With cyber attacks increasing, GW strengthens defense of its servers

GW’s computer systems have needed to withstand increasingly complex attacks from China and Eastern Europe in recent years, pushing the University to build up its defense system that protects servers carrying confidential information.

Chief Information Officer David Steinour said he has expanded training for security engineers, paid for new technology and stepped up efforts to help students and faculty detect unusual activity.

Attempts to breach cyber security are common at large institutions like colleges, said computer science professor Rahul Simha, as hackers are often drawn in by social security information and plans for valuable patents.

“This is a sort of cat-and-mouse game now between attackers and defenders,” Simha said. “As there are more and more tools available for detecting vulnerabilities, attackers have now looked harder, and some of the vulnerabilities that they find are very intricate.”

Steinour said while computer engineers are steadily improving defense systems, recent attacks are tougher to fight, requiring swifter action against small threats to avoid their escalation into large-scale problems for the server.

The attacks can lead to data theft or viruses, and can be the result of a site overload – when requests from thousands of machines slow the servers so users cannot access it. They could also be attempts to exploit a hole in the site’s code.

About one quarter of GW’s cyber attacks are specifically targeted at the University’s websites or data, often searching for researchers’ intellectual property data. The remaining 75 percent occur when attackers detect weaknesses in a site’s defense system; these types of attacks are easier to control.

James Lewis, a cyber security expert at the Center for Strategic and International Studies, said universities attract a higher number of cyber attacks because students’ computers are good places to spread spam emails.

Lewis added that the rise of social media sites like Facebook have made it easier to research victims of cyber attacks. Those committing cyber attacks – often criminal groups associated with foreign intelligence agencies – know how to find information about victims that help them uncover their passwords, he said.

Attacks targeting intellectual property most commonly originate in China, while other crimes often come from Russia and Eastern Europe, said Amy Butler, an administrator who oversees GW’s information security.

While GW’s main websites are secured, Steinour said an attacker broke through the defense of a Columbian College of Arts and Sciences website in March.

The attack targeted an outdated research group’s site on the Columbian College server, but did not leak any sensitive information, said Sean Connolly, who runs the school’s information technology. The site was scheduled to be upgraded this summer, but the attack, which targeted a small piece of code, pushed forward the upgrade.

He declined to say the source of the attack, adding that it was not dangerous to University data. “We’re much more concerned about the confidential data that we store,” Connolly said. “From our perspective, the web compromise was unfortunate, but the impact was relatively low.”

Steinour said GW spends a comparable amount of money on cybersecurity to other universities, but declined to provide a specific amount.

Lewis said organizations like banks and universities started pouring more money into cyber security about a year ago, after Iranian hackers attacked U.S. banks and infrastructure. He said protecting networks with special systems or technologies that involve around 10,000 computers can cost millions of dollars annually.

“Effective security at this level must involve defense, detection and remediation,” Steinour said in an email. “Having a deep understanding of the tactics and techniques within the current threat landscape is a very important consideration to safeguarding the University network.”

The Hatchet has disabled comments on our website. Learn more.