Information Security in Academic Institutions
What this means to you . . .

If you are a student or a parent:
  • Your personal identification, health and financial data may be at risk and make you vulnerable to identity theft or fraud.
  • This may leave your financial data susceptible to hackers and result in widespread identity theft potential affecting the whole family.

If you are a professor, researcher or university employee:
  • Your intellectual property (IP) including research and development projects and proprietary coursework are at risk.
  • Additionally, as with students or parents of students, your personal identification, health and financial records are at risk and could
    leave your vulnerable to IP theft, identity theft, and fraud.

If you are a business person who relies on the Internet:
  • Commercial organizations have been affected by malicious attackers, using universities as a conduit, with increasing frequency
    over the years.  A notable incident occured in Spring 2000, when eBay, Yahoo and other websites were brought down by a high-
    profile string of distributed denial-of-service (DDOS) attacks.
  • In the past, a security breach at a university usually meant that someone had pulled the fire alarm at a residence hall at 2 a.m. The
    DDOS attacks—in which hackers often hijacked university systems to overload an e-tailer's Web servers with so many bogus
    requests that they couldn't respond to real ones—brought to light the vulnerability of the nation's universities.

If you are a government employee:
  • The government’s frequent collaboration with universities on projects ranging from high-technology solutions, cutting-edge
    research to process improvement for agencies, can impact your personal and work-related information.  
  • Students may not be vetted or background checked before involvement in projects impacting your agency.
  • Hackers often target students who wish to demonstrate their prowess or seek previews of movies and music.  They ask for access
    to other universities or government agencies and, in this way, create a virtually untraceable network of hacks across universities
    and into the government, where they can move around freely.  

If you live in the United States:
  • In the struggle to balance the desired openness of academic institutions with the need for network security, colleges and
    universities may be the weakest link in the chain of critical infrastructure security.   Perhaps the most frightening incident in which
    universities’ vulnerabilities can be exploited is a dedicated-denial-of-service attack (DDoS) on the U.S.
    critical infrastructure, in which university computers unwittingly serve as zombies.
  • A more gradual, but certainly crippling, effect on public safety and security arises from financial losses incurred by
    institutions: an informal Chronicle of Higher Education survey of nineteen research universities (March 2003) shows that each spent
    an average of  $299,579 during a five-week period last summer to undo the havoc wrought by the Blaster worm.
For more information:
contact@infosecurityresearch.org
(917) 783 – 8496
(646) 365-3148 (fax)

This project is supported by Grant No. 2004-IJ-CX-0045 awarded by the National Institute of Justice, Office of Justice Programs, US Department of Justice. Points of view in
this document are those of the author and do not necessarily represent the official position or policies of the US Department of Justice.