Expert warning on cyber security

UNIVERSITIES must take steps to stop snooping of communication via the Joint Academic Network (Janet)and email, say information technology experts studying electronic security at British universities, writes Alison Utley.

The study has been commissioned by the universities' Joint Information Systems Committee, which says that Janet users rarely consider security even though messages and files can be intercepted.

"This is particularly important when the information passed is of a sensitive or commercial nature," said Malcolm Read, head of JISC.

It is comparatively simple to connect a PC to part of the network and monitor its traffic, he added. Another trick, called spoofing, is to gain illegal access to networks or machines and create false user names. Fake messages can then be sent and files may be altered, copied or deleted.

Universities are increasingly using electronic messaging, heightening the need for better security, Mr Read said. There is concern from those in the commercial as well as academic spheres, because university businesses are heavy users of electronic services. "We are keen to make sure universities have up-to-date disciplinary procedures so that if malpractice is discovered, action can be taken. Much of the law is inadequate."

Electronic security expert John Leach is conducting the study and will report at the end of the year. "People need to be aware that sending information via email is relatively insecure," he said. "It is easy to intercept at a number of points."

His analysis of universities so far has found that while some institutions are very aware of the dangers of security breaches, others are "taking chances".

Paul Cottrell, assistant general secretary of the Association of University Teachers, said he was concerned about the level of understanding of email by academics. "Guidelines are urgently needed," he said. "In many cases people are having computers plonked on their desks with little or no training."