WPSU-header-triangles.png
Public Media for Central Pennsylvania
Play Live Radio
Next Up:
0:00
0:00
Available On Air Stations

How universities can better guard against cyberattacks as potential threat from Russia heightens

Peter Forster sitting in a radio studio with a microphone in front of him.
Min Xian
/
WPSU
Peter Forster, a professor emeritus in Penn State's College of Information Sciences and Technology, taught security and risk analysis and international relations.

Russia’s invasion of Ukraine has heightened concerns about cyber-warfare, including the potential for cyber-attacks on universities. WPSU’s Anne Danahy spoke with Peter Forster, a Penn State professor emeritus in security and risk analysis in the College of Information Sciences and Technology, about the types of threats universities should be on the watch for.

Here is their conversation:

Anne Danahy 
Obviously, cybersecurity has been an ongoing issue for a number of reasons for universities. But it seems like it's even stepped up more with Russia. Why are universities seemingly such good targets for cyber attacks and cyber threats?

Peter Forster 
I mean, one of the things we need to understand is that cyber threats have become an integral part of the foreign policy initiatives of a number of countries. And of course, from a US perspective, a number of our adversaries. So in US parlance, we talk about the concept of the irregular war, NATO talks about hybrid war, which is a combination of kinetic war and information war. And the Russians and the Chinese and the Iranians all have their names for for this new generation of warfare, that is really a combination of cyber of misinformation, disinformation. And then ultimately, the tragedy we're witnessing in Ukraine today, where this is actually combined with kinetic operations. So with that, as context, why are universities — why are they a target?

Peter Forster 
I think, one is, there's a wealth of information going on at universities, right? There's the research side of things. And at a place like Penn State, we do a lot of research on a range of topics. But I would assume one of the targets of any of our adversaries would be what are we doing to support the Department of Defense, but what's going on? What are the new things that the faculty at Penn State are coming up with or working with their colleagues in the U.S. government? What's out there? A second side of it is we have this large population of students. Third is what I would argue are the ports of entry into the university that makes it a likely target, we have a vast amount of work going on across the university, and particularly since COVID-19, at home, and one of the real questions becomes who has a handle on all of these devices that are linked into the university, ultimately, that can get into a variety of systems? Where are they? How careful? Are we, when a faculty member and I've done this a great deal in my career traveled overseas? How are you confident that when you take your computer overseas, it's not going to be compromised? In some respect?

Anne Danahy 
So is this even more of an issue now because of the situation with Russia's invasion of Ukraine? And then the West's response to it?

Peter Forster 
Absolutely. I would say that the threat of Russian interference within the United States in the cyber realm, and potentially universities has risen because of Ukraine, and even more so now that we're more than about six weeks into the Ukrainian situation. And the Russians have proven that they're not quite what they thought they were to say the least. And things aren't going well. I believe that we as a country are probably in the crosshairs of some kind of cyber attack as retaliation if they could be successful at doing it.

Anne Danahy 
What should universities be doing. Some of them probably already are taking steps. Obviously, we have, Penn State has two factor authentication. There's other types of security steps. But in general, what do you think universities should be doing to try to get ahead of the threats?

Peter Forster 
Universities need to share information among each other as to what's going on. They need to do it quickly. They need to be transparent with each other. If something's happening at Ohio State, we need to know about it here, in the cyber realm. We need to know about it here at Penn State.

Anne Danahy 
Any other thoughts about what we should be prepared for, specifically with the threats from Russia?

Peter Forster 
One is we have both suppliers to the university in the technology area, right? And we're concerned about how are they controlling things. But on the flip side, are we also being concerned that we're a good vendor for the groups that we work with, you know, how do we work with an agency in the Department of Defense? And how are we making sure that we're a good vendor? So that's a concern that I would have on both sides is people trying different ways to get into systems and potentially leveraging the university as an access point into it doesn't have to be US government? You know, Penn State has tons of corporate relationships. So do we Become unwittingly an entry point for somebody who wants to do nefarious action into something else?

I think another side of this is what would happen in the case of disruption at the university? What if I could get into the university systems and stop the registration system? For example? What happens if I could get into the university systems in create some kind of false incident during the football game? Sabotage for Yeah, kind of a sabotage or disruption for the sake of this, which is, you know, we've heard a lot actually, in the last couple of days, a lot of information, not University specific, has come out that chemical sector and energy sector, power plants should be cognizant of and be making sure they're up to date on security, because individuals are trying to, or countries are trying to get in and cause disruption, where they could actually look to turn off the power to something.

The other one that kind of concerns me is how do we as an academic institution, deal with disinformation, the kinds of things that the Russians are putting out there? And how do we deal with the fact that they may be targeting certain groups on campus? Where perhaps they feel they have some kind of opportunity for people that are at least sympathetic to their cause? How aware are we of what our faculty are looking at what the staff is looking at what our student population is looking at what kind of information is coming in? And I don't know how we do this …

Anne Danahy 
Right. Because that would be very tricky. When you start talking about looking at what types of information people are consuming. You don't want to be Big Brother.

Peter Forster 
I don't want to be Big Brother. I don't want to be East Germany. I don't want to be Russia. But again, I think it's an educational process is how do we begin to have conversations about what it really means. And there's some very good people, there's some people in IST, there's some people in Communications who are working on some of this stuff. How do you recognize misinformation or disinformation? How do you view things critically, particularly what you read online? How do you expand outside of your comfort zone, what we call the echo chamber, I think more generally, what we have to do as an educational institution is to be better about educating people about misinformation and disinformation. Critical thinking is a lot different in today's age. And it's significantly different when you have aggressive foreign powers that are trying to get out to your message. And what's been amplified from my perspective is really the Russian machine propaganda machine, for lack of a better term, since the start of the war in Ukraine. And what does that mean to the university population, where as you say, and rightfully so, we're free access. We should be free access, but free access comes with some personal responsibility of understanding what you're looking at and looking for truths.

Anne Danahy 
Peter Forster, thank you so much for talking with us.

Peter Forster 
My pleasure, Anne, thanks.

Related Content