"This focuses on time," he said. "It reduces the time from first awareness of a vulnerability anywhere to mitigation everywhere among members."
OmniSOC, as it's known, is a security operations center housed at IU. Each of the founding members — IU, Purdue University, Northwestern University, the University of Nebraska and Rutgers University — has its own campus security operations center. The OmniSOC provides those campus centers with real-time monitoring and threat detection services 24 hours a day, 365 days a year. Through machine learning and human assessment, the center will analyze each threat to determine how members should respond. This is the latest evolution in cyber security.
In response to the Sept. 11, 2001, terrorist attacks, the 9/11 Commission recommended increased information sharing among various sectors, such as food, energy and transportation. The Research and Education Network Information Sharing and Analysis Center, or REN-ISAC, was formed in 2003 for the higher education sector. It's housed at IU and counts nearly 600 colleges and universities from all over the world among its members. This model worked well, until recently.
"What changed is all that needs to go much faster," Wheeler said.
The analysis center was built to move at human speed. If there was a security incident at one institution, someone there would write a report and send it to the analysis center, where someone else would determine if a message should be sent to other members.
While humans work at the OmniSOC, the center uses automation to share information about threats the moment they're detected. This is possible through trust agreements between similar-sized universities.
Organizations are often reluctant to share information about a cyber breach, especially with competitors.
"Institutions want to get their story completely confirmed before they're willing to tell others," Wheeler said. "In that amount of time, other institutions are at risk as well."
OmniSOC members have agreed to share information about emerging incidents as they happen. They will also share mitigation strategies. This wouldn't work with all the analysis center members, Wheeler said. They face different types of threats, and some can't respond the same way large universities such as IU can.
The OmniSOC is self-funded through member subscriptions that cost about $200,000 a year. Wheeler said that's a great value, because it's equivalent to hiring a senior cyber security engineer, but the center can provide services beyond what any one person could offer. He thinks this pooling of resources among similar organizations could serve as a model for sectors of the economy that don't have the money for substantial investments in cyber security, such as schools at the primary and secondary levels or small municipal governments.
©2018 the Herald-Times (Bloomington, Ind.) Distributed by Tribune Content Agency, LLC.