REN-ISAC: Higher Education Enterprise Risk Management Leadership

By Brett Zupan and Andy Jabbour


Across critical infrastructure, organizations must continually reassess their risks based on an ever-changing threat environment. In doing so, and as part of broader risk management activities, our team encourages applying a threat-informed, risk-based approach to analysis, preparedness and operations. One community facing a shifting threat landscape is Higher Education. While colleges and universities have always been centers of social activism, protest, and “counter culture” enthusiasts, recent years have seen new challenges emerge in the sorts of threats encountered, the tactics being employed, and the types of individuals involved. Appreciating the threat and risk changes the Higher Education subsector is facing, REN-ISAC – a long-time leader in Higher Education cybersecurity – is expanding its scope to provide a more holistic, enterprise approach to risk management.

In Brief:

  • For the last fifteen years, the Research and Education Network Information Sharing and Analysis Center (REN-ISAC) has been helping to enhance both members’ and the broader Higher Education community’s operational security.
  • Appreciating changes in the cyber, physical, and blended threat landscape, REN-ISAC is applying a broader, more holistic approach to Higher Education enterprise risk management.
  • In 2018, REN-ISAC is leading a coordinated, multi-part exercise series around the United States to provide peer-to-peer forums where members and others from the Higher Education community can come together and share ideas on common challenges, lessons learned, best practices, potential gaps, and other relevant points relating to physical and cyber threats, preparedness, and response.


A quick review of security-related news in the Higher Education community demonstrates the diverse challenges facing schools around the country. Protests, website defacements, terrorism inspired events, and domestic extremism are just some of the types of issues colleges and universities have had to contend with, and that doesn’t even touch the numerous incidents of shootings, false reports, and other occurrences of criminal violence that have occurred over the past few years.  While familiar with student protests and rowdy sporting events after many years of experience, Higher Education security now has to confront increasingly violent threats and incidents not limited to one ideology, issue, target, or state rivalry. From website defacements to data breaches, from statues and buildings to stadiums and performing arts centers, with weapons ranging from fists to knives to guns to keyboards – colleges and universities must increasingly be prepared for the broad array of threats and security issues that may pose risks to facilities, personnel, and activities.

Seeing a changing threat environment is easy. Responding to a changing threat environment is a challenge, as organizations must determine, given limited time and resources, what they can realistically achieve.

Understand the Threats. Assess the Risks. Take Action.

It can be hard to translate from a broad threat environment to the specific risks that environment poses to an organization – in this case, to a campus’s facilities, personnel, and operations. One of the best ways to gain a good understanding of the threats a community is facing and to assess the relevant risks that have to be addressed is to collaborate with industry peers in safe, candid discussions. Information Sharing and Analysis Centers (ISACs) “are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators.” REN-ISAC wants to create an environment for just that sort of discussion in Higher Education.

REN-ISAC’s Executive Director, Kim Milford, recognizes that the members of the community have a lot to offer one another as they experience and learn from events happening at their schools. What they need is a trusted environment, where members of the community can come together to share ideas, where they are able to safely and comfortably ask questions of one another, and where they can listen and learn from a community of peers. To provide this environment, REN-ISAC is coordinating a series of Higher Education-focused workshops focusing on security issues facing the community. Over the summer and fall of 2018, working with partners from across the nation, REN-ISAC will lead the development and conduct of exercises to help encourage and foster increased security, preparedness and vigilance among members and others in Higher Education.

It takes awareness, understanding, initiative, and strong leadership to proactively encourage meaningful discussion, collaboration, and action in security. Too often, organizations seem to hope “it” happens to someone else and if “it” happens to them, they’ll react however they need to. That “it” could be a data breach, a DDoS attack, an out of control protest, low tech terrorism, or a host of other possibilities. For fifteen years, REN-ISAC’s team has continually monitored and assessed the cyber threat environment and is now increasing its scope to help members and the broader community address the increasingly complex and dynamic physical security and blended threats they are facing. Gate 15 is thrilled to play a role in this effort and we’re looking forward to completing the exercise planning and development phase and to move to the conduct of what is sure to be a great series of exercises!

In the next part of this multi-part series, we’ll shine our security spotlight on Kim Milford to better understand what motivated the increased scope and effort of REN-ISAC and this exercise series. Want to get involved? Contact REN-ISAC for more information!


About REN-ISAC: “The Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) has two primary roles.  As the computer security incident response team (CSIRT) supporting the R&E community at-large, we serve the entire EDU space in the United States, including non-members.  In this role, we work with trusted third parties to notify higher education institutions of infected hosts and suspicious network traffic. REN-ISAC also serves over 540 member institutions in Australia, New Zealand, Canada, the UK, and the United States.” Read more.


This blog was written by Brett Zupan, Gate 15 Risk Analyst and Andy Jabbour, Gate 15’s Co-Founder and Managing Director.

Brett Zupan is a Risk Analyst at Gate 15 with experience in all-hazards analysis, exercise development, and information sharing. He has supported analysis, preparedness and operations for a number of critical infrastructure communities, including support to Water and Wastewater Systems Sector, the Commercial Facilities Sector, and with Higher Education, among other projects. Before joining the company in 2016, he worked at the Georgia State Senate. Brett received his Masters of International Relations from American University.


Maintain security and threat awareness via Gate 15’s free daily paper, the Gate 15 SUN and learn more about Hostile Events Preparedness and our HEPS Program here. Gate 15 provides intelligence and threat information to inform routine situational awareness, preparedness planning, and to penetrate the decision-making cycle to help inform time-sensitive decisions effecting operations, security, and resourcesWe provide clients with routine cyber and physical security products tailored to the individual client’s interests.  Such products include relevant analysis, assessments, and mitigation strategies on a variety of topics. 

UC Berkeley image: Protesters watch a fire on Sproul Plaza during a rally against the scheduled appearance by Breitbart News editor Milo Yiannopoulos at UC Berkeley. (Ben Margot / Associated Press) via LA Times, “UC Berkeley blames violent ‘black bloc’ protesters for ‘unprecedented invasion,’” 05 Feb 2017

Michigan State University image: Demonstrators at Michigan State University protest a speech by white nationalist Richard Spencer, March 5, 2018, in East Lansing, Michigan, via ABC News, “Skirmishes flare at Michigan State University before Richard Spencer speech,” 05 Mar 2018

UVA image: Black Lives Matter protesters cover a statue of Thomas Jefferson with a tarp during a rally in front of the Rotunda at the University of Virginia on Tuesday. (Photo by Zack Wajsgras/The [Charlottesville, Va.] Daily Progress) via The Washington Times, “Black Lives Matter protesters deface Jefferson’s statue at UVa. in Charlottesville,” 12 Sep 2017