It was an all-hands effort, but thanks to the Naval Postgraduate School’s Information Technology and Communications Services (ITACS) department, the university has successfully completed network accreditation for its .EDU designation. More than just a domain for its website, a .EDU network is a component to allowing NPS to flourish as an academic institution.
“ITACS at NPS is a role model for support to our academic mission,” said NPS Provost Dr. Douglas A. Hensler. “ITACS’ own stated strategic imperative is to ‘Enable the NPS Mission’. By securing our .EDU designation, ITACS enables all of our students, faculty and staff to execute their specific part of the mission in a protected venue of academic freedom.”
The NPS .EDU website was established more than ten years ago, but this is the first time it has gone through a Navy accreditation. The purpose for this is to maintain appropriate levels of network security are in place, to Navy/DOD standards, while also maintaining usability in an academic environment.
“The network accreditation is an opportunity for us to be transparent with our network,” said Chris Gaucher, ITACS’ Deputy Chief Information Officer for Operations. “We let Navy leadership understand that we are maintaining a secure network that is enhancing our ability to complete our mission.”
In partnership with the Defense Language Institute Foreign Language Center (DLIFLC) and in collaboration with the Navy Operational Designated Approving Authority (ODAA), NPS and DLIFLC were authorized more than a year ago to pursue a joint accreditation by the Navy ODAA. With the recent success of the accreditation, the lessons learned through this process will be applied to future certifications of the Navy’s other similar networks.
“Together with the Naval Academy and War College, we will redefine our cybersecurity concept of operations,” said Joe LoPiccolo, NPS Chief Information Officer and ITACS Executive Director. “That is the next step, to define the ‘how’ and the ‘what’ we do. The practices that we use on a .EDU network, the prescribed methodologies for cybersecurity, how were build systems, how we manage people and processes will all be in this concept of operations.”
Recent developments with the .EDU website have enabled greater accessibility to the growing mobile community.
"Students and faculty can utilize mobile devices like smartphones, tablets and laptops,” said Gaucher. “We don’t issue that kind of equipment to the students, but now they can configure their personal devices to suit their educational needs.”
Prior to the accreditation process, the Navy’s Fleet Cyber Command conducted a cybersecurity inspection (CSI) on the select university networks.
“The Navy came here to inspect us on criteria required of operational military networks,” said LoPiccolo. “We successfully passed the CSI which laid the foundation for ITACS in preparation for the .EDU network accreditation.”
While there is more flexibility in a .EDU network, there are still many of the similarities to the .MIL and .GOV networks students are typically operating in the fleet or field. This gives an additional level of education of trial and error to better prepare students for the challenges of working within the required security controls of an operational military network.
“A .EDU is different than a .MIL,. GOV, or an operational military network,” said Gaucher. “In the field, there is a capable and motivated threat that wants to get into weapons systems, control systems or the many different operational military networks. From a research and educational perspective, we see similar threats but we have to manage the risk very differently. Many of those things that the NPS mission requires of our students, faculty and staff, they would not be able to do on operational military networks.”
As technology, information and online threats continue to grow, the approach of ITACS to online security will continue to change, adapt and anticipate the needs of NPS. The lessons learned from this successful completion of the .EDU accreditation will impact the upcoming accreditation of the other NPS networks.
“The .EDU network was accredited at a point in time when we are truly in a dynamic environment,” said Gaucher. “Although the Navy successfully accredited our .EDU network, the NPS Cybersecurity team must remain ever vigilant to the changing threat environment.”
Gaucher adds that ITACS will continue to maintain the highest standards for security and usability for the NPS networks, but it will always need the support from the NPS students, faculty and staff to be aware of the risks and how they can be a part of maintaining security.
“A defense-in-depth strategy is vital to defense of the network when we are seeing 120,000 to 150,000 probes every day against NPS. Critical to defense-in-depth are our student, faculty, and staff users,” adds LoPiccolo. “I would like to thank them for their prioritization of cybersecurity during the past CSI and this year’s accreditation, and their continued increased awareness of their responsibilities. We in ITACS cannot do it alone without our trusted campus partners.”