In the past year, the news cycle has featured stories of data breaches on an almost weekly basis. Last week, Wikileaks revealed a previously secret email archive from former Secretary of State Hillary Clinton about speeches made to corporations. Before the Democratic National Committee convention in July, the DNC’s servers were allegedly infiltrated by Russian hackers. Yahoo was also recently revealed to have willingly deliver handpicked email content to government intelligence agencies. With the increasingly pressing threat of cyberattacks, cybersecurity should not only be a concern for leaders and businesses around the world, but also for our campus community.
The vulnerabilities of Georgetown’s cybersecurity infrastructure have resulted in various attacks in past years. In 2006, approximately 41,000 Social Security numbers were compromised and taken after a university computer server was hacked. This March, major hospital chain MedStar Health Inc., which has a Georgetown facility, suffered a crippling cyberattack, affecting the computer programs and electronic services for a hospital system handling over 30,000 employees and at least 1,100 patients. As recently as early April, a bug in our university Wi-Fi’s firewall caused an outage in wireless services for the entire main campus.
With October designated as National Cybersecurity Awareness Month, the university should take the opportunity to make sure our current infrastructure is in a position to combat attacks similar to those in the past. In addition, all students here should seek to increase their cyber literacy and protect themselves from future cybersecurity threats through possible UIS initiatives.
It is clear that our generation lives on the internet. We all have our personal data, credit card numbers, medical records and likely even more personal information stored in the cloud, and the market for private information is growing rapidly. Between 2006 and 2013, over 550 universities reported a security breach of some sort, according to an NBC report. Symantec’s 2015 Internet Security Report identified that at least 10 percent of all security breaches occurred in the education sector. Clearly there is a need for both shoring up our security — from our firewalls to our personal passwords — and identifying potential threats or compromises prudently.
The university is already taking steps to overhaul the existing Wi-Fi system to better serve the increasing technological demands of our community. While this commitment is more than welcome, UIS should ensure that the telecommunication companies and service providers with which it pursues new contracts over the next year will be able to help strengthen our firewalls and prevent crippling denial-of-service attacks that can lead to outages in networks and compromised data, as was experienced in this year’s major Wi-Fi outage in late March.
UIS could also play a greater role in informing students, faculty and staff alike about the dangers of cybersecurity through a greater number of educational initiatives. UIS currently offers a brief 15-minute online course that guides users through basic security threats and precautions they should take. It even encourages students to change their passwords to better ensure security. It may be more helpful, however, to host mandatory class sessions for incoming students and faculty to educate them about concerns ranging from identifying a compromised computer, spotting viruses or possible phishing attempts.
Cybersecurity threats are not obscure — they are relevant and potentially damaging to each and every member of the Georgetown community. A further dedication to cybersecurity and increasing cyber literacy among our community is essential, ensuring that students will be more poised to deal with such issues whenever and in whatever situation they may occur.