search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Analysis and news


How should we address cyber security? You could do worse than to follow the advice of an iconic 90s rapper, writes Susie Winter


The Scholarly Networks Security Initiative (SNSI) brought together an expert panel at this year’s STM Spring Conference to discuss the threat that cyber crime is posing to universities and research institutions, individuals and the wider scholarly ecosystem; the conclusion of the discussion being neatly summed up by panellist Dan Ayala’s final words: to ‘stop, collaborate and listen’. Often seen or portrayed as a publisher


problem (perhaps because of Sci-Hub, the largest pirate website which uses, among other methods, stolen or shared library log-on credentials to illegally harvest research articles and books), the panel, which consisted of a librarian, a publisher, a higher education chief information security officer and a network security provider, exposed how the threat of pirate websites goes far beyond facilitating illegal access to licenced e-content. Don Hamparian, from OCLC, explained that when a library customer’s log-in details are stolen and shared, a lot more than licensed e-content can be accessed. Personal email accounts, personal financial information, university research, department budgets and confidential information about personnel all become accessible using these stolen credentials. Tips to mitigate this security risk and protect patrons included having (and enforcing) password policies, making security information and education readily available, having secure remote access options set up for staff, and robust IT and vendor policies.


The panel was equally clear that such wide-ranging threats make cyber security a matter of concern to many audiences across higher education, so it is only via collective action, with librarians, information security officers and publishers working together, that these threats can be effectively combatted. However, to do this, a number of challenges were identified. Daniel Ayala, a strategic information security and privacy consultant and former chief information security officer at higher education institutions, provided a useful overview of


20 Research Information June/July 2021


the challenges inherent to securing the research lifecycle. Areas identified included the on-


going relationship building between IT, security, libraries, researchers, publishers; the tug between security and privacy requirements and ideologies; significant outside ‘interests’ in accessing and disrupting research, and the data that comes out of it; completeness and ease of use of illicit tools versus approved tools, including those used for search and discovery. Dan was clear that as none of these challenges were in the hands of information security officers to be able to solve on their own, working in partnership had to be the way forward. This theme of collaboration for solutions


was brought to life in Syracuse University librarian Juan Denzer’s presentation. While at Binghamton University Libraries, Juan worked on developing an EZproxy


“Such wide-ranging threats make cyber security a concern to many audiences across higher education”


script to combat breaches from Sci-Hub users. This worked to provide librarians with a better, more supported workflow, helping them to identify breaches so publishers were not required to suspend content access – a benefit, Don explained, OCLC has now embedded in its latest version of EZproxy. This new version positions librarians as security leaders and provides them with a plethora of new tools and dynamic workflow, which will allow them to detect and disable compromised credentials in real time. Working together to find solutions for what is clearly a collective problem goes to the heart of what SNSI is seeking to do. Elsevier’s Sari Frances co-chairs SNSI’s


university relations group, which brings together publishers, librarians and solution providers to raise awareness of threats


caused by sites such as Sci-Hub and promote new ways of partnership working. Like Dan, Sari pointed to the recent City of London Police Intellectual Property Crime Unit (Pipcu) statement warning universities of the threat from Sci-Hub. According to Pipcu, Sci-Hub obtains


academic papers through a variety of malicious means, such as phishing emails to trick university staff and students to divulge login credentials. Given this threat, they went advised IT departments to block the website on their network to mitigate the security risk. A number of them, The University of Manchester and University College London included, have acted on this and issued such warnings. With publishers and librarians having


successfully worked together before, for example on Crossref and most recently GetFTR, SNSI believes that such collaboration could reap benefits here too. But to do that, all need to work together to bridge what can be seen as a clash of priorities. According to the panellists, information security officers worry about being left out of conversations. Librarians are hesitant to speak up in conversations about phishing emails, for example, as it is out of their core area of responsibility. How can this be addressed? Juan’s final


advice was to encourage librarians to get involved in organisations such as SNSI with Sari echoing this call to publishers. Dan urged institutions to go from ‘no’ to ‘know’ and help facilitate, rather than block – in addition, of course, to ‘stop, collaborate and listen’. • SNSI brings together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific record and scholarly systems. By working sustainably and effectively together, we believe we can achieve our shared mission – the safety and security of personal data. Members include large and small publishers, learned societies, university presses and others in scholarly communications. Visit www.snsi.info for more information.


Susie Winter is director of communications and engagement at Springer Nature and co-chairs the SNSI communications working group


@researchinfo | www.researchinformation.info


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38