eCampus: We're just a few weeks away from EDUCAUSE 2024 in San Antonio. Could you give us a preview of your session and share some insights on IT policy in 2024?
Jarret Cummings: Absolutely. Every year at the conference, we review major policy issues affecting the EDUCAUSE community, and 2024 has been particularly eventful. One issue we've been pulled into is the Cybersecurity and Infrastructure Security Agency's (CISA) proposed cyber incident reporting regulations. Though these aren't finalized yet, we've had to compile our community's views and concerns about how higher education fits into this process.
Additionally, the Department of Justice (DOJ) released its final regulations for web and mobile app accessibility under the Americans with Disabilities Act (ADA) Title II. This impacts all public colleges and universities, and we expect these regulations will eventually extend to private institutions as well. Lastly, research cybersecurity has been a hot topic, with new guidelines issued by the Office of Science and Technology Policy. Fitting all of this into 45 minutes at EDUCAUSE will be a challenge, but we're up for it!
eCampus: That's a lot to cover in a short time. For those attending EDUCAUSE or following your work online, how can they feel like they're part of this conversation? Sometimes policy seems distant -- how can individuals engage with these federal regulations?
Jarret Cummings: It's a great question. It operates on two levels. First, our EDUCAUSE policy team relies on input from our Member Community Groups. We're generalists, so we need specific expertise from our members to help
refine our understanding of these issues and determine appropriate responses. For instance, when preparing comments on the web and mobile accessibility rules, we turned to our IT Accessibility Community Group for insight.
We've done the same with cybersecurity, asking our Chief Information Security Officers (CISOs) and research cybersecurity groups to help us assess the impact of proposed regulations. During conference sessions, we then share the community's collective input, ensuring everyone is informed and feels represented.
eCampus: So, you act as an intermediary, amplifying the concerns of the EDUCAUSE community. It's not just top- down but also grassroots engagement?
Jarret Cummings: Exactly. On the front end, we
bring policy issues to our members and gather their perspectives. On the back end, we inform the broader membership about the positions the community has taken and why. It's a two-way street.
eCampus: As we approach the EDUCAUSE conference, we're also nearing a major presidential election. How does an election year impact your work? Do the policies you're tracking change depending on who wins?
Jarret Cummings: There are certainly differences
in priorities between candidates. For example, with accessibility regulations, if a second Trump administration were to take office, we might see regulatory processes put on hold, as happened during his first term. On the other hand, a Harris administration would likely continue moving forward with these regulations.
Cybersecurity, however, is more bipartisan. For instance, the Department of Education is set to release cybersecurity requirements related to student financial aid data. This rulemaking could happen as soon as October, though I suspect it may be delayed until early 2025, regardless of the election outcome.
eCampus: Cybersecurity is always top of mind, election year or not. What are the key research cybersecurity challenges, and can you give us a sneak peek at what's ahead in 2025?
Jarret Cummings: Research cybersecurity is driven by National Security Presidential Memorandum 33 (NSPM- 33), which started under the Trump administration and has continued under Biden. It outlines guidelines for
enhancing the security of federally funded research at universities. These guidelines have now been finalized, and institutions must implement robust cybersecurity programs to comply.
Looking ahead to 2025, institutions with significant federal research funding will need to adapt their security programs to meet these standards. This will remain a critical issue regardless of who wins the election.