A memo from Bob Turner, Chief Information Security Officer and Director, Office of Cybersecurity:
In the wake of the recent events with Iran, there has been significant discussion regarding the nature and potential impact of cybersecurity threats UW–Madison may be under.
The Wisconsin Statewide Intelligence Center and federal agencies have no information to indicate any specific, credible threat to conduct attacks is present for UW–Madison or Wisconsin at this time. While it is difficult to judge the intent of nation/states, most of the intelligence agency advice is to provide practical tips and as always, to remain vigilant and diligent.
An article authored by Matthew Rosenquist, a respected cybersecurity strategist, explores potential cyber-attacks that could impact the United States to include:
- Disruptions to telecommunications and internet services across a broad region. This presents moderate probability, with moderate to high impact to university research, academic and business functions.
- Disruptions to financial services like lending functions, disrupting inter-bank transfers, or interfering with financial services (ATMs, deposits, withdraws, bill-payments, etc.). These types of events could last for a short time but they disrupt commerce and could have a lasting effect on consumer confidence. This presents low to moderate probability, with moderate to high impact based on the overall potential cost to the university.
My advice is to “Keep calm and carry on.” The things we should be thinking about now are the same precautions we should be taking every day.
The Office of Cybersecurity recommends taking advantage of the normal pre-semester testing of business, research, and academic information systems and do the following:
Review and update disaster recovery plans
- Test data and operating system backups
- Identify information systems that process or store restricted or sensitive data (which allows us to add these systems to our increased threat awareness protocols)
- Share information on suspected intrusions with the Cybersecurity Operations Center (email@example.com) promptly
- Increase routine surveillance for research, academic, or business critical systems
Additional information on ways to secure your information systems is available on the Office of Cybersecurity website. Please feel free to email the Office of Cybersecurity at firstname.lastname@example.org with your questions and concerns. Thank you.