Click below to listen to the full conversation:
Electronic campus: We are just a few weeks away from EDUCAUSE 2024 in San Antonio. Could you give us a preview of your session and share some thoughts on IT policy in 2024?
Jarret Cummings: Absolutely. Each year at the conference we review the major policy issues affecting the EDUCAUSE community, and 2024 has been particularly eventful. One problem we've been caught up in is the Cybersecurity and Infrastructure Security Agency's (CISA) proposed cyber incident reporting regulations. Although they are not yet finalized, we have had to gather the opinions and concerns of our community about how higher education fits into this process.
Additionally, the Department of Justice (DOJ) released its final regulations for web and mobile application accessibility under Title II of the Americans with Disabilities Act (ADA). This affects all public colleges and universities, and we hope that these regulations will eventually extend to private institutions as well. Finally, cybersecurity in research has been a hot topic, with new guidelines issued by the Office of Science and technology Policy. Fitting all of this into 45 minutes at EDUCAUSE will be a challenge, but we are ready for it!
Electronic campus: It's a lot to cover in a short time. For those who attend EDUCAUSE or follow your work online, how can you feel part of this conversation? Sometimes policies seem distant: how can individuals engage with these federal regulations?
Jarret Cummings: It's a great question. It works on two levels. First, our EDUCAUSE policy team draws on input from our community membership groups. We are generalists, so we need specific expertise from our members to help
refine our understanding of these questions and determine appropriate responses. For example, when preparing comments on web and mobile accessibility rules, we turned to our IT Accessibility Community Group for input.
We have done the same with cybersecurity, asking our chief information security officers (CISOs) and cybersecurity research groups to help us evaluate the impact of proposed regulations. During conference sessions, we share collective community input, ensuring everyone is informed and feels represented.
Electronic campus: Then you act as an intermediary, amplifying the concerns of the EDUCAUSE community. Is it not just top-down but also grassroots engagement?
Jarret Cummings: Exactly. At the front, we
bring policy issues to our members and gather their perspectives. In the end, we inform the general membership about the positions the community has taken and why. It is a two-way street.
Electronic campus: As we approach the EDUCAUSE conference, we are also approaching an important presidential election. How does an election year impact your work? Do the policies you're following change depending on who wins?
Jarret Cummings: There are certainly differences
in priorities among the candidates. For example, with accessibility regulations, if a second Trump administration were to take office, we could see regulatory processes suspended, as was the case during his first term. On the other hand, a Harris administration would likely continue to move forward with these regulations.
Cybersecurity, however, is more bipartisan. For example, the Department of Education will publish cybersecurity requirements related to student financial aid data. This rulemaking could happen in October, although I suspect it could be delayed until early 2025, regardless of the election outcome.
Electronic campus: Cybersecurity is always a priority, whether it is an election year or not. What are the main challenges of cybersecurity research? Can you give us a preview of what awaits us in 2025?
Jarret Cummings: Cybersecurity research is driven by National Security Presidential Memorandum 33 (NSPM-33), which began under the Trump administration and continued under the Biden administration. Describes guidelines for
improve the security of federally funded research at universities. These guidelines have now been finalized and institutions must implement robust cybersecurity programs to comply.
By 2025, institutions with significant federal research funding will need to adapt their security programs to meet these standards. This will remain a critical issue regardless of who wins the election.
!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=();t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)(0);
s.parentNode.insertBefore(t,s)}(window, document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘6079750752134785’);
fbq(‘track’, ‘PageView’);
