UTEP President Heather Wilson and University computer science professors give insight to campus operations following a site-wide outage that affected every facet of the University’s operations.
On March 5, students lost access to the MyUTEP banner page and, consequently, all information and services accessed therein. Blackboard, payroll, library services, financial aid, enrollment, and email, among others, were rendered completely inaccessible by what UTEP’s Information Technology (IT) team later defined as a ‘potentially malicious intrusion.’
UTEP’s social media accounts became the primary avenue through which the University connected with students and staff to provide updates on the outage.
With a number of upcoming midterm assignments and tests due before spring break, students were apprehensive about the inability to contact their professors. While the University stated professors should be flexible with students, this did not quell all concerns.
Ashley Rodriguez, professor of political science at UTEP, resorted to commenting under the periodic UTEP announcements on social media with class numbers and her name in hopes that her students would see her posts.
“If any of my pols 2310/2311 students see this, please rest assured you will not be penalized for this weekend’s assignments,” Rodriguez posted on UTEP’s Instagram comment section.
Vladik Kreinovich, Ph.D., professor of computer science at UTEP, expressed his gratitude towards UTEP’s IT team and their persistent efforts to restore the University’s site and services, as well as insightful opinions and observations surrounding the event.
“The fact that — as all of us learn from the news— serious military and government websites are periodically hacked, and sometimes, successfully hacked just by young kids, this fact shows that it is not possible to completely avoid such attacks,” Kreinovich said.
In January alone, UTEP analytics indicated Information Resources mitigated 22,000 attacks.
Kreinovich praised IT for being prepared for the attack and acknowledged the resiliency of UTEP students and their ability to adapt to complex situations at a moment’s notice.
“Such situations are not a pleasant experience, but they show that students have the skills and the drive to survive and excel in the real world, where unusual situations happen all the time,” Kreinovich said.
Deepak Tosh, Ph.D., professor of computer science at UTEP and specialist in cybersecurity and blockchain systems, weighed in on the frequency of cyberattacks and UTEP’s response to the outage.
Attacks such as the one UTEP experienced are typically the result of highly skilled adversaries that navigate laterally towards critical servers after probing for vulnerabilities in the system, Tosh said. He explained that while most organizations, the University included, operate to ensure any vulnerabilities in the system are patched and analyzed, sometimes a hacker can find the area first and exploit it.
“The past incident was of this kind, where the malicious actors found a security bug in Microsoft Exchange Server (mail) and then exploited additional vulnerabilities to create a backdoor remote access,” Tosh said. “The cyber-threat landscape is quite vast and difficult to keep up as the state-sponsored attackers are constantly targeting to exploit weaknesses in the applications.”
Tosh said that while the outage was a manageable inconvenience, UTEP’s infrastructure and programs have security as their top priority and IT exercised their protocol commendably. Although UTEP has yet to fully discuss the technical details of the intrusion, according to University officials, there is no evidence that suggests personal information has been compromised.
Wilson addressed faculty and student concerns regarding the site outage during a virtual town meeting Friday, March 12, including its cause and the executive decision to limit the dissemination of information.
Wilson said the standard procedure in the event of an unauthorized intrusion is to shutdown the entire network system and request assistance. However, according to Wilson, the cabinet had performed a cybersecurity exercise within the last three months and coordinated a planned practice attack eight months ago from another university to give system administrators experience about how to handle a real threat.
After UTEP became aware of the cyber-intrusion, according to the university, it followed standard procedures and received help from one of the top 10 companies in the country in cyber-security to focus on subsequent recovery actions.
“The intrusion happened at 4:30 in the morning on Friday, and the last time the University management systems were backed up was at midnight, so there was only a gap of about four and a half hours,” said Wilson. “The backup servers were not compromised. We have looked very carefully to see if personal information was found or compromised, and we have found no evidence of that and no evidence of exfiltration of information.”
Blackboard was considered the priority system to recover so students and faculty could communicate with one another. Other priority systems included campus Wi-Fi, Goldmine, Pete’s Payment Options, and HVAC.
As many of the social media updates reminded students, the Information Resources team must undergo the arduous and time-consuming process of running a software program across the network to find compromised machines or files on campus, checking each individual computer throughout the colleges and departments, according to priority, for any possible interference or compromise.
The Technology Implementation Managers (TIMS) of each college, deans and department chairs, as well as the specialist external company have gathered with Information Resources to work through the process of checking and restoring every computer in the network, with each department going up one at a time.
Multiple questions taken during the town hall expressed acute frustration with the lack of information given during the outage, claiming UTEP officials were seemingly not present and unresponsive, which resulted in stress for faculty and students alike.
Many demanded a concrete plan for facilitating faster responses, proper communication, and what proactive steps the university is taking to prevent such a disruption from occurring again.
Wilson took responsibility for the lack of communication but explained there was a significant purpose behind the silence.
“We had limited communication capability and we also didn’t know initially what we had, so we had to assess that,” Wilson said. “The strong advice from one of the top companies in the country was, ‘Do not overcommunicate early, because the criminals are watching you.’ We don’t want to tip them off in a way that could cause more damage to our systems and could prevent our ability to recover.”
According to Wilson, the goal was to strategically let people know there was a network outage of some kind, but not say where the University was in the process of repairing it.
“I take full responsibility for making the decision not to fully communicate on Saturday and Sunday to all of you because I did not want to simultaneously communicate to the criminals who were still trying to impede our operations and steal things from you,” Wilson said.
John Hensgen, a senior in English and American Literature, said he was confident in UTEP’s IT team and, while inconvenienced and slightly stressed by upcoming due dates, appreciated the adaptability of his instructors.
“I believe UTEP handled the breach well since our information was protected. The security of our social security numbers is much more significant than grades that can be waived or adjusted,” Hensgen said. “Students need be mindful that exceptions will be made since websites are going down due to circumstances out of their control.”
Wilson said individuals with a special expertise in cybersecurity are encouraged to offer their help, as the University is open to suggestions as to how to reduce the likelihood of this occurring again.
“The best thing you can do to help protect our network is to be cyber-aware yourself,” Wilson said.
As of March 16, all email accounts have been restored, while UTEP continues to recover central systems and applications as well as beginning to check every computer on campus.
Students are expected to resume classes after Spring Break on March 22.
Julian Herrera may be reached at [email protected].
