Brief history of the extinct National Computer Security Network of Mexican Universities

Author: José Luis Ponce López, Director of Information and Communications Technologies of the National Association of Universities and Higher Education Institutions of Mexico.

In 2003 RENASEC was established in Mexico to form a National Network of Computer Security, which would protect and respond in an effective manner to cybersecurity incidents. However, RENASEC disappeared in 2013, so Mexican universities are now regrouping in the Committee on Information Technology and Communications (ANUIES-TIC Committee) where the issue of cybersecurity is being promoted again.

Background

Over the past decade, the way societies communicate and share their information has drastically changed. The development of new information and communications technology has brought many advantages, making communication fast and convenient. However, as with any new technology, there are numerous risks arising from its use. These range from exposure, modification and manufacturing sensitive information on both individual or organizational level. That is why in 2003 the National Computer Security Network, RENASEC, for its acronym in Spanish, was founded in a joint effort by the top Mexican universities, the National Association of Universities and Institutions of Higher Education (ANUIES) and the Computer Emergency Response Team of the National Autonomous University of Mexico (UNAMCERT). The UNAM-ANUIES aimed to form an Academic Network that will consolidate a national front in Mexico to counteract problems related to Computer Security.

The Objectives

The objective of RENASEC was to form a National Computer Security Network of Mexican universities that would adequately protect and respond to emergencies in information technologies in the country’s higher education institutions. Among its objectives, several things were highlighted, such as: the promotion of collaboration between the universities of the country in the field of Computer Security, culture towards Information security, awareness of academic communities, integration of issues related to Computer Security in the plans and curricula of the universities and the promotion of training in Computer Security of all the members of RENASEC. The elementary strategy of the national network was the inter institutional collaboration through Regional Networks. This led to the creation of a National Network (RENASEC) and six Regional Networks of Computer Security, which reported a work plan and results in the coordination of RENASEC.The Regional Computer Security Networks were divided as follows: Northwest, Northeast, Central-West, Central-South, Metropolitan and South-Southeast of ANUIES. Each Regional Computer Security Network had a coordinator who was chosen by the heads of the universities in their region. Initially, RENASEC was coordinated on a national level. Regional coordinators came together in Mexico City and discussed ongoing projects, some examples are given below.

  • Computer Security Diagnoses in the Mexican Universities (2004, 2005, 2011 and 2013). Its objective was to carry out annual diagnoses about the situation of Computer Security on a national level and tailor the work of RENASEC according the needs of Mexican universities.
  • RENASEC web portal, where acquired knowledge of different regions was combined. Its objective was to report on the work of the National network and the regional networks on the threats related to the matter. 
  • Updated directory of institutional and technical leaders. Its objective was to have an updated directory of contact points in the national level of all those responsible for Computer Security at RENASEC, thus fostering communication and collaboration. 
  • Regulations in “RENASEC STATUTE”. Its objective was to lay the foundations of a norm for RENASEC to regulate its operation. 
  • Positioning of RENASEC. Its objective was to ensure that RENASEC, was recognized by all Mexican universities as a collaborative network in the field of Computer Security. 
  • Training program. Its objective was to make proposals for comprehensive training on Computer Security for all members of RENASEC. 
  • Designation of Computer Security Officers of the universities. Its objective is to appoint a formal point of contact in all affiliated universities of Mexico under a professional profile in the field of computer security.
National and Regional Networks of Computer Security (2003-2013)

National and Regional Networks of Computer Security (2003-2013).

Conclusions

The actions promoted by RENASEC where the first joint effort to promote collaborative work among Mexican universities, and immediately achieved very good results, highlighting the consolidation of the National Network, the beginning of the formalization and training of specialized human resources, the consolidation of a central website, and various communication mechanisms such as mailing lists, podcasts, participation in the Computer Security Congress of the UNAM, participation in regional meetings of computer security, etc. Furthermore, RENASEC worked on constantly updating all contact points responsible for computer security of Mexican universities. However, by the year 2013, before an institutional decision of the ANUIES, it was decided to annul the National Network of Computer Security, and only the Regional Networks remained. Over time these regional networks weakened and eventually most dissolved as well. Now, only the ANUIES Center-South Region Computer Security Network stands. Since 2015 ANUIES created the Committee on Information Technology and Communications, or ANUIESTIC, for its acronym in Spanish, the issue of cybersecurity is being promoted and Mexican universities are regrouping. This will bring new challenges, it will require alliances and collaborative work to consolidate and captivate the universities of Mexico. The ANUIES-TIC Committee promotes collaborative work among partner universities, dissemination and awareness of IT managers in topics as governance and security matters, as well as in training, training and updating, and creating global agreements about projects, initiatives, products and services.

This article first appeared in the fourth issuse of the Global Cyber Expertise Magazine - November 2017