GEORGIA INSTITUTE OF TECHNOLOGY

THE EXECUTIVE BOARD

 

MINUTES

Meeting of May 13, 2003

Held in the Poole Board Room of the Wardlaw Center

 

 

Members Present: Boyd (Stu. Servcs); Clough (President); Evans (GTRI); Henry (OSP); Horton (GTRI); Jayaraman (Mgt); Kahn (CEE); Mark (CoC); Peterson (ECE); Swank (GTRI); Telotte (LCC); Uzer (Phys.); Warren (EDI); Norville (G. Stu); Watson (U. Stu); Alexander (Staff Rep); Abdel-Khalik (SoF).

 

Members Absent: Agrawal (ChE); Allen (Arch); Chameau (Provost); Marr (Psy)

 

Visitors:  Anderson (OIT/IS); Borodovsky (Biology/BME); Green (Math); Griffin (TFE); May (Pres. Office); Mullin (OIT); Realff (TFE); Rousseau (ChE)

 

1.      Larry Kahn (Chair) opened the meeting at 3:05 PM.   He called for approval of minutes of the April 8, 2003 meeting of the Executive Board.  The minutes were approved without dissent. (See Attachment #1 below).

 

2.      The Chair called on Mr. John Mullin, Assoc. VP-Information Technology, to present an overview of recent activities in the information security area. A copy of the slides used in Mr. Mullin’s presentation is attached (See Attachment #2 below).   Mr. Mullin began by describing the recent Ferst Center incident.   The server which hosted the ticketing system was compromised; the incident was identified by the intrusion detection system.  The system was immediately taken off the network and isolated, and the system administrator was contacted.   Upon confirmation of the intrusion and recognition that the system hosted third-party information, the incident response procedure was initiated.   The procedure grew out of the effort which led to the development of the current campus computer network usage policy (developed nearly three years ago by representatives from various academic, research, and business units).  The incident response team is co-chaired by Rob Clark, Director of internal auditing, and Mullin; membership includes Randy Nordin (Legal Affairs), Bob Harty (Institute Communications), Joel Hercik (Financial Services), and the affected unit head.  Future incident response teams may include CoC Dean Rich DeMillo as an advisor; others may be called upon as needed. 

 

The potential impact of the incident, including possible legal action, criminal activity, and financial risk, was assessed.  In this case, because of the risk of personal identity theft (credit card information), the system was isolated and law enforcement was notified (GBI, FBI and the Secret Service).  The unauthorized access was traced to the Dominican Republic.  It was determined that the credit card database had been accessed; therefore, after consulting with the Institute leadership, it was decided to notify all Ferst Center patrons whose records were involved.  All credit card service agencies were contacted.  Visa has a rigorous Cardholder Information Security policy, which requires that, in events of this type, an independent audit be performed; the auditor evaluated all campus areas that have credit card information.  Efforts were also directed towards restoring service to the Ferst Center in a secure manner.

 

In parallel with these activities, President Clough asked all campus units to identify servers hosting sensitive information.  The survey indicated that there are 97 servers around the campus that contained information covered by the Family Educational Rights and Privacy Act (FERPA); five servers had health information covered by the Health Insurance Portability and Accountability Act (HIPAA), 106 servers had financial information covered by the Gramm-Leach-Bliley Act (GLBA), and 12 systems contained credit card information.  These 220 sensitive data servers are maintained by 39 different Academic, Research, and Administrative units around the campus.  Mullin indicated that information security has always been important to Georgia Tech because of our dependence on Technology, and that over the past several years we have made significant investments (both people and tools) to improve our security.  He pointed to the intrusion detection system which detected the Ferst Center incident, and the security experts who help repair the damage in the aftermath of such incidents, as examples of such investments.  He outlined the actions to be taken based on the lessons learned from the incident, in order to better secure the Institute’s assets and protect its reputation and financial stability.  He pointed to the fact that the institute processes $61M worth of credit card transactions per year (tuition, fees, etc.), and that the loss of the ability to process such transactions would be detrimental. 

 

Mullin described the “Layered Security Approach” for securing Georgia Tech’s information technology infrastructure, including both non-technical and technical measures.  The non-technical measures include: (1) Education, awareness, and training for students, faculty, staff, and the CSR/CSS community, (2) Policy development: a campus security policy is in place; unit-level policies tailored for unique practices and requirements of each unit are to be developed (with OIT assistance) before the end of the calendar year.  Additionally, policies dealing with unit servers housing sensitive information, wireless access, data access, data retention, and back-up and recovery operations are to be developed or revised; and (3) Risk management, including unit-level self assessment, business process review for sensitive servers, system acquisition reviews, centralized vulnerability assessment, and internal audits.  Mullin described the Technical measures involved in the layered security approach.  He indicated that the aim is to “re-architecture” our network to create different environments, which limit/control access to different zones (the educational domain, student domain, administrative domain, and private services domain), and described the layered access (viewing versus manipulating of data) for the administrative domain.  He indicated that these network architecture changes are aimed at implementing the policy and business practices to be established. He described the layered firewall structure to be used to secure sensitive data and transactions on critical servers, and indicated that such measures are not affordable (or appropriate) for all servers.  Mullin concluded by providing a list of references for “Sensitive Data Compliance and Regulation” (Attachment #2b), and indicated that the Educause website (www.educause.edu) offers a useful legal perspective on IT security for higher education.

 

A question was asked as to what needs to be done to make faculty and students aware of this issue.  Mullin responded by indicating that OIT makes presentations on the subject during FASET (presentations to be expanded); they are also involved in the PSYC 1000 course and are working with advisors for students living in residence halls to offer a training course for incoming students, as well as a “refresher” on security awareness.  They also publicize the issue through articles in the Technique, town hall meetings, and brown bags, which will be expanded in the coming year to raise the students’ awareness of the issue.  Presentations are frequently made to various faculty groups, and department meetings. He indicated that communications are the key to enhanced awareness, and that “peer pressure” may be important since those who do not practice “good security” place everyone at risk. 

 

The President commented that Rob Clark (Director of internal auditing) recognized IT security as a potential problem sometime ago, and began including an IT part in the audits.    He has now hired specialists that look specifically at the IT part.  This is important because the Board of Regents, the State, and Federal Auditors have such specialists, who will be looking at this aspect of our operations.

 

A question was asked as to whether GTRI is covered by the new security measures.  Mullin responded affirmatively, and indicated that Charles Brown (Associate Director, GTRI) was a member of the top-level committee that developed the campus security policy a few years ago.  OIT will be working with IT personnel in the various GTRI labs to develop the policies and implement the technical measures.  A question was asked as to whether the security of the grade reporting process from professors to the Registrar has been checked.  Mullin indicated that the BANNER system is secure, and that transactions between clients and the BANNER system are also secure. 

 

Mullin indicated that the security measures to be implemented will require substantial investments (nearly $1M to put the security architecture in place plus additional personnel), and that initial attention has been focused on systems which pose the highest risk; a phased plan has been adopted.  A question was asked as to whether any incidents of identity theft have resulted from the Ferst Center incident.  Mullin indicated that none could be verified; one or two cases were suspected, but upon investigation, they proved to be false. 

 

The Chair thanked Mr. Mullin for his presentation.

 

3.      The Chair called on the President to comment on matters of interest to the Georgia Tech community.  The President offered the following comments:

 

a.       We had the largest graduating class this spring; we had two commencements one in the morning for undergraduates and an afternoon commencement for graduate students; the speakers (Senator Elizabeth Dole, and Dr. Julie Gerberding) were outstanding.  The President invited comments/suggestions to improve the graduation ceremonies.

 

b.      The State budget process ended on a positive note.  While there were no salary increases, there were no additional cuts in our 04 budget beyond the $18M we have had.  On the positive side, the Legislature has fully funded the formula; we expect to receive significant additional revenues from formula funding because of our enrollment increases.  That will depend on how the Board of Regents allocates the funds.  We are fairly confident that Chancellor Meredith will equitably allocate these funds and that we will receive our fair share, which will reduce the impact of the $18M in cuts we already have. We have also received $1.4M in funding for the GTREP program, which is strongly supported by the Legislature.   

 

c.       The Board of Regents will decide on the tuition levels when they meet next week. 

 

d.      Together with Presidents from six other leading universities, we have had discussions with two Undersecretaries of the Department of Homeland Security (Hutchinson and McCreary) regarding the new reporting requirements for foreign students and visitors.   The changes may take some time; however, based on the reception we have received and the follow-up from DHS, we are optimistic that the issue will be positively addressed.

 

e.       We have had ongoing discussions regarding SARS and how to handle any cases that may occur on our campus; we have had no cases so far.  We have cancelled three study abroad programs in high risk areas this summer, and are collaborating with other universities to develop a sensible policy.    Today, the Student Health Center will send out an update to the Georgia Tech community to provide guidance on our SARS policy.  We will revisit/update our policy as warranted and will keep people informed. 

 

f.        There are searches in progress to fill several important positions; the search for GTRI Director is in the final phases -- a short list with four finalists has been identified by the search committee and the final visits are being made at this time; the search for the Director of Admissions is also in its final phases.  We also have a search underway for a person to lead our emergency response activities; the person in that position will report to the Director of Campus Security.

 

g.       The Environmental Science and Technology building will be dedicated this Friday.  It will house several units including Chemical Engineering, and EAS.  A major donation to the building was made by Ford; Mr. Edsel Ford will be on hand to help dedicate the building.  We are also planning a major event for the dedication of Technology Square (October 23, 2003); the theme of the event will be “technology and the global economy,” and will have several world-renowned speakers. 

 

A question was asked regarding security at the Technology Square complex, particularly the connection between the College of Management and the Bookstore.  The President indicated that access between the Bookstore and the College of Management will be provided through the doors on the first and second floors during normal working hours (no direct connection to the third and fourth floors where most of the COM faculty and student offices are located); however, the doors between the two buildings will be locked during off hours.  He also indicated that 16 campus police persons are being hired; some of them will be assigned to Technology Square.  He also indicated that the area will be very well lighted to enhance security.  A question was asked regarding the bike lanes on Fifth street, and whether they will be restored after construction.  The President indicated that the street will be widened and will have both bike and pedestrian lanes and no parking. There were no additional questions for the President.

 

4.      The Chair called on Dr. Green, Chair of the Graduate Curriculum Committee, to present action items requiring Board approval in behalf of the Academic Senate.  Dr. Green distributed copies of the April 24, 2003 Graduate Committee meeting minutes (See Attachment #3).  He indicated that the most important action item in the minutes is the approval of a new PhD Program in Bioinformatics with participation from the College of Computing and the Schools of Chemistry & Biochemistry, Biology, Biomedical Engineering, and Mathematics (See details in Attachment #4).    Other action items in the minutes include approval of a new course in Public Policy, and curriculum modification for the MS degree in Nuclear Engineering.  He introduced Dr. Mark Borodovsky (Biology/BME), chair of the faculty coordinating committee for the new PhD program in Bioinformatics, and indicated that Executive Board approval is being sought since the program was not finalized in time for the April 22, 2003 Academic Senate meeting.    

 

A question was asked as to how many other PhD programs in Bioinformatics exist around the country.  Borodovsky indicated that there are nearly twenty PhD programs in that area.  He also indicated that since 1993, the School of Biology at Georgia Tech has implemented a PhD in Biology with concentration in Bioinformatics, and that in 1997 the College of Sciences at Georgia Tech proposed and established an MS program in Bioinformatics, the first of its kind in the United States.  Borodovsky indicated that successful candidates to the new PhD degree programs must be admitted by one of the participating units.  A motion to approve the April 24, 2003 Graduate Curriculum Committee meeting minutes and all the action items therein was approved without dissent. 

 

5.      The Chair informed the Board of the need to extend the current term of the Institutional Review Committee for Assessment of Academic Programs by one year, in order for the committee to complete its work on integrating the Program Assessment process within the overall faculty governance structure.  This effort was described to the Board at the last meeting.   A motion to extend the term of the Institutional Review Committee for Assessment of Academic Programs till August 2004 was approved without dissent.

 

6.      The Chair called on Dr. Ron Rousseau (Chair, School of Chemical Engineering) to present a request for a School name change from “Chemical Engineering” to “Chemical and Biomolecular Engineering.”  Dr. Rousseau referred members to the handout summarizing the justification and rationale for the requested name change (see Attachment #5).  He indicated that the Chemical Engineering discipline has historically focused on two areas: (1) molecular transformation of matter, and (2) species separation and purification.  In recent years, interest in molecular transformation has evolved to include strong participation from biological and life sciences.  The School of Chemical Engineering at Georgia Tech is a part of a nationwide group examining the future of the Chemical Engineering profession and the evolution of the discipline reflecting the increased emphasis on biology.  It is important for the school to be given a name that reflects its programs and the discipline it supports.  Some schools opted to use the name “Biomolecular Engineering,” while others opted for “Biological Engineering.” The Georgia Tech faculty has carefully studied this issue and decided to use the name “Chemical and Biomolecular Engineering.”  Executive Board approval of the name change (on behalf of the academic Senate) is, therefore, requested. 

 

A question was asked as to whether the Schools of Biomedical Engineering and Biology had been consulted on this matter, and what their responses were.  Rousseau indicated that the Dean of the College of Engineering, who strongly supports the proposed name change, has had meetings with the Schools of Biomedical Engineering, Chemistry & Biochemistry, and Biology to discuss this proposal.  As a result, these schools are generally supportive of the proposed name change.  A question was asked as to whether the school is also seeking a change in its course designations from “CHE.” Rousseau responded by indicating that such changes will be addressed once the School name change is approved.   He indicated that while the course designators have not been changed, the content of the curriculum has been significantly modified, and that the faculty is committed to modifying the content of the various courses to reflect the increased emphasis on biological sciences.  The curriculum changes will be submitted to the Undergraduate and Graduate Curriculum Committees for their approval.  A question was asked as to whether the faculty envisions having separate degrees in “Chemical” and “Biomolecular” Engineering.  Rousseau indicated that separate degrees are not proposed and that the current degrees would be re-named “Chemical and Biomolecular Engineering.” A concern was raised as to the need for immediate action on this request, and whether it would be more appropriate to await consideration by the Academic Senate early in the Fall.  Rousseau indicated that there is a competitive advantage in proceeding quickly rather than waiting till September 30; he indicated that it is important to correctly label the School as we compete with other programs around the country in recruiting students and faculty.  A motion was made to approve the requested name change from the “School of Chemical Engineering” to the “School of Chemical and Biomolecular Engineering.”  The motion passed without dissent.

 

7.      The Chair called on Dr. Anslem Griffin (Chair, School of Textile and Fiber Engineering) and Dr. Mary Lynn Realff (TFE) to present a request for a School name change from “Textile and Fiber Engineering” to “Polymer, Textile, and Fiber Engineering.”  Dr. Griffin referred members to the memorandum summarizing the justification and rationale for the requested name change (see Attachment #6).  Dr. Griffin indicated that over the past two years, the School of Textile and Fiber Engineering has modified its undergraduate and graduate curricula to reflect the increased emphasis in the area of Polymers.  He indicated that the polymer area is a “growth” area for the school and that the decision to change the School name is a “grassroots” decision reflecting the interests of the faculty.  Dr. Realff added that two years ago TFE was offering three separate degrees, and that two of those degrees (“Polymer & textile Chemistry” and “Textile Fiber Engineering”) were consolidated into one degree.  Students can choose either a “Polymer Track” or a “Fiber track.”  She indicated that the undergraduate and graduate course designators were changed to “PTFE;” the changes were approved by the Undergraduate and Graduate Curriculum Committees and the Academic Senate. She also indicated that discussions had been held between the previous School Chair and Chairs of the Schools of Chemical Engineering and Materials Science and Engineering, and that they did not object to the proposed name change.  Griffin added that TFE is a small school and that they are not attempting to prevent anyone else from working in the polymer area.  A motion was made to approve the requested name change from the “School of Textile and Fiber Engineering” to the “School of Polymer, Textile, and Fiber Engineering.”  The motion passed without dissent.

 

8.      The Chair informed the Board that the June Board meeting has been canceled.

 

9.      The Chair called for any other business; hearing none, he closed the meeting at 4:30 PM. 

 

 

 

Respectfully submitted,

 

Said Abdel-Khalik

Secretary of the Faculty

May 15, 2003

Amended May 19, 2003

 

Attachments (to be included with the archival copy of the minutes)

 

  1.  Minutes of the EB meeting of April 8, 2003.  http://www.facultysenate.gatech.edu/EB2003-040803-Minuteswbpg.htm
  2. Information Security Presentation by J. Mullin
    1. Layered Security
    2. Sensitive Data Compliance & Regulation Reference Information
  3. Minutes of Graduate Curriculum Committee Meeting of April 24, 2003.
  4. Doctor of Philosophy in Bioinformatics (Program Description and Administration)
  5. The Path Forward for Chemical Engineering at Georgia Tech (Report by Dr. Ron Rousseau).
  6. Memorandum from Anslem Griffin to Jean-Lou Chameau dated March 20, 2003.