State security breach brings technology issue to forefront
USC is no stranger to attacks from hackers.
Earlier this year, a breach of the College of Education’s server exposed the information of up to 34,000 students, faculty and staff. The university’s computer systems are nearly always under an attack of some sort, said Marcos Vieyra, the chief information security
officer.
“If you have a system exposed to the Internet, it’s going to be under constant attack,” Vieyra said.
It’s an issue that’s come to the fore in South Carolina in recent days, after the stateDepartment of Revenue announced last weekthat the Social Security numbers of 3.6 million taxpayers and 387,000 credit and debit card numbers were stolen by hackers. None of the Social Security numbers were encrypted, and all but 16,000 of the card numbers were.
At USC and its regional campuses, a number of encrypt ion types have been used, but the university hasn’t implemented uniform standards, according to Vieyra. His office is working with the Data Administration Advisory Committee to formulate them. A key emphasis in the coming months and years will be on creating a uniform set of security policies and training programs, he said.
USC is in the early stages of kicking off Secure Carolina, a multi-year project that willtry to do that and to make sure the staff in its various IT department are on the same page. The differences acros s departments and campuses arise from the university’s decentralized technology staff. About half of its IT employees don’t work for the central University Technology Services, Vieyra said; they’ve been hired by USC’s various offices and colleges to work in-house.
“We have dozens and dozens and dozens of different IT managers across the university responsible for a variety of systems,” he said. Still, USC has implemented a variety off irewalls, ant ivirus software and hacking detection systems, Vieyra said.
It also has a dedicated security team of five employees for its eight campuses, and with them, Vieyra thinks “USC is probably ahead of the curve.”
Clemson University, which has an enrollment about a third of the size of the USC system’s, has a similar team of three, according to Kevin McKenzie, its chief informat ion security officer. Louisiana State University, which has a system about a fifth larger than USC’s ,
currently has a team of five but usually employs eight , according to John Borne, LSU's IT security and policy officer.
But with an onslaught of attacks, Vieyra said, there’s only so much those staffs can do. “The odds are stacked against them,” Vieyra said.
Universites are a prime target for attacks, Vieyra said, because they’ve got fast networks that connect hundreds of computers; they have too many potential holes for any staff to plug them all. Plus, he added, they usually have proprietary research data that ’s often valuable and even defense-related, which spurs state-sponsored hacking.
“It’s easy pickings in that sense,” Vieyra said.