(Source: MIRS.news, Published 08/28/2023) The University of Michigan apologized to students and staff after cutting off online services to the campus Monday because of a "significant security concern." Classes started on time.
"Sunday afternoon, after careful evaluation of a significant security concern, we made the intentional decision to sever our ties to the internet. We took this action to provide our information technology teams the space required to address the issue in the safest possible manner," a university release stated.
The university said it could be several days before online services return. The Information Assurance team and cybersecurity partners were working on the problems and had already restored some systems. Federal law enforcement was also involved.
There were no impacts to the medical applications at Michigan Medicine, and cloud services are back online if using a cellular network, which was stressed because of the issue.
Several research-related systems and the campus internet remain down. Because of that, students wouldn't have late registration or disenrollment fees in August and there could be a delay in financial aid refunds.
"The ITS team and many others are working to resolve this issue and also considering the ramifications of this outage," said U of M spokesperson Kim Broekhuizen.
Ferris State University Center for Cybersecurity and Data Science Director Greg Gogolin said the fact the team was unplugging things didn't necessarily mean the university has been hit by a hacker or group.
"It may be because there's a huge fire, but it may be to prevent the fire. It's one of those things it's going to take a little bit of time to actually find out," Gogolin said.
He said all universities are targets for hackers of all levels, from national-backed groups to criminals, but there were usually intrusions happening at those institutions frequently.
"It's kind of like trying to drive down the highway without hitting any bugs. You know you're going to get some that hit you on the windshield, and you know you got them. But others are going to hit your grill and you're not going to realize it, but they still got you," he said.
Universities have large deposits of research servers that contain sensitive data and a repository of intellectual property that can be used by other countries to further their own technological or scientific research. The same information could also fetch a hefty price on the black market.
He said the personnel data in human resources was also another area hackers wanted to exploit, along with payroll and admissions information.
A possibility further down the list was a disgruntled student who was looking to delay the first day of class. He said it happened more in high school than in a higher-education setting.
"That's a little bit extreme, to not want to go to class on the first day, to try to bring down a network," Gogolin said.
One of the largest targets at a university, he said, was the Michigan Educational Research Information Triad (MERIT) Network, colloquially known as the backbone of the internet. The MERIT Network was formed through a partnership between Michigan State University, the University of Michigan, and Wayne State University. Today, the network includes public schools, community colleges and universities across the state.
MERIT was also the organization to be selected to hook up rural Michigan to broadband with a federal grant.
"These breaches can really get complex in a hurry. So the fact that they started unplugging a bunch of things, that was probably prudent because they may have unplugged something that may have removed a path to Michigan State or Ferris or Grand Valley," Gogolin said.
He said even after the systems were restored at the university there would be quite some time before the cause was learned, especially in the face of a massive demand for cybersecurity experts.
The incident was also another indicator of how cybersecurity was a bipartisan issue that impacted lives.
Gogolin said every organization should have established procedures for what would happen if or when a breach happens.
"If this happens you already know what to do rather than, 'whoops, this happened. Now what are we going to do,' and you're on the fly. That can slow an organization down and cause missteps," he said.
