The sooner that flaws in computer code can be found, the sooner they can be fixed — these are the fixes required to reduce the vulnerability that all networks face from cyberattacks. The problem is that government agencies such as the NSA are now outbidding software manufacturers when such vulnerabilities get discovered, meaning that the flaws remain unfixed and the attacks continue. In order to advance their own cyberwarfare capabilities, the NSA and other intelligence agencies now have a vested interest in perpetuating network insecurity. America’s research universities are now suffering the fallout.
The New York Times reports: America’s research universities, among the most open and robust centers of information exchange in the world, are increasingly coming under cyberattack, most of it thought to be from China, with millions of hacking attempts weekly. Campuses are being forced to tighten security, constrict their culture of openness and try to determine what has been stolen.
University officials concede that some of the hacking attempts have succeeded. But they have declined to reveal specifics, other than those involving the theft of personal data like Social Security numbers. They acknowledge that they often do not learn of break-ins until much later, if ever, and that even after discovering the breaches they may not be able to tell what was taken.
Universities and their professors are awarded thousands of patents each year, some with vast potential value, in fields as disparate as prescription drugs, computer chips, fuel cells, aircraft and medical devices.
“The attacks are increasing exponentially, and so is the sophistication, and I think it’s outpaced our ability to respond,” said Rodney J. Petersen, who heads the cybersecurity program at Educause, a nonprofit alliance of schools and technology companies. “So everyone’s investing a lot more resources in detecting this, so we learn of even more incidents we wouldn’t have known about before.”
Tracy B. Mitrano, the director of information technology policy at Cornell University, said that detection was “probably our greatest area of concern, that the hackers’ ability to detect vulnerabilities and penetrate them without being detected has increased sharply.” [Continue reading…]