About a quarter of the nation’s historically Black colleges and universities are now signed on to receive a comprehensive IT assessment designed to bring the institutions into compliance with federal cybersecurity standards, the director of the Student Freedom Initiative told EdScoop.
The nonprofit now offers its program, designed to address longstanding inequities that led to gaps in digital infrastructure and to prevent HBCUs from losing their ability to distribute financial aid, in 14 states. Of 107 HBCUs, 25 have agreements with SFI and its partners to receive a comprehensive assessment for requirements established by the National Institute of Standards and Technology, called the NIST 800-171. (The group has not publicly named the participating institutions.) The agreements also provide the institutions equipment and a year of support as they develop long-term IT strategies.
The group’s executive director, Mark Brown, said another 17 agreements are in review, and once the program expands geographically, SFI expects to reach 50% of HBCUs by early next year.
The Department of Education announced in December 2020 that it would roll out programs to check whether institutions distributing financial aid were in line with federal privacy requirements, though it has not announced deadlines or penalties for non-compliance. HBCUs have historically seen fewer resources and smaller endowments than other institutions, as outlined by the Biden administration in September. Less resources often results in challenges when trying to modernize IT infrastructure and cybersecurity posture, a consideration SFI cited in a May announcement that the technology giant Cisco would invest $150 million in the project.
American Virtual Cloud Technologies, an IT firm based in Atlanta, conducts the assessments, which began this year. The SFI program then provides money, equipment and guidance to fill gaps in compliance. Cisco provides equipment and maintenance, while the higher IT organization Educause offers professional development for technology leaders.
Though implementing the changes needed to meet the federal guidelines is free through the program, institutions need long-term plans to maintain their cyberinfrastructure and implement changes, Brown said. And though HBCUs vary greatly in size and resources, he said, conversations with leadership show common challenges, like IT staffing.
“What they’ve told us that we kind of sensed — but did not know how acute this problem was — is they think they can’t keep the talent based on the competition from other schools and from industry, as well,” Brown said, adding the certifications and experience needed to fill these positions makes qualified workers a “hot commodity.”
Sharing some cybersecurity services across institutions within various regions could be a potential next step for addressing resource disparities, Brown said.
Institutions are also struggling to keep up with student demand for digital services, he said, like being able to complete tasks like registration or changing classes from their phones. Institutions not being able to digitize services because cybersecurity can’t keep up is a “non-starter,” he said, because it will prevent HBCUs from attracting students.
After providing financial support and equipment, the SFI program also works with the schools on long-term governance for about a year, partnering with Educause to offer professional development. Brown said the year when the nonprofits will work with schools on IT strategy will be key.
“View us as like a program manager for these HBCUs,” he said. “We’re just saying, ‘Allow us to make sure [infrastructure improvement] actually gets done and gets on campus and is executed.'”