On January 9, 2020, the US Department of Education (DoE) invited a group of distance education universities to Washington DC to discuss cybersecurity policy. EC-Council University (ECCU) took part in the Cyber Security Stakeholders Meeting along with Walden University, Purdue Global University, University of Maryland University College, and Columbia Pacific University.
The US Department of Education’s representatives included various program and policy heads along with legal representatives, their CISO, and CIO. ECCU Vice President David Oxenhandler attended the meeting on behalf of the University.
The Department of Education in the United States handles the portfolio of student loans, which is more than a trillion dollars in size, along with billions of dollars of financial aid every year. Information including tax and financial data, social security numbers, and demographic details of millions of students and thousands of schools is all handled by the DOE.
With the number of cyberattacks on the rise, it was important for the Department to address cybersecurity and how it is keeping all the sensitive data is handles secure. The DOE is also interested in ensuring that all schools and universities maintain a comprehensive security program to safeguard their students’ information as well.
While the DOE follows and enforces cybersecurity policies, its engagement with the schools can pose complicated potential cybersecurity threats. DOE’s policies must account for the differences in the systems of all the schools and universities they deal with. As cybersecurity professionals know, dealing with the security of third-parties can be the most challenging aspect of a security program.
Through these meetings, the DOE is looking for the best way to create and implement a standard, one that is more rigorous than the existing FISMA or GLBA standards that are being used today. The most candid response in the meeting came from schools that already have stringent security efforts in place as compared to smaller schools. The biggest take away from the meeting was one of caution from a group of delegates that this may take both time and investment.