While the federal government presses charges against a ring of foreign hackers who infiltrated some of the countrys largest corporations, American research universities continue to struggle with similar threats.
Institutions of higher education have long been under siege by cyber criminals, but in recent years intellectual property has become a prime target of sophisticated attacks. That has left the Triangles research universities scrambling to bolster their security efforts.
Weve put all these things into place that have made us more secure, but while were doing that, the bad guys are working faster and were struggling to keep up, said Ramon Padilla, deputy chief information officer and interim information security officer at the University of North Carolina-Chapel Hill. They just have more manpower. Its a tough fight. If you meet anyone who says theyre ahead, let me know.
All three of the Triangles research universities have recently expanded their information security departments and budgets. UNC has doubled its security staff in three years, bringing the number up to 14 after it completes its latest round of hiring. Duke University and N.C. State University each now employ about six people to deal exclusively with information security.
Cybersecurity has long been a concern in higher education, as colleges and universities house troves of data highly coveted by online criminals. University networks contain students social security numbers, parents and donors financial information and other sensitive files.
Institutions that focus heavily on research including UNC, N.C. State and Duke hold additional appeal for hackers. Research universities generate information that could aid in a range of activities, from product development to terrorism.
We think were seeing more attacks on valuable intellectual property, said Fred Cate, director of the Center of Applied Security Research at Indiana University Bloomington. Much of it has value that would lead to discovery. Many people think China is the main source of the attacks, but a lot of that is not based on evidence. Attacks dont come with location information thats easy to identify.
Universities spend a lot of time and money ensuring their data processing and storage methods comply with the myriad laws that protect students educational and health records. But some of those developments have come at expense of protecting research, according to Cate.
Universities only began taking concerted measures to protect intellectual property within the last two or three years, he said. Weve definitely been a latecomer to this dance. Even today, some universities dont have specific security measures to protect research. Its not even close to a consistent practice.
To strengthen its defenses, UNC is planning to install a firewall that will surround its entire network. It will cost about $500,000 to obtain and implement, and it will be fully functional within the next two years.
The university already maintains an intrusion detection system that helps block about 87 million unwanted connections to its network every week, Padilla said. Thats up from about 30 million three years ago. He estimated that the system examines between 15 and 30 percent of all network traffic.
If we examined all of the traffic, it would just eat up the system, he said. Were trying to cover the most important parts.
Instead of inspecting traffic, the firewall will allow only certain types of connections by default. Padilla estimated about half of UNCs peer institutions have taken similar measures to secure their data, while others have built firewalls around certain areas of their networks, such as research and data hubs.
Duke and N.C. State havent gone as far as to build wraparound firewalls, but both are taking measures to strengthen the security of valuable information. N.C. State is establishing a framework to establish data location and sensitivity. The university is working to map exactly where all of its research and personal data is stored, and it plans to color-code the data according to its value.
Different sensitivities of data will be coded green and purple, said Kerry Digou, manager of information security at N.C. State. Green means the data is in the public domain, while purple means its sensitive. We want to spend more effort protecting the purple stuff.
Duke is taking a similar approach. Richard Biever, Dukes chief information officer, said the university is working to establish protected enclaves where researchers can work without the threat of sifting through their findings from behind a computer screen.
Its one of those things were constantly evaluating, he said. We want to improve on what we already have because types of attacks change over time.
Unlike an individual or a corporation, universities cant build fortresses to protect digital data. Their network structures have to have some doors and windows to allow for the exchange of information in an environment that thrives on openness.
Cybersecurity wrestles with traditional academic culture, Cate said. The major question is, Does this intrude on academic freedom? Another big issue is money. Its not cheap.
Thousands of Internet-connected devices, from laptops to smartphones, enter and exit university networks every day, further complicating the cybersecurity landscape. By maintaining relatively porous networks, universities inadvertently make it easier for hackers sneak in. Some phish for keys in the form of usernames and passwords, while others simply break and enter through weak spots in the structure.
Were seeing more phishing messages than network attacks in a given month, Dukes Biever said. However, some of that is just noise because phishing attacks take minimal effort. With network attacks, they generally start with attacks on open ports or hosts and from there, they will attempt to see if there are vulnerabilities and exploit them.
Though UNC has seen an increase in unwanted connection attempts, there is some debate about whether the number of cyberattacks against universities is actually increasing. The technology used to detect potentially dangerous Internet traffic has evolved considerably during the past several years, and universities are dedicating more time and resources to monitoring their networks.
Were getting just getting a lot more traffic in general, N.C. States Digou said People are using the Internet more and more, and we have twice as many wireless devices on the network than two or three years ago.
While its unclear whether attacks are increasing in frequency, its clear theyre expanding in scope and complexity. Hackers mask the origins of the attack by borrowing the digital signature of a different device.
Theyre able to use someone that looks more neutral, Padilla said. Universities are one of those places they like to compromise. A foreign attack could look like its traffic coming from another university.
Even when the signature is real, its difficult to determine which areas generate the most attacks. UNC and Duke detect a lot of unwanted traffic from Russia and China, but they also repel attacks from nearly every other country, as well.
A huge amount of malicious activity is not original, Cate said. If I want to steal data, Im going to buy the virus from someone else and add my own pathway. If you look at the code, it could have originated somewhere completely different than where it came from.
The stealthiest of hackers hardly leave a trace. They lend credence to an adage that divides the Internet world neatly in two: those who have been hacked, and those who have been hacked but dont know it.
The only way to fully protect a computer is to turn it off and put it in ten feet of concrete, Biever said. Its an arms race.