Friday, July 25, 2014
YOLO COUNTY NEWS
99 CENTS

Barrage of cyberattacks challenges campus culture

By Richard Pérez-Peña

America’s research universities, among the most open and robust centers of information exchange in the world, are increasingly coming under cyberattack, most of it thought to be from China, with millions of hacking attempts weekly. Campuses are being forced to tighten security, constrict their culture of openness and try to determine what has been stolen.

University officials concede that some of the hacking attempts have succeeded. But they have declined to reveal specifics, other than those involving the theft of personal data like Social Security numbers. They acknowledge that they often do not learn of break-ins until much later, if ever, and that even after discovering the breaches they may not be able to tell what was taken.

“The attacks are increasing exponentially, and so is the sophistication, and I think it’s outpaced our ability to respond,” said Rodney Petersen, who heads the cybersecurity program at Educause, a nonprofit alliance of schools and technology companies. “So everyone’s investing a lot more resources in detecting this, so we learn of even more incidents we wouldn’t have known about before.”

Tye Stallard, UC Davis information technology security manager, said the campus uses a multi-layered security approach that has benefited from a renowned computer security research program on campus, one that dates to the 1980s, and hosting a UC cybersecurity symposium.

The 10th such conference was held recently and remains relatively unique, even though, unlike, say, large corporations, academic institutions regularly share information about threats and collaborate to find solutions.

Just one of UCD’s security systems tallied 3.2 million attacks in the past week, Stallard said. In the past two years, UCD has suffered only one serious security breach. It affected about 10 people out of the 50,000 or more students, staff and faculty who use its network.

The UC system has some 2 million addresses on the Internet, Stallard said — “We’re a big target.”

Said Cheryl Washington, UCD’s new chief information security officer, “The attacks that we’re seeing today are very sophisticated and very persistent.”

“Because we work in higher education, we work in an open environment that creates things of real value: intellectual property,” said Washington, who arrived in Davis in June after serving in the same capacity for the UC Office of the President and, earlier, for the California State University system. “Our goal is to continue our mission, but be cognizant that we have valuable assets that need protection.”

Tracy Mitrano, the director of information technology policy at Cornell University, said detection was “probably our greatest area of concern, that the hackers’ ability to detect vulnerabilities and penetrate them without being detected has increased sharply.”

Like many of her counterparts, she said that while the largest number of attacks appeared to have originated in China, hackers have become adept at bouncing their work around the world.

Analysts can track where communications come from — a region, a service provider, sometimes even a user’s specific Internet address. But hackers often route their penetration attempts through multiple computers, even multiple countries, and the targeted organizations rarely go to the effort and expense — often fruitless — of trying to trace the origins.

American government officials, security experts and university and corporate officials nonetheless say that China is clearly the leading source of efforts to steal information, but attributing individual attacks to specific people, groups or places is rare.

An open style

The increased threat of hacking has forced many universities to rethink the basic structure of their computer networks and their open style, though officials say they are resisting the temptation to create a fortress with high digital walls.

“A university environment is very different from a corporation or a government agency, because of the kind of openness and free flow of information you’re trying to promote,” said David J. Shaw, the chief information security officer at Purdue University. “The researchers want to collaborate with others, inside and outside the university, and to share their discoveries.”

Some universities no longer allow their professors to take laptops to certain countries, and that should be a standard practice, said James A. Lewis, a senior fellow at the Center for Strategic and International Studies, a policy group in Washington.

“There are some countries, including China, where the minute you connect to a network, everything will be copied, or something will be planted on your computer in hopes that you’ll take that computer back home and connect to your home network, and then they’re in there,” he said. “Academics aren’t used to thinking that way.”

Bill Mellon of the University of Wisconsin said that when he set out to overhaul computer security recently, he was stunned by the sheer volume of hacking attempts.

“We get 90,000 to 100,000 attempts per day, from China alone, to penetrate our system,” said Mellon, the associate dean for research policy. “There are also a lot from Russia, and recently a lot from Vietnam, but it’s primarily China.”

Other universities report a similar number of attacks and say the figure is doubling every few years. What worries them most is the growing sophistication of the assault.

For corporations, cyberattacks have become a major concern, as they find evidence of persistent hacking by well-organized groups around the world — often suspected of being state-sponsored — that are looking to steal information that has commercial, political or national security value. The New York Times disclosed in January that hackers with possible links to the Chinese military had penetrated its computer systems, apparently looking for the sources of material embarrassing to China’s leaders.

This kind of industrial espionage has become a sticking point in United States-China relations, with the Obama administration complaining of organized cybertheft of trade secrets, and Chinese officials pointing to revelations of American spying.

Intellectual property

Like major corporations, universities develop intellectual property that can turn into valuable products like prescription drugs or computer chips. But university systems are harder to secure, with thousands of students and staff members logging in with their own computers.

Shaw, of Purdue, said he and many of his counterparts had accepted that the external shells of their systems must remain somewhat porous. The most sensitive data can be housed in the equivalent of smaller vaults that are harder to access and harder to move within, use data encryption, and sometimes are not even connected to the larger campus network, particularly when the work involves dangerous pathogens or research that could turn into weapons systems.

“It’s sort of the opposite of the corporate structure,” which is often tougher to enter but easier to navigate, said Paul Rivers, manager of system and network security at the UC Berkeley. “We treat the overall Berkeley network as just as hostile as the Internet outside.”

Berkeley’s cybersecurity budget, already in the millions of dollars, has doubled since last year, responding to what Larry Conrad, the associate vice chancellor and chief information officer, said were “millions of attempted break-ins every single week.”

Shaw, who arrived at Purdue last year, said, “I’ve had no resistance to any increased investment in security that I’ve advocated so far.”  Mellon, at Wisconsin, said his university is spending more than $1 million to upgrade computer security in just one program, which works with infectious diseases.

Along with increased spending has come an array of policy changes, often after consultation with the FBI. Every research university contacted said it was in frequent contact with the bureau, which has programs specifically to advise universities on safeguarding data. The FBI did not respond to requests to discuss those efforts.

Not all of the potential threats are digital. In April, a researcher from China who was working at the University of Wisconsin’s medical school was arrested and charged with trying to steal a cancer-fighting compound and related data.

New to academia

Last year, Mellon said, Wisconsin began telling faculty members not to take their laptops and cell phones abroad, for fear of hacking. Most universities have not gone that far, but many say they have become more vigilant about urging professors to follow federal rules that prohibit taking some kinds of sensitive data out of the country, or have imposed their own restrictions, tighter than the government’s. Still others require that employees returning from abroad have their computers scrubbed by professionals.

That kind of precaution has been standard for some corporations and government agencies for a few years, but it is newer to academia.

Information officers say they have also learned the hard way that when a software publisher like Oracle or Microsoft announces that it has discovered a security vulnerability and has developed a “patch” to correct it, systems need to apply the patch right away. As soon as such a hole is disclosed, hacker groups begin designing programs to take advantage of it, hoping to release new attacks before people and organizations get around to installing the patch.

“The time between when a vulnerability is announced and when we see attempts to exploit it has become extremely small,” said Conrad, of Berkeley. “It’s days. Sometimes hours.”

— Enterprise staff writer Cory Golden contributed to this report.

Comments

comments

New York Times News Service

  • Recent Posts

  • Enter your email address to subscribe to this newspaper and receive notifications of new articles by email.

  • .

    News

    Tech Trekkers boldly go into STEM fields

    By Amy Jiang | From Page: A1 | Gallery

     
    Decoding breast milk secrets reveals clues to lasting health

    By Pat Bailey | From Page: A1 | Gallery

    California climate change policies to hit our pocketbooks

    By San Francisco Chronicle | From Page: A1

     
    Davis braces for six days of scorching heat

    By Enterprise staff | From Page: A1 | Gallery

    Appeals court upholds high-speed rail route

    By The Associated Press | From Page: A2, 1 Comment

     
    Carwash raises funds for funeral expenses

    By Enterprise staff | From Page: A2

     
    Unitarians will host summer camp

    By Enterprise staff | From Page: A3

    Artists, photographers invited to support Yolo Basin Foundation

    By Special to The Enterprise | From Page: A3 | Gallery

     
    Sudwerk’s sales grow, floating on a sea of dry hop lager

    By Elizabeth Case | From Page: A4 | Gallery

     
    Wetlands visitors will see migrating shorebirds

    By Special to The Enterprise | From Page: A6 | Gallery

    ‘Bak2Sac’ free train ride program launched

    By Enterprise staff | From Page: A7

     
    Explorit: Wonderful wetlands right at home

    By Lisa Justice | From Page: A8 | Gallery

    Recycle old paint cans for free

    By Enterprise staff | From Page: A8

     
    Where your gas money goes

    By San Francisco Chronicle | From Page: A12

    Americans, internationals make connections

    By Enterprise staff | From Page: A16

     
    Can you give them a home?

    By Enterprise staff | From Page: A16 | Gallery

    STEAC needs donations of personal care items

    By Enterprise staff | From Page: A16, 1 Comment

     
    .

    Forum

    Trio disagrees on best option

    By Creators Syndicate | From Page: B5

     
    Tom Meyer cartoon

    By Debbie Davis | From Page: A10

    Predicting climate changes

    By Letters to the Editor | From Page: A10, 1 Comment

     
    Clinton’s book is worth a read

    By Letters to the Editor | From Page: A10, 3 Comments

    Thanks for emergency help

    By Letters to the Editor | From Page: A10

     
    Commenting system to change

    By Debbie Davis | From Page: A10, 31 Comments

     
    Support these local restaurants

    By Letters to the Editor | From Page: A10

    Let’s get the bench repaired

    By Letters to the Editor | From Page: A10

     
    .

    Sports

    Petrovic, Putnam share Canadian Open lead

    By The Associated Press | From Page: B1 | Gallery

     
    Moss powers A’s past Astros

    By The Associated Press | From Page: B1 | Gallery

     
    Enriquez brilliant, but Post 77 season ends with Area 1 loss

    By Bruce Gallaudet | From Page: B1 | Gallery

    Hudson solid, Hamels better in Giants’ loss

    By The Associated Press | From Page: B1 | Gallery

     
    The un-Armstrong? Tour ‘boss’ Nibali wins Stage 18

    By The Associated Press | From Page: B8 | Gallery

    .

    Features

    .

    Arts

    ‘A Most Wanted Man’: Superb espionage drama

    By Derrick Bang | From Page: A9 | Gallery

     
    Clyde Elmore: Art in the Wild

    By Evan Arnold-Gordon | From Page: A9 | Gallery

    Musicians perform at Sunday service

    By Enterprise staff | From Page: A17 | Gallery

     
    .

    Business

    Accord’s latest model is most fuel efficient

    By Ann M. Job | From Page: B3 | Gallery

     
     
    .

    Obituaries

    James Thomas Feather

    By Special to The Enterprise | From Page: A4

     
    Mary Lita Bowen

    By Special to The Enterprise | From Page: A4

    Richard ‘Dick’ Robenalt

    By Special to The Enterprise | From Page: A7

     
    .

    Comics

    Comics: Friday, July 25, 2014

    By Creator | From Page: A13

     
    .

    Real Estate Review

    Featured Listing

    By Zack Snow | From Page: RER1

    Professional Services Directory

    By Zack Snow | From Page: RER2

    Remax

    By Zack Snow | From Page: RER3

    Sherman Home

    By Zack Snow | From Page: RER4

    Tracy Harris

    By Zack Snow | From Page: RER4

    Vaughan Brookshaw

    By Zack Snow | From Page: RER4

    Lyon Real Estate

    By Zack Snow | From Page: RER4

    Julie Leonard

    By Zack Snow | From Page: RER5

    Ciana Wallace

    By Zack Snow | From Page: RER6

    Melrina A Maggiora

    By Zack Snow | From Page: RER7

    Joe Kaplan

    By Zack Snow | From Page: RER7

    Jo Vallejo

    By Zack Snow | From Page: RER8

    Karen Waggoner

    By Zack Snow | From Page: RER9

    Jamie Madison

    By Zack Snow | From Page: RER9

    Malek Baroody

    By Zack Snow | From Page: RER10

    Carol Coder

    By Zack Snow | From Page: RER11

    Diane Lardelli

    By Zack Snow | From Page: RER11

    Jason Sull

    By Zack Snow | From Page: RER11

    Coldwell Banker

    By Zack Snow | From Page: RER12

    Coldwell Banker

    By Zack Snow | From Page: RER13

    Julie Partain

    By Zack Snow | From Page: RER14

    Lisa Haass

    By Zack Snow | From Page: RER14

    Leslie Blevins

    By Zack Snow | From Page: RER14

    Yolo FCU

    By Zack Snow | From Page: RER15

    David Campos

    By Zack Snow | From Page: RER16

    Heather Barnes

    By Zack Snow | From Page: RER16

    Willowbank Park

    By Zack Snow | From Page: RER16

    Kim Eichorn

    By Zack Snow | From Page: RER17

    Dana Hawkins & Caitlin McCalla

    By Zack Snow | From Page: RER18

    Dana Hawkins & Caitlin McCalla

    By Zack Snow | From Page: RER18

    Susan von Geldern

    By Zack Snow | From Page: RER19

    Open House Map

    By jboydston | From Page: RER19

    Chris Snow

    By Zack Snow | From Page: RER19

    Travis Credit Union

    By Zack Snow | From Page: RER20

    Lynne Wegner

    By Zack Snow | From Page: RER21

    Kim Merrel Lamb

    By Zack Snow | From Page: RER21

    Martha Bernauer

    By Zack Snow | From Page: RER21

    Patricia Echevarria

    By Zack Snow | From Page: RER21

    Open House Map

    By Special to The Enterprise | From Page: RER23

    F1rst Street Real Estate

    By Zack Snow | From Page: RER24