In a report in the Financial Times, three areas where UK university research is world leading were particularly cited as likely targets: graphene development at Manchester university; quantum photonics at Bristol; and the recently announced UK Aerospace Technology Institute. “The threat against universities is two-fold: the hacking of their computer systems in Britain, and the theft of data from academics’ computers when they travel abroad,” warns the FT.
“This latest warning from Sir Jonathan Evans should come as no real surprise,” comments Paul Davis, VP Europe at FireEye. “The fact is that cyber criminals have altered their focus away from unwitting individuals for the purpose of relatively low-level credit card fraud and so on, and are now looking to large enterprises and even nations for the high financial rewards offered by their intellectual property.”
The FT reports Eric Thomas, president of Universities UK and vice-chancellor of the University of Bristol, as saying: “We are drawing the sector’s attention to these issues. We are saying, ‘You have to understand that you will be subject to purposeful attacks to get your data.’ Universities need to be on high alert.”
But he added that academe is not a closed community. “Academics are quite trusting people and sharing data is absolutely part of their DNA,” he said. This creates a tension between research practices and security, and a “generic cyber clampdown is unlikely to work.” One possible approach would be to identify the most important research and apply additional security to these.
This is the approach advocated by Davis. “It really is vital that those with much to lose from a hack, re-evaluate their enterprise security and begin by identifying the business’s crucial assets and whether these are robustly locked down. After all, with the risks facing the UK higher than ever before, it really is inevitable that your business will be targeted.”
Universities UK is currently preparing guidance on how universities should protect themselves.