November 3, 2010

After 2009 SSN Snafu, Cornell Ups I.T. Security Measures

Print More

At the request of President David Skorton, Cornell Information Technologies has developed and introduced a program to clear the University’s computers of the unsecure personal information of students, faculty, and administrators, and ensure that any information retained is secure.  Several subunits of the University have already begun cleaning their computer systems, a process that will be completed in six to nine months, according to Tom Young, interim director of I.T. Security.“A large portion of campus is already there,” Young said, when asked when the process should be finished.  “While we’re rolling out this program now, campus for a long time has known that it’s the right thing to do.”In June of 2009, a laptop containing the unencrypted private information of 22,546 students — 10,597 of whom were alumni — and 22,731 faculty and staff members was stolen from a member of University technical staff.  It has not been found, and the incident raised fears of identity theft.“That incident revived everybody’s sensitivities, but [the program] is far from something that hadn’t been discussed with the leadership of the University beforehand,” Young said.Steve Schuster, interim executive director of CIT, emphasized that CIT “will require every single employee at the institution to attest that they have looked at the data on their computer” to check for unsecure private information. Schuster says that “confidential” numbers include social security, credit card, drivers license and bank numbers.The program is organized for easy communication, with responsibility passed from unit heads like deans and top administrators to specially appointed officials who handle IT security.  Dan Elswit, IT security liason for CALS, emphasized that employees who are asked by their unit heads to check for unsecured information will take initiative to install the software themselves.“We are not here to enforce,” he said, but rather to encourage and direct employees who follow through with the project.Because the University is home to “tens of thousands of computers,” Elswit said, it is important that each unit pass down instructions to employees.All of the administrators interviewed for this article said they had tested the software themselves and found it to be extremely user-friendly.While three different types of software are available to University employees to search their machines, Identityfinder, a commercial software program for Windows and Mac, is the newest addition to the package. Spider, which was developed at Cornell, has been updated for newer Windows, but not for Mac machines, according to Young.  The third  is Find_SSN, a program developed by programmers at Virginia Tech.“Each of them has types of information that it’s better at finding, or types of files that is better at searching,” Young said.  He explained that it can be best to use both programs to do a thorough job scanning a computer.

Original Author: Maggie Henry