Higher Education Needs to Secure Its Networks
I am like any other millennial: glued to her phone, immersed in the blue light that’s slowly killing my eyesight and keeping me from the next thing on my to-do list. When I’m not using the internet to catch up with my acquaintances’ lives on Facebook, I’m probably on my school portal, AKA the website where I go to access class resources and discussion forums. It’s the Cal Poly San Luis Obispo equivalent of an assignment drop box.
When I’m on campus, I usually type in the URL and I’m there. Boom, no problem. But one day, I went about my normal internet browser routine and I couldn’t get online. I tried Facebook. Nothing. I tried the Cal Poly domain. Nothing. Embittered by the Wi-Fi’s inability to meet my social media and academic needs, I decided to look into why I wasn’t able to connect to the server. After talking to some of the information technology services staff on campus, I uncovered the cause of the inconvenience: cyber sabotage.
It turns out, Cal Poly’s firewalls, the gatekeepers of legitimate and malicious online traffic, aren’t as strong as they should be. When a school’s firewalls aren’t able to perform their function, universities like mine become vulnerable to cyber attacks.
On a national level, the strength of cyber security features, like cookie verification (yes Yahoo, I’m looking at you), could make or break the integrity of the accounts of billions of users. Hackers can have ties to foreign governments–just look at the recent federal indictments of Russian operatives for a 2014 breach of half a billion Yahoo accounts.
But despite having measures in place, like the firewalls within the California State University system, my school is constantly under attack. Cal Poly Information Technology Services Deputy CIO Ryan Matteson told me the school is being attacked every hour of every day. He says, it’s simply part of being on the internet today.
Hackers are targeting the school using techniques like distributed denial of service (DDoS) attacks, which overload websites with traffic, and cyber-crimes like phishing and spam, which use emails to attempt to steal passwords and collect credit card information.
It’s not just Cal Poly that’s a target, it’s higher education in general. Universities contain large amount of sensitive information, including social security numbers, passwords and personal information. All of these educational institutions are vulnerable to cyber security attacks.
Some hackers just hack for practice, according to Cal Poly computer science professor Zachary Peterson. He says universities are like guinea pigs for hackers looking to carry out their attacks on a larger scale.
There’s not that much that can be done. While hacking into a computer system is illegal, criminals online are rarely caught. An attacker’s physical location is not always the same as where the computer attack comes from. From a global perspective, people initiating these attacks could come from anywhere: around the world, around the country or even a neighbor living next door. A 2014 article in our campus newspaper, the Mustang News, showed that phishing emails to Cal Poly came in from countries as far away as India, China, and Russia.
When hackers escape retribution, universities are left with a muddled network and bitter Wi-Fi-less users, taking a toll on a 21st campus. Nonetheless, universities must find better ways to secure their networks. Current methods of improving university internet networks include stronger filters within firewalls, more education for campus users, and software updates. T
The problem is: software secuirty updates aren’t a bargain on a university level. While anti-virus software might cost a student $50 or so, they can cost colleges millions of dollars. The California State University System allotted 25 million dollars to maintenance and utility infrastructure needs in the 2016-17 year, but the system’s budget report did not specify how much was allotted to network security. To paint a rough sketch, a company of 30 to 50 employees may need to spend $50,000 to keep its internet security in check, according to a report by the Associated Press
So thinking back to my annoyance at not being to access my school’s Wi-Fi network–what seemed to be a minor setback in my ability to take part in my daily social media activities turned out to be a microcosm for a much bigger issue: high education’s cyber security pitfalls.
While students like me can take small measures to protect themselves, like changing passwords and keeping computer software up to date, it’s ultimately up to schools to step up and protect the personal data they gather from young people. Without proper security measures, like ways to prevent cookies from being replicated and cyber footprints from being cleared, we could all face much more severe consequences like identity and credit card theft.
If they really want to better protect students (and themselves), universities will have to start treating the issue of cyber security with the same level of seriousness as the IT professionals and computer science professors they employ.
Megan Schellong, 20, attends California Polytechnic State University in San Luis Obispo, California.