U. fields thousands of cyber attacks
The University has seen an escalation in cyber-attacks in recent months and is spotting thousands of attacks from foreign sources every day, said Chief Information Security Officer David Sherry.
Though he declined to give a more precise estimate, Sherry said the number of attempts to breach the University’s network has risen to its highest point yet in his five-year tenure.
“It’s in the thousands,” he said. “It’s very difficult to know you’ve been compromised until you find out after the fact.”
That estimate is significantly lower than the 90,000 to 100,000 daily attacks the University of Wisconsin at Madison receives from China alone, which the New York Times reported this summer.
Sherry said faster computer processors, improved hacking methods and increased rewards for hacking are driving the latest uptick. He added that foreign governments have also been known to strike American university networks.
In addition to the “usual suspects” of cyber-attacks, which include Russia, China and Vietnam, Sherry said “we have one country — whose name I’d rather not say what right now — that we’re seeing do very targeted attacks on Brown’s infrastructure.”
But very few have been successful so far, and there have been no known losses of personal information like credit card or social security numbers, he said. “We’ve had no reportable breaches but many compromised servers.” Breached servers are often used to send spam emails.
Professor of Computer Science John Savage said the overall intellectual property assets lost to cyber stealing do not amount to much when compared to all other economic activity.
“I personally am not as worried about cybercrime as others are,” Savage said.
He cited a Center for Strategic and International Studies survey estimating that cybercrime costs Americans about $100 billion per year, less than 1 percent of last year’s gross domestic product.
The companies that rely on stolen intellectual property could have other long-term problems, Savage added. They must ultimately determine whether stealing patents will allow them to outcompete other companies producing original research and development, he said.
Though Savage expressed doubts about cybercrime’s impact on commerce, he added that attacks on governments can still pose a large threat to international and domestic security. As many as 500,000 American jobs could consequently be at risk, according to the CSIS study, which was sponsored by computer security company McAfee.
Sherry said university security methods are evolving and differ substantively from those in private industry. Decentralized networks used in academic and research departments often have direct access to the Internet that could expose the entire network.
“It’s not like financial services companies, where everything is controlled by one IT group,” he said. “But we think we built a secure-enough architecture so we can spot them before they get too far in.”
He said the best defense against cyber threats is constant vigilance.
“I try to get the word out to do the right thing,” Sherry said. “We offer state-of-the-art laptops for graduate students and professors traveling to these hotbed countries.” Each laptop is equipped with an operating system, Microsoft Office and a web browser. Sherry also advises users to rely on secure cloud services like Google Drive and Gmail when abroad.
If individuals do not borrow a laptop or cellphone, they are asked to have their computers scanned within their departments before they come back on to the University network, he said.
Sherry is a member of InfraGard, an information-sharing network sponsored by some large companies and the Federal Bureau of Investigation. Noting that “we are not an island,” he said the University frequently collaborates with Ivy League partners and other universities throughout the country on matters of network security.
“The country is safer when higher ed is talking to law enforcement at the national level,” he said.