From obtaining Social Security numbers or credit card information to attempting to cause a widespread outage for a ransom, cyberattackers may target universities for a number of reasons. That's why Johns Hopkins is preparing for the worst when it comes to cyberterrorism. The university held a cyberterrorism drill last fall and is currently following up on recommendations and findings.
The exercise, which took place in September, was designed to examine the impact of a cyber event on the Homewood campus and, in part, the larger Johns Hopkins University community. More than 200 people, including those from university administration and the Homewood schools, participated over the course of the two-day event.
The scenario initially centered on what was thought to be a facilities issue, with electronic door locks malfunctioning and changes happening to the heating and air conditioning system. "At that point, people started realizing that this was all electronically hooked up to our networks, then IT got involved," says Jim Aumiller, who managed the event in what was then his role as senior associate dean for finance and administration at the university's Whiting School of Engineering. The exercise soon progressed into a large-scale ransomware attack on computer servers, administrative and student information systems, and telephone systems. All systems were down.
As a result, after the event, participating central administration and school departments learned that previous methods of communications and communications tools had played key roles in how the drill unfolded.
"The way we communicate between the different teams could be more efficient," says Aumiller, who is now senior associate dean for strategic initiatives at the Whiting School.
Main takeaways from the event, Aumiller says, were enhancing coordination between Information Technology and the Incident Command System, developing messages and determining the recipients of the messages, and the need to have contingency plans for periods when communication systems are down. Other important next steps from the exercise include communicating to faculty and staff the identity of the incident commander of the Incident Command Center, and conducting a more far-reaching exercise that would include all university campuses.
So is the university prepared to handle a cyberattack? "I think we are more prepared now to handle the crisis than five years ago," Aumiller says. He says IT at Johns Hopkins and the Incident Command Center now directly communicate to ensure both are alerted of attacks in real time. Aumiller adds that Johns Hopkins Facilities and Real Estate has a number of ways to override control systems if this scenario happens.
The university conducts an exercise on different crisis scenarios each fall, and the planning team is currently selecting and coordinating its next exercise. "The beauty of doing this annually is we can keep this fresh on our minds," Aumiller says.
Go to the CEPAR website for more stories from the Hopkins on Alert newsletter.