Research study identifies 2 million attacks in 4 months on two campus routers

In the first research study empirically assessing the impact of information security in America’s colleges and universities, the ISAI team has confirmed that attacks on campus networks have increased or remained consistent with the previous year. Further, these attacks appear to be part of an ongoing and deliberate probe of academia’s networks. Since Fall 2004, the ISAI team has been investigating the unique vulnerabilities of higher education’s networks and its ramifications for public safety and security. Funded by the Department of Justice’s National Institute of Justice, this study involved 15 interviews and 72 survey responses of campus CSOs and IT Directors, as well as network analysis of two campus networks.

Survey results indicate a great deal of progress in awareness and spending for information security on campus. Over three-fourths of participants indicated that their institution is “more prepared than two years ago” to defend against a major information security incident. However, about two-thirds of participants indicated the likelihood their networks may compromise individuals, other organizations, or critical infrastructure as moderate or low. When juxtaposed against the network analysis data, this idea is contradicted.

Network analysis, using a custom application of DShield.org, recorded almost two million attempted attacks violating the two participants’ firewall rules over just four months. Over ninety-five percent of attacks were inbound and involved database attacks, reconnaissance efforts, DDOS, and Internet vandalism. “These institutions are experiencing an extraordinary number of attacks, many of which are cutting-edge. This indicates we are facing sophisticated, focused adversaries,” stated Dr. Steffani Burd, the project’s Executive Director.

Network analysis results also indicate high levels of international interactions. One hundred seventy three countries were associated with inbound attacks, most frequently the U.S., Korea, and China. Eighty-seven different countries were associated with outbound attacks from the participants, most frequently the U.S., Denmark, and Malaysia. “These attacks not only cause damage to networks, but may also be creating a vibrant black market around the world that may be funding other, more illicit activities in the physical world”, stated Scott Cherkin, the project’s Director of Strategic Development.

Based on this study’s results and other relevant research, the ISAI team developed a data-based roadmap of practical recommendations for policy and practice. This “Information Security Roadmap” uses a risk management approach focusing on high-impact challenges that are under the control of information security professionals. The next step in diagnosing whether higher education is truly disproportionately vulnerable is to perform this research across multiple sectors.

This project was supported by Grant No. 2004-IJ-CX-0045 awarded by the National Institute of Justice, Office of Justice Programs, US Department of Justice. Points of view in this document are those of the author and do not necessarily represent the official position or policies of the US Department of Justice.