After three weeks of its network systems not fully being restored, the University of Texas at El Paso has yet to provide details about the “unauthorized and potentially malicious intrusion” that caused the networks to fail.
Yuan Stevens, policy lead on technology, cybersecurity, and democracy at Ryerson Leadership Lab in Canada, says that it has taken the university, “unreasonably long to get its systems up and running.”
“The fact that the systems are so slow to restore to working order suggests that they don’t have adequate staffing and expertise needed to respond to breaches of data and cyber attacks,” Stevens said.
William C. Banks, a professor of law emeritus at Syracuse University, says an outage could be expected to take weeks or longer to repair.
“A lot of the damage requires rebuilding an internal system and that’s not something you can just flip the switch and it’s done,” he said.
According to the university’s incident response plan and security management standard form, there is not an exact timeline of when UTEP has to notify the public of breaches or when they have to get systems back up, Stevens said. She also noted that the report doesn’t “contain any indication as to how they determine the level of criticality associated with the security incidents.”
Both experts speculate the Microsoft Exchange hacks could be a potential reason for the outage.
In early March, news of a Chinese-linked hack to Microsoft servers was reported to have impacted approximately 30,000 users in the United States and 250,000 globally, according to a CNN article. The hack which impacted both individuals and businesses was assessed by a White House senior administration official to be “sophisticated and capable.”
“What was unique about the hack is that it was launched inside the U.S.,” Banks said. “It’s far easier for perpetrators to work inside than outside.”
UTEP uses Microsoft Exchange as their email server provider.
“They should’ve backed up data and employees should be trained on phishing and email scams,” said Stevens, who provides policy material and expertise to Canadian and international audiences. She added that offline backups would have made it easier for the school’s networks to get back online.
Although it’s hard to tell, Banks also speculates that the university could have been hit with a ransomware attack.
The U.S. government’s cybersecurity and infrastructure security agency defines ransomware as “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.” Ransom is typically demanded and perpetrators usually threaten to leak important files and data if the ransom is not paid.
“If they were hit by ransomware, they may be unable to talk about it or may not want to talk about it,” Banks said.
UTEP officials have declined to respond to most questions from El Paso Matters about the attack, including whether ramsonware was involved.
Concerns about transparency have been aired by both students and faculty. Stevens thinks the university is trying to save face.
“I can see that the university is probably doing a little bit of a dance to save face and hold onto their reputation by withholding information that they want to confirm,” Stevens said. “However, it’s important to keep in mind by being transparent they can actually improve people’s trust.”
While UTEP officials have stated that they believe “no personal information has been compromised,” Stevens says information could have been compromised.
“When you are a part of an institution whose entire computer system has been subject to potentially malicious intrusion that’s also unauthorized, I think it makes sense to be wary and assume any information you’ve given to the university could have potentially been accessed and used without your consent without the university’s knowledge.”
UTEP has not sought the help of the FBI, according to special agent Jeanette Harper. Stevens said the lack of outside support could prolong the outage. UTEP officials have declined to answer questions about what outside assistance they have sought in dealing with the intrusion.
“It’s really important that institutions employ and call on services of hackers and cybersecurity experts because when they fail to employ their teams of the requisite needed then this is what happens,” Stevens said.