As cybersecurity attacks such as Solarwinds and Silver Sparrow show, cyberattacks on higher education are increasing in sophistication, volume, and intensity. For universities carefully considering how they spend resources in the face of increased costs from the pandemic, what should higher education technology leaders do differently to defend against these cyber threats?

They should work together, because together they can accomplish much more at much lower cost.

That’s why Indiana University and four other Big Ten schools created OmniSOC, the shared cybersecurity operations center for higher education and research. OmniSOC collects cybersecurity data from partners; integrates this data with other threat intelligence; conducts proactive threat hunting; and monitors, triages, and analyzes security events. It watches the watchers and keeps the research flowing.

OmniSOC recently celebrated its third year of operations with a special, three-day virtual event, bringing together not just the founding members, but also inviting in many other cybersecurity and research professionals.

Over 124 higher education and research professionals representing over 90 schools and research organizations attended this event that featured internal discussions with founding and current members, OmniSOC’s lead technology partner Elastic, and content for potential new members and the larger higher education and research community. Attendees were offered a mix of talks, panels, demos, and an OmniSOC "virtual tour."

Perhaps the highlight session, if we can say that without minimizing any of the other great sessions, was presented by those founding CIOs with Kim Milford, executive director of the Research & Education Networks Information Sharing & Analysis Center (REN-ISAC), acting as host. The importance of the panel is clear from the title: "Cybersecurity as we emerge from the pandemic: restoring, evolving, and transforming."

Here are some notable quotes from that panel:

Senior Vice President and Chief Information Officer Michele L. Norin, Rutgers University: We need to rethink what we are doing around cybersecurity. All the things we’ve been doing continue to be important, but we need to reelevate what we are doing. What new things should we be doing? Our partnership with OmniSOC and our sister schools is right on target with that reinvigoration. Having a program like this is right in line with what we should be doing. My ability to invest in [OmniSOC] at a lower level and gain more was a major consideration when we were thinking about building this program.

Vice President for Information Technology and Chief Information Officer Bret Blackman, University of Nebraska: We’ve seen increases in attack vendors and ransomware attacks. The landscape has changed and we in higher education need to respond. Budgets have shifted and the perceived borders of our campuses have changed. For us, OmniSOC is our first line of defense. We can’t do this at scale on our own.

Vice President Information Technology and CIO Sean Reynolds, Northwestern University: When we first spoke about forming the OmniSOC back in 2016, we recognized there was that fundamental shift. Our investment in an incremental way [of doing things] wasn’t going to be able to handle new threats. Information security continues to show dramatic shifts in how we need to respond. When we talk about opportunities for increasing collaboration and think about how we got to where we are today, we would like to do even more.

Vice President for Information Technology and CIO Rob Lowden, Indiana University: As the newcomer among this group of CIOs, knowing I had an asset like the OmniSOC coming in as CIO was just incredible. It’s not lost on me that the events of the last year in higher ed have catapulted us into a strong tactical and operational role in supporting a successful fall semester.

After a welcome with Lowden and IU AVP for Information Security and OmniSOC Executive Director Von Welch, other sessions included:

• “The case for the higher education SOC”
• “Leveraging OmniSOC and existing cybersecurity staff”
• “A SOC supporting scientific research initial lessons and insight from the ResearchSOC experience”
• “OmniSOC infrastructure and threat hunting, how OmniSOC hunts threats”
• “Research opportunities with OmniSOC and ResearchSOC data”
• “Elastic Update new and current features for threat hunting”

The closing remarks feature video with OmniSOC’s newest member, Santa Clara University (SCU).  SCU’s CIO Robert C. Owen, CISO Kristen Dietiker, and Von Welch discuss how smaller colleges can benefit from OmniSOC membership.

The video, “OmniSOC: a cyber security operations center for higher education,” also provides an overview of OmniSOC’s history and capabilities. 

Recorded sessions from the OmniSOC Year 3 Virtual Event, featuring the discussion with the four Big 10 Academic Alliance CIOs, are now available on YouTube.