As Classes Resume at UMass Lowell After Cyberattack, MIT Cyber Expert Weighs In

The University of Massachusetts Lowell resumed classes today after a cybersecurity incident shut the campus down for nearly a week.

Cybersecurity breaches like the one at Lowell have become a recurring theme over the past year, as attacks like SolarWinds and the Colonial Pipeline start new conversations around America's ability to defend its cyber infrastructure.

Stuart Madnick, director of Cybersecurity at MIT Sloan School of Management (CAMS), said that in terms of cybersecurity infrastructure, the higher education sector sits far behind the manufacturing and energy industries, which in turn fall a decade behind the nation's financial sector.

Madnick said that while every university is different, institutions of higher education generally do not view themselves as a target for attacks. Historically, fewer universities have been targeted than financial institutions, for example, so many schools have yet to reconcile with the growing threat of a cyberattack and how they can become targets.

However, for many bad actors, institutions of higher education are an appealing target.

America's universities receive over one trillion dollars in federal aid and funding from the federal government. Much of this funding goes toward sensitive research projects, which sometimes produce data that is sought after by foreign governments and criminal agencies.

To underscore the perception of this threat, the National Security Commission on Artificial Intelligence (NSCAI) voted unanimously last February to approve a report suggesting a series of steps to protect universities from the leaking of research to the Chinese government.

However, financially motivated attacks on lucrative research are far from the only motive for cyberattacks. Madnick said an upset student or alum could attack a school for the sole purpose of creating chaos. Regardless of the source or motive, he said the collateral damage of a single attack can be huge, and universities must be prepared.

"There are many different motivations people have," Madnick told Newsweek. "To be safe, [universities then] shut down things that may not have been bothered, may not have been attacked, may not to be at risk."

"Often the 'collateral damage' [of a shutdown] is worse than attack itself," he said.

In its public statement on the attack, University of Massachusetts Lowell remained vague about the nature of the attack and the potential motivation for it. The university focused on its plan to institute a system of two-factor identification to protect against a similar issue in the future.

No matter the nature of the threat, Madnick said institutions can better protect themselves by providing greater overall training for staff and students on how they can protect themselves from attacks and become familiar with their warning signs.

He said that they have found in research projects conducted by the CAMS center that this issue can be addressed through repositioning cybersecurity's place within the workplace culture.

"If you were to go into a manufacturing plant, it's not uncommon to see a sign over the door that says, '550 days since the last industrial accident,'" Madnick told Newsweek. "When's the last time you went into a data center and saw a sign that said, '50 milliseconds since last cyberattack?' That's a mindset of caution and conservatism that's coming, but it's coming very slowly."