Universities across the country, including the University of Minnesota and St. Cloud State University, are increasingly under attack by hackers striking from around the world.
While U officials would not provide specific numbers, they acknowledge that attempts are made to breach the university’s network tens of thousands of times a day. Most of those attempts are thwarted by the university’s defenses, but in 2012, there were 16,000 incidents that warranted further investigation. Such incidents include single computers infected with viruses or students downloading copyrighted material.
It’s unclear exactly what cybercriminals are seeking from the universities. But cybersecurity experts say that academic networks are appealing repositories of intellectual property as researchers make breakthroughs in science, medicine and technology. Campus officials are constantly battling to keep information safe — with the U spending $2 million annually on cybersecurity.
“Cyberthreats are real. They evolve quickly. They’ve become more malicious and more prevalent,” said Prof. S. Massoud Amin, director of the Technological Leadership Institute at the U, one of the sponsors of an annual Cyber Security Summit in Minneapolis.
The fight against such cyberattacks gained higher profile earlier this year when President Obama issued an executive order encouraging the government and private companies to work together to defend critical infrastructure. Cybersecurity also was among the topics discussed this week by the Department of Homeland Security’s Academic Advisory Council, which counts U President Eric Kaler as a member. Within universities, defending against cyberattacks is a common topic of conversation, but officials are hesitant to discuss the details publicly, citing security concerns.
“It’s something that consumes more time and resources than it did a year ago or three years ago,” said Henry May, chief information officer for St. Cloud State University.
The U’s spending on cybersecurity has held steady for the past three years, but that doesn’t mean the system of defenses is stagnant. The university is constantly updating its capabilities in response to attempted attacks, said Brian Dahlin, the U’s director of information security.
“The attackers continue to get more sophisticated,” Dahlin said. “Organizations are then continuing to improve their ability to identify attacks.”
The New York Times reported on the threat to research universities this week, pointing to China as the main source, with other attacks coming from Vietnam and Russia. A University of Wisconsin official told the New York Times that the school’s network faces 90,000 to 100,000 attempted attacks daily.
Amin, who previously worked on security for utility grids, said it’s not uncommon for large organizations to face 80,000 to 100,000 attempted cyberattacks a day. That number will only continue to grow, he said.
Most cybercriminals seek personal or financial gain, according to a 2012 report on data breaches published by Verizon. However, the report also noted an increase in the instances of hacktivism — attacks for political or social reasons.
University networks can be particularly tricky to defend because there are thousands of users often logging in with their own devices.
May estimated that 20,000 people use St. Cloud State University’s campus network daily. The U reports that about 65,000 devices connect to its network every day — from personal smartphones to tablets to university computers. Each connection has the potential to threaten the network, with everything from e-mail spam to more serious threats.
“I’m very impressed by how quickly our colleagues at the U localize a threat to ensure that it doesn’t become a widespread phenomenon,” Amin said. “We are as weak as the weakest link.”