Security procedures, capital project needs detailed at May meeting
Keeping systemwide infrastructure and digital assets secure kept the attention of members of the State Board of Higher Education this month during the governing body’s monthly meeting.
In addition to hearing updates on how the system’s digital security needs were being met, the Board also heard how safety was being addressed through reports from the presidents on their respective campus capital project needs. There was significant improvement reported by assessors, good news overall for the security of the colleges’ and universities’ data systems.
A top priority of the day was to hear the results of a North Dakota University System Vulnerability Assessment and Draft Responses. Don Lefleur, of the State Auditor’s Office, said that this was the second time such an assessment had taken place, the first being for the 2013-2015 biennium. Eric Wallace, of Telecommunications Systems, provided the executive summary of the assessment, which came from his organization conducting “penetration testing” on the university system’s infrastructure. He noted that external vulnerabilities were down 29 percent, but internal vulnerabilities had slightly increased.
“We performed a penetration test – we tried to get access to systems and deface some web pages,” Wallace said. He added that the scope of work included testing all networked devices specified by each campus, scanning for known vulnerabilities and weaknesses in the network, as well as for attached hosts and appliances such as servers or printers.
Wallace listed the methods for the penetration test, including the tools used for the test. He then spoke about assessment findings such as unsupported operating systems, unsupported web servers, systems with well-known vulnerabilities, missing software patches and easily guessed credentials. Brad Miller, NDUS director of information security, listed the remedies for the assessment findings, noting that the largest amount of work was focused on applying patches and regular updates to close security holes.
Miller noted that the decrease in external vulnerabilities had come about due to the implementation of a scanning system. He added that in information technology there would always be vulnerabilities, but Core Technology Services personnel were working to reduce them as quickly as possible. Miller stated that for those systems which couldn’t be updated as easily as a desktop computer, such as specialized lab equipment, further security measures were put in place.
Board member Nick Hacker asked if two-layer authentication would be put into place systemwide at any time. Miller responded that multi-factored authentication was part of the long-term strategy. He said that more than a dozen multi-factored approaches were being tested now throughout the system. Miller added that while NDUS had a 90-day password policy, there were individual data systems throughout the campuses that had different, individualized needs, so not all passwords throughout the 11 public colleges and universities change every three months.
The security assessment presentation closed with recommendations that included user training, deploying Defense-In-Depth strategies, patching and updating systems regularly, and implementing a quarterly social engineering test to track user awareness and response.
Chief of Staff and Vice Chancellor of Information Technology and Institutional Research Lisa Feldner spoke to the Board on another digital application – a learning management system that could have systemwide application. Feldner noted that Blackboard Connect was the likeliest software package to find such widespread use, and was already in place in certain areas.
Learning management systems would enhance the system’s goal of collaboration and shared services by serving as a singular portal for communication, instruction, and as a depository of research and other knowledge.
“We want one unified, single LMS across the NDUS,” Feldner said. “We’re hoping to take some dollars from Predictive Analytics Reporting implementation and perhaps roll those over into this.”
Feldner noted that different funding sources for the project were possible, and that with Board approval she would report back with more details on cost and implementation at a later meeting.
Faculty Advisor Eric Murphy said he’d had conversations about LMS, specifically how it could be useful for a new cybersecurity program – as with other programs that leant themselves to collaborative efforts through shared services, teachers from the University of North Dakota could teach students at North Dakota State University, for example, and vice versa.
“With a unified learning management system, that would be much easier to implement,” Murphy said. “For many faculty it’s a huge part of the instructional strategy.”
Chancellor Mark Hagerott said that a profound theme from the Technology breakout session at the Envision 2030 summit had touched on LMS. Board member Greg Stemen said that implementing LMS could create efficiencies in more than one area and potentially alleviate longer term budget concerns.
“It will be difficult, but that doesn’t mean that it’s wrong,” Stemen said. “We’re charged to operate as a system. I think we need to look at these types of things.”
Board Vice Chair Don Morton agreed, noting that the Board was committed to standardization, and implementation of an LMS like Blackboard would show that.
Staff Advisor Emma Tufte asked when the funding would need to be available. Feldner responded that it would be needed for the next biennium.
Board member Nick Hacker said he felt it was a great time to start talking about it, and that standardizations like that could lend themselves to further standardizations, and savings, later on. Hacker noted that he felt this was one of the subject areas best served by the system itself. Board member Kevin Melicher echoed the sentiment, noting that it was critical to look into these areas, especially with the possibility of decreased budgets and the need for more efficiency. Board member Mike Ness said he felt Blackboard would be great for all campuses and that he hoped it could be implemented soon.
Chief Financial Officer Tammy Dolan provided a list to the Board of the top issues regarding critical, major capital project needs throughout the system’s 11 colleges and universities. Each campus president presented on their respective needs. The detailed priorities from each college and university are as follows:
Williston State College: Stevens Hall renovation with urgent need to upgrade mechanical systems and provide access to mobility impaired students, faculty, and staff.
Lake Region State College – No capital projects were listed as urgent priorities at the time of the meeting.
Dakota College at Bottineau – Nelson Science Center Phase II, which builds on Phase 1 with improved ventilation, replacement of ceiling grids and installation of sprinkler systems, and installation of a back-up boiler for the entire campus.
Bismarck State College – A new Allied Health Center that would serve as a replacement facility providing vital space to house the Dakota Nursing Program and other health care professions. The space formerly used by the DNP is no longer available for the much-needed program.
North Dakota State College of Science – Fargo Expansion project providing access to workforce development and training delivered by NDSCS in the Fargo metro area.
Mayville State University – Old Main renovation Phase 1, providing upgraded heating/cooling, plumbing, and sprinkler systems.
Valley City State University – Construction of the Communication & Fine Art Building which will also remove two existing buildings, one of which is currently within the Sheyenne River flood plain and must be demolished to facilitate flood control within Valley City.
Dickinson State University – May Hall replacement of obsolete mechanical systems which currently do not operate efficiently.
Minot State University – Replacement of windows for the Old Main building and development of a Gross Anatomy lab for cadaveric examinations required by various MSU programs.
University of North Dakota – Central heat plant boiler replacements and classroom upgrades to Merrifield Hall.
North Dakota State University – Replacement of Dunbar Hall to resolve life safety and deferred maintenance liabilities, renovation of Sudro Hall to meet accreditation requirements. Also presented were the construction of a new residence hall, and Phase 1 of the replacement of University Village, both using self-liquidating revenue bonds for financing.
Chancellor Mark Hagerott provided brief remarks on administrative overhauls, being responsive to changing needs through ongoing studies, moving forward with ideas learned at the previous day’s Envision 2030 event, and upcoming presidential evaluations.
The Board also held the first readings of 302.2 (Audit Committee), 802.8 (Internal Audit Charter), and 1202.1 (Information Security), and the second readings of Human Resources Policy 18 (Rest Periods), HR 6 (Annual Leave), and HR 7 (Sick Leave).
The Board held discussion over academic program review, approving organizational changes requested by NDSCS to rename the English and Humanities Department and Performing Arts Department to English, Communications, and Performing Arts Department, one change to rename the College Outreach Division to the Workforce Training Division; and approved a new program – Master of Science in Extension Education – at NDSU. It also approved program terminations at DSU, including Bachelor of Arts in Biology, BA in Chemistry, BA in Computer Science, BA in Mathematics, Minor in Biology Education, Minor in Chemistry Education, Minor in Earth Science Education, Minor in Elementary Science, Bachelor of Science in Education in Choral Music Education, BSE in Instrumental Music Education, and Bachelor of Arts and Bachelor of Science in Writing.
The next Board meeting will be its annual strategic retreat, which will take place June 16 and 17 at the Lewis and Clark Interpretive Center in Washburn.