There have been recent media reports about how the security services foiled a possible attack on Telehouse Europe which would have caused massive disruption to the UK’s internet infrastructure.

This threat would have fallen under the aegis of the National Infrastructure Security Coordination Centre (NISCC) and the Centre for the Protection of the National Infrastructure (part of MI5) who are charged with protecting the UK’s critical information systems and minimising the risk to the critical national infrastructure. NISCC is an interdepartmental agency and the assets it protects are largely owned by private companies (like Telehouse), many of whom are owned or controlled from outside the UK (giving NISCC a domestic and international remit).

Education is a high-risk sector in this context because of the large amounts of sensitive information and research with direct commercial and military benefit held by HE institutions. Having colleges all linked to the SuperJanet network presents additional vulnerabilities.

Aside from technological vulnerability, universities are increasingly targeted by extremists and criminal organisations beyond the remit of NISCC and its constituent agencies. According to Professor Anthony Glees of Brunel University’s Centre for Intelligence and Security Studies, there are almost 50 UK institutions which have been infiltrated by Islamist groups like Al-Muhajiroun, the Saviour Sect, and Al-Ghurabaa. In the US the situation is different with organised criminal gangs targeting universities as opportunities for large scale identity theft.

The bottom line is that securing networks and data needs to be a higher priority within the whole education community. While we assume that NISCC work closely with the Association of University Chief Security Officers (AUSCO) and the Police Association of Higher Education Liaison Officers (PAHELO) there is little to publicly indicate how these groups are working with the DfES, Home Office and security services.

Perhaps we will know more after the AUSCO’s annual conference, which took place at the University of Exeter this month. Speakers included:

• Professor Anthony Glees
• Richard Flynn, of the National Counter Terrorism Security Office
• Ed Gibson, Microsoft’s Chief Security Advisor
• Lord Mackenzie, former President of the Police Superintendents’ Association and former Chairman of the Peers' Home Affairs Group in the House of Lords

While the DfES has issued guidelines about how to tackle radical activity on campus, these are often ignored by academics and administrators who do not feel politically comfortable reporting the activities of their students to government authorities. Nor do these guidelines say how the DfES plan to measure their implementation. Ironically Dhiren Barot, jailed for 40 years for planning terrorist attacks, used false identification to gain access to various UK research libraries via Brunel University – the same institution where Professor Glees works. When we spoke to Professor Glees, he was not able to discuss this specific case, but agreed that potential terrorists and criminals may find it easier to infiltrate low-profile universities like Brunel where security may be less stringent.

In the US the government has tried to mandate that universities improve their IT security (as they are one of the main targets for identity thieves) but most have not complied, claiming the cost is prohibitive. If this is the case, things are likely to be far worse in the UK.

www.ausco.org.uk
www.nactso.gov.uk
www.niscc.gov.uk
www.telehouse.net