As a result of the Government’s Counter-Terrorism and Security Act, from July 2015 schools and providers of higher education have a duty “to prevent people from being drawn into terrorism”.
The Prevent Duty document can be found here for a deeper look.
This legislation comes from the statistic that most terrorist offences are committed by people under the age of 30, and the Government sees education providers as key to tackling this.
However, whilst organisations need to be placing high importance on compliance, the Government guidance is brief and advice on what practical steps in-house IT staff should be taking is thin on the ground. It does, however, identify filtering of the school’s internet as a crucial way of keeping students safe online:
The use of the internet to disseminate extremist material is well established. The ISIS social media propaganda machine is often cited as a significant pull factor during the radicalisation process.
The guidance for schools states:
“Specified authorities will be expected to ensure children are safe from terrorist and extremist material when accessing the internet in school, including by establishing appropriate levels of filtering.”
Our last State of Networking in Education report highlighted that only 50% of organisations in education identified network security as a priority in the next three years. Considering the expectations now in place not only for cybersecurity but also for preventing extremism in schools, it seems more needs to be done to raise it on the internal agenda.
100% accurate filtering is probably unachievable
The problem for in-house IT in schools and higher education is that even the most up to date, and well maintained firewalls cannot guarantee to filter out 100% of the intended material—particularly when faced with IT savvy and motivated individuals.
The guidance for education providers emphasises the need for a risk-based approach to the Prevent Strategy—ensuring effective filtering is in place to minimise the risk of accessing extremist content—as well as maintaining appropriate records to demonstrate compliance with their responsibilities.
Visibility and reporting is key
If you accept that filtering with 100% accuracy is impossible, having visibility across your network in order to effectively monitor end user activity is going to be key.
In the event that filtering fails and suspicious content is accessed, having visibility of the event gives you the opportunity to raise concerns with the relevant authorities. It also allows you to have access to a historical timeline review of the user, satisfying the Government’s demand for reports demonstrating compliance, when requested.