Using eduroam, other methods, ITS is hard at work to protect UK from cybersecurity threats

Students use University of Kentucky computers to complete classwork on Tuesday, Sept. 4, 2018, in the School of Arts and Visual Studies building in Lexington, Kentucky. Photo by Eddie Justice | Staff

You could call them the cybersecurity Avengers.

UK’s Information Technology Services staff has been diligently constructing an advanced cybersecurity program built to defend the campus from the constant “warfare” being waged on its sensitive data. And UK certainly has a target painted on its back.

UK is on the receiving end of roughly 2.1 million cyberattacks per year, and that’s just the ones it knows about, according to Data Privacy and IT Policy analyst Michael Sheron. Put plain and simple, “universities are a huge target,” said Sheron.

Devoted “hackers” are out to bust into UK’s network, hoping to get their hands on sensitive education records and sell them for a pretty penny.

The total cost of global data breaches is set to eclipse $2.1 trillion by 2019, according to research from tech market forecaster Juniper Research. And UK’s education records are prime pickings.

A single education record laced with personally identifiable information like birthdates and social security numbers is worth more to a hacker than a stolen credit card, according to Sheron.

While the ITS staff is doing their best to keep up with an ever changing and bustling cybersecurity industry, the hackers vying for the campus’s information are following suit.

“You watch popular media and it’s often this person with a hoodie in a basement, but really, they’re corporations,” said Sheron. “When you think about it, they are businesses, and that’s what they’re doing and that’s the way they’re training.”

To keep pace with newly-professionalized hackers, the ITS office is currently implementing a new wave of initiatives aimed at fortifying the university’s data security efforts.

“We’re always one step behind. When you’re on this side of the fence, you’re always going to be at least one step behind,” said Sheron.

You may have noticed the ITS office is beginning its crusade against data insecurity by transitioning to a new Wi-Fi network known as eduroam.

Eduroam boasts a performance bounds ahead UK’s previous network “ukyedu,” according to Price. Staff say the new weapon in the ITS arsenal is expected to give security a major bump.

“A secure network gives us a much better protection. It insulates us,” Price said of eduroam. “This is an industry best practice in higher education, so eduroam is a backbone that is used across higher ed and is very successful.”

Eduroam, complete with its secure login features, actively screens connecting devices and can make it easier to highlight attackers when they make a malicious move, isolating them before they “infect” the rest of the network.

This fancy new network came at a cost, though. UK recently footed the bill for $554,658 in costs related to the ITS office’s switch to eduroam, according to figures obtained through an open records request. Staff members say the sum was used to refresh a large chunk of the university’s IT infrastructure, much of which was approaching its expiration date.

“We want our students to have great access, and they’re paying for it, so they deserve to be the only ones using it,” said Rick Phillips, Executive Director of Networking and Infrastructure.

The price tag might come as a surprise for some who struggled connecting to the new network during their first few days of classes. ITS staff members say they were well aware of the semester’s early issues, and when push comes to shove, you can most likely find them in their office “war room” or with their boots to the ground, trying to help students out on campus.

“It’s all hands on deck,” Price said. “The proof is in the pudding. Hey, we had a bad day. We’ve had some intermittent problems… and we’re disappointed. That’s on us.”

UK’s next piece of ammunition in the fight against cyberattacks is its remodeled “next-gen firewall” designed to complement eduroam.

If UK’s security efforts were like a house, attackers previously had many points of entry through its windows and doors. The thousands of unmanaged devices like cell phones and laptops circulating around the campus make this a tough reality.

“It’s like we had shut the front and back doors, but we left all the windows open,” Sheron said of the previous system.

By employing the new network, the ITS office was able to “shut some of those windows,” Sheron said. The installation of a new firewall is simply another way to shut more windows.

The ITS office’s final arrow in its new trifecta intended to maintain security is the introduction of multi-factor identification in its login systems.

UK students and faculty will soon be asked to verify their identity when logging into sensitive information hotspots like their MyUK accounts. This extra measure is just another added layer sure to stump attempted hackers from accessing your personal data.

In the windstorm of enacting these new initiatives, the ITS staff has tried to not lose touch with its constituency.

“It’s going to be about people first,” Price said.

ITS staff members say they feel an obligation to help educate the campus community about their own cybersecurity.

“My job isn’t to lecture people and stand up in front of a classroom, but that doesn’t mean that I don’t have a responsibility to help educate students,” said Sheron. “It’s impossible for us to do everything. Cybersecurity is everybody’s sort of responsibility, and if we’re not communicating to the student body, the largest group of constituents that we have, we’re not doing a very good job.”

On top of their newest cybersecurity provisions, there are simple measures students can take to better secure their own devices. ITS encourages students to keep their devices updated with the latest patches, utilize the university’s multi-factor identification systems on their own devices as they become available and consider using unique passwords for each site they log in to.

Following the theme of a more thoughtful communication between university and student, the ITS office has also pushed to update the UK Administrative Regulations concerning cybersecurity.

AR 10:7 and AR 10:8, approved in July, now better define and clarify existing IT policy and provide an outlet for regular policy review.

The ITS office has also kept students at the forefront of its operation by actually hiring student employees to evaluate the policy from an outside perspective.

“We’re just trying to help people understand, help them do their job better. We want to make it easier for you to protect your data,” said Sheron.

While the IT professionals working in the ITS office may spend their days in the trenches fending off cyberattacks by the truckload, it seems the constant action hasn’t soured their love for the job.

“I feel like I’m making a contribution to the university that has meant so much to me,” said Sheron.

It’s easy to think of the ITS office as a jumble of wires and machines, but the wizards behind the curtain bring the place to life.

“The idea of constant improvement is really at the core of who we are,” Price said. “That makes it so fun, too. It’s not static. It’s living.”