By Jim Phillips
Athens NEWS Senior Writer
Ohio University officials provided some more details Friday on an
expensive and ambitious overhaul of OU's information technology (IT)
system that's now in the works.
The restructuring, which was recommended by a consultant after OU suffered
a series of major computer security breaches, will do away with OU's two
main computer-related departments, Communication Network Service and
Computer Services, to create what OU officials are calling a "unified IT
structure" for the university.
"CNS and CS... no longer exist," announced OU Chief Information Officer
William Sams, who has said he'll be stepping down from that post as part
of the restructuring.
Sams and Provost Kathy Krendl rolled out the 20-point "blueprint for
building a world-class IT function at Ohio University" at the Friday press
conference, which was attended in person or via conference call by
reporters from state and local media outlets, as well as publications such
as the Chronicle of Higher Education and Computer World.
Sams has estimated that implementing the plan will take from $3 million to
$5.5 million in one-time costs, plus $2.5 million in annual ongoing
The OU Trustees have already said they'll allocate $4 million for the
project, and Sams said all or part of the rest can possibly be found
within the existing university-wide IT budget.
OU hired the Illinois-based Moran Technology Consultants, Inc. to
investigate its IT setup after the university discovered a series of
computer security breaches in which hackers gained access to personal
information, including Social Security numbers, on tens of thousands of
students, alumni, donors and subcontractors.
A report by the consultant found major fault with CNS for what the report
called its insular, uncooperative "silo culture." Two IT officials
criticized in the report, CNS Director Tom Reid and CNS Unix Systems
Director Todd Acheson, were suspended after its release, and now face
AMONG THE FEATURES of the plan previewed Friday, OU plans to:
* implement a "perimeter firewall" to filter Internet traffic and protect
OU computers outside the central cluster from hacking;
* reduce its use of Social Security numbers for identifier purposes, and
encrypt the Social Security numbers it continues to use; and
* classify its data by the level of security needed in its protection.
The overall restructuring of its IT sector, OU officials say, will help
clarify roles and responsibilities, and facilitate better teamwork - the
lack of which under the old system was stressed by Moran in its report.
To help push the process forward, OU will be reviving and reorganizing its
IT Leadership Council, to bring more university groups into IT-related
Other points made in the Moran report were that OU has been cutting its IT
workforce and not adequately training the workers it has. Sams said Friday
that the new plan will turn that situation around.
"That's what we're reversing," he said. He also promised "a complete
review of job descriptions, so we are sure we've got people in the right
jobs," and added, "we're going to have to do a lot more in training."
Sams estimated that this training and analysis effort, plus some new
hires, will cost "somewhere in the $1 million range... I'm looking at 15
people being added to the organization."
KRENDL AND SAMS provided little information in response to one reporter's
question about whether there might be a place in the new structure for
Acheson and Reid, saying only that the cases of the two IT officials are
still under consideration.
An attorney for Acheson said Friday that his client remains in the dark
about his status with OU, following a disciplinary meeting with Sams.
"We have not heard anything," reported attorney Fred Gittes.
Gittes said he has been sending testimonials to OU from numerous people
who have worked with Acheson, disputing the Moran report's portrayal of
him as an abrasive person who is difficult to work with and ignores
"I've been sending in statements in support of Todd practically every
day," he said.
Gittes slammed the report, noting that it was only released with a number
of sections redacted, and alleging that even as it stands in its public
version, it contains "absolutely, provably false" statements and is
"sloppy, full of incorrect statements, and contradicted by some of OU's
own prestigious faculty members."
He also criticized the consultant for destroying its notes used to compile
the report. "We believe that was illegal," he said.
ON THE QUESTION of how big an impact the restructuring will have on
day-to-day computer use by students and staff Sams held out hope that the
switch will be painless.
"If we do our job right, they almost shouldn't notice," he said.
Krendl was asked how the bad publicity surrounding the security breaches -
which has triggered hundreds of e-mails from alumni, some of them angry,
as well as a class-action lawsuit - has affected alumni giving.
"In the history of the institution, this has been our third best year (for
fundraising)," she responded. "It's been an excellent year for us."
Krendl added that university fundraisers "did back off a bit" in their
soliciting after the news of the hacking incidents came out.
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.