Security Breaches and the “Crown Jewels” of Creativity and Research

Campus as targets

The recent data breach at Penn State was a reminder to me of how much research and intellectual property is created at America’s universities. Research in quantum computing, materials science, and missile propulsion systems are a tiny fraction of the intellectual property and research being worked on by universities under contract with and a wide variety of defense agencies or waiting for commercialization.

This isn’t limited to the US. In the UK the Guardian reports, “…Students come and go, bringing laptops and mobile devices; visitors pass through from across the globe; researchers link up with organizations worldwide.” Collaboration across the globe and with governmental agencies comes with the territory. “There simply isn’t the ability to lock things down the way you could in a commercial organization.”

In the last 12 months Carnegie-Mellon, Stanford, University of Maryland, University of North Carolina at Chapel Hill, University of Delaware, and Virginia Tech University, and Marquette University have all been hit with data breaches with hackers looking to steal usernames and passwords of students and facility.

Intellectual property is the goal

The intellectual property that many research institutions generate is similarly appealing to state-sponsored actors looking to capitalize on U.S. economic investments. As the New York Times has reported, at least one university has faced up to 100,000 daily penetration attempts from China alone.

According to Eric Vanderburg, Director of Information Systems and Security at JURINNOV, Ltd., “Malware is often seen as a nuisance or a productivity inhibitor but an infected computer can pose a much great risk to organizations and it should not be overlooked.  Malware gets behind the organization’s perimeter and it can act with the credentials of legitimate users including administrators.”