University of Wisconsin–Madison
Silhouette of panel over circuits and cyber imagery.

UW Campus Vulnerability Scan Coming Soon

The following message is being distributed to the UW-Madison campus.

As most on the UW-Madison campus are aware, there have been an increasing number of high-profile IT security “matters” during the past few months. Many of these have been widely reported (such as the ransomware virus) and others are quite visible here at the UW-Madison. For example, there have been an inordinate amount of “phishing” type emails reported by people from all parts of campus.

Maintaining a secure network is an important part of our collective responsibility. While primary responsibility for securing the campus networks rests with the Office of the CIO, it is also quite possible that “vulnerabilities” exist in the various devices that are connected to the network, such as laptops/desktops/servers/printers and the like. Such devices can become “affected or infected” by any number of ways and have the potential to affect other devices on campus.

One of the techniques that many organizations use to help determine the extent of potential vulnerabilities in these various devices is called a “vulnerability scan.” We have engaged an external vendor to perform this service for our campus.  This will be done under the close supervision of our Chief Information Security Officer (Bob Turner) and our distributed IT professionals who work with the various units on campus. We expect that this will take place in early July.  This scan will involve the deployment of a “disappearing agent” to a large number of endpoints on campus. The information will be collected by the independent firm. They will analyze the data, destroy their copy of the data, and prepare a report which outlines areas of potential vulnerabilities that have been noted.

Please refer to the Office of Cybersecurity web page for more details as to how this will be administered, when, and how this might affect each department. Refer to the “Frequently Asked Questions” (FAQs) that have been prepared to address a number of initial questions.

Our IT team met with the University Committee (UC) to discuss this. The UC is supportive of the business need for this and has asked that we send out this advance notice, as well as prepare the FAQs.

We believe this is an important and necessary process and will aid our longer-term security planning.

Please share this message widely with your colleagues, including faculty. Not all people on campus will be affected by this but we want all to be aware that this is happening.

We appreciate your participation and thank you and your teams for your cooperation. If you have any questions please direct them to the Chief Information Security Officer and his team. You can also ask your local IT professional to assist you with understanding this project.

Michael Lehman
Interim Chief Information Officer