees, Murphy said. Phishing, a practice in which hackers impersonate reputable actors or institutions to gain data access, is a consistent concern across the data security sector, UW-Madison School of Information professor Dorothea Salo told The Daily Cardinal.

“I understand why [the] system insists on doing fake phishing training. I'm just not convinced that's the greatest approach to the problem,” Salo said. 

Murphy said the UW System plans to expand cybersecurity education material distribution through newsletters, websites and email communications. 

Third party data partnerships to grow with new projects on the horizon

The UW System plans to continue growing data analytics partnerships in the future, despite concerns from data security professionals and some students. A large project remains in the works — a $212 million systemwide Administrative Transformation Program (ATP) dedicated to “standardizing finance, human resources and research administration” processes. ATP includes “data analytics and data storage,” according to a March 2023 UW-Madison Academic Staff Executive Committee meeting.

There are two key steps in ATP, the first being a shift to Workday, an enterprise resource planning system with employee and administrator-facing applications. 

The second is implementing the Huron Research Suite, a data analytics suite for business research. Huron is one of two consultants providing consulting for staffing cuts across UW campuses.

The ATP rollout has been marked by delays. Although Workday was planned to launch in July 2024, the current planned date is July 2025, according to a UW-Madison website. Funding reserves from UW-Madison will partially fund ATP, according to meeting materials from an October 2023 Regents meeting. 

Staff members from across the UW System tested Workday software from Jan. 16-18 during a hands-on event in Madison. 

Support your local paper
Donate Today
The Daily Cardinal has been covering the University and Madison community since 1892. Please consider giving today.

Liam Beran

Liam Beran is the former campus news editor for The Daily Cardinal and a third-year English major. He has written in-depth on higher-education issues and covered state news. He is a now a summer LGBTQ+ news fellow with The Nation. Follow him on Twitter at @liampberan.


Powered by SNworks Solutions by The State News
All Content © 2024 The Daily Cardinal