The University of Michigan is facing a challenging start to the new academic year as it grapples with a full internet shutdown that has disrupted campus operations for two days. University staff initiated the shutdown in response to what they have termed a “significant cybersecurity concern” on the eve of the new school year.
This unprecedented move has had far-reaching consequences, affecting critical campus IT systems used for research, fundraising, and other vital functions. Financial aid reimbursements, crucial to many students, may also experience delays due to the ongoing internet disruption.
While campus computers are typically isolated from the public internet for security reasons, resourceful students have found alternative ways to connect via their cell phones. A recent update from the university indicates that staff are making progress in assisting students in accessing resources through off-campus computer networks. However, the recovery process remains ongoing.
The University of Michigan, renowned for its academic excellence and diverse student body of around 50,000, openly acknowledged the magnitude of inconvenience caused by the internet outage at the beginning of the school year. University President Santa Ono expressed his sentiments, stating, “The loss of internet access and other essential functions across the University of Michigan community cast an unfortunate cloud over an otherwise sunny and glorious start to the academic year.”
Students like Katherine Kiessling, a senior majoring in dance and computer engineering, have felt the impact firsthand. Kiessling reported difficulties accessing online lecture materials due to the internet outage, forcing her to return to her off-campus apartment to complete coursework between classes. “I’m expecting that I’m going to have to come back to my apartment to get any work done this week,” she told CNN.
The root cause of the outage remains unclear, although the university’s statements have strongly suggested that malicious cyber activity is to blame. Kim Broekhuizen, a spokesperson for the university, stated that they do not have additional information to share beyond the public statements released by the university.
This incident comes in the wake of a high-profile meeting at the White House with K-12 school administrators, where the need to safeguard schools against ransomware and other cyberattacks was highlighted, especially in anticipation of the new school year. While primary and secondary schools often grapple with limited resources to defend against cyber threats, universities, both large and small, have not been immune to such challenges.
Last year, Lincoln College, a predominantly Black institution in central Illinois, was forced to close permanently following a cyberattack, compounded by financial difficulties resulting from the COVID-19 pandemic.
Commentary:
The University of Michigan’s internet shutdown underscores the increasing cybersecurity challenges faced by educational institutions. The decision to disconnect from the internet, even temporarily, reflects the severity of the threat the university believed it faced. Cyberattacks on universities have been on the rise, targeting sensitive research data, personal information, and financial systems. This incident serves as a stark reminder of the need for robust cybersecurity measures in the education sector.
As for the question of whether shutting down the internet is an appropriate response to cyberattacks, it’s a complex issue. While it can be an effective short-term measure to halt ongoing attacks and prevent further damage, it comes at a significant cost in terms of disruption to critical services and the inconvenience it causes to students and staff. Universities and organizations should ideally focus on proactive cybersecurity strategies to prevent attacks, coupled with incident response plans that allow for more targeted and less disruptive actions in the event of a breach. Shutting down the internet should be a last resort, reserved for situations where there is an immediate and severe threat to the organization’s operations and data. Balancing security with continuity of operations is the key challenge in responding to cyber threats effectively.