Following last semester’s cyberattack that paralyzed several of Binghamton University’s online services, new cybersecurity measures are being implemented for students, faculty and staff.
On Feb. 4, the University announced that school systems currently using the Central Authentication Service (CAS) for logging in, which includes students’ BU login, will switch over to two-factor authentication (2FA) protocol in mid-February. This will require users to complete an additional factor in order to log into their accounts using a time-based one-time passcode. Currently, the University uses 2FA for users logging onto the campus’ virtual private network (VPN), Pulse Secure. However, the University’s Information Technology Task Force (ITTF), a security committee made up of BU officials which aims to improve the cybersecurity on campus, approved the usage of a 2FA protocol for all users who opt for it regardless of whether they are on the VPN. Later in the semester, the University plans to require all users, including students, to set up a 2FA for PODS campus accounts via Google Authenticator and Authy for free.
This move comes a few months after the Nov. 7 cyberattack, which resulted in many school systems being shut down, including the BU Library Interlibrary Loan (ILL) service, Print@Binghamton and Kronos, the school’s payroll system. No campus data was taken by the hackers. The ITTF, which formed following the attack, investigated the situation and sought out methods to improve the campus’ IT infrastructure. JoAnn Navarro, vice president for operations and co-chair of the ITTF, believes the diverse backgrounds and knowledge of the members will have a profound impact that will make campus members feel safer with their personal data.
“The members of the [ITTF] represent a broad spectrum of the campus,” Navarro said. “They are not only key IT people from across the divisions but also academics with expertise in various areas of IT security and other leaders in the academic community. These individuals have all played a tremendous role in helping shape the recommendations for the future of cybersecurity on campus.”
Immediately following the Nov. 7 cyberattack, faculty and staff were asked to install Carbon Black onto their University-owned computers, an endpoint detection and response (EDR) security tool that provides insight of any malicious activity within the campus network. According to Niyazi Bodur, BU associate vice president and chief information officer, the University did not have any malicious activity over the past few months. However, with the expiration of the Carbon Black contract upcoming and uncertainty over which EDR will be used after, Bodur viewed the 2FA as an essential security measure, especially as cyberattacks are becoming more prevalent in today’s society.
“By some measures, from 2019 to 2020, cyberattacks grew 50 percent,” Bodur said. “Ten years ago, they were unique incidents that happened to a small handful and mostly to big companies, not universities. What we are implementing eliminates that risk. It will give us a good front-door solution that’s more secure. 2FA is the industry standard, and it’s used by other universities, including SUNY University Centers. This will enhance security at our front door.”
Theodore Tourneux, a sophomore majoring in actuarial sciences, believes the additional cybersecurity is a worthwhile investment but has its drawbacks.
“I like the idea that our accounts will be safer with [2FA].” Toruneux said. “It is true we have a lot of important and private information that can be found under our accounts, credit card information for billing purposes comes to mind. Nevertheless, I do not know if [2FA] is necessary for each and every time we log into our account. I personally log in to my account, at the bare minimum, once a day, and over the course of the semester, a second authentication could be the source of a great loss in time, especially given the number of students who will need to do this.”
While the current cybersecurity measures have room for improvement, Bahgat Sammakia, vice president for research and co-chair of the ITTF with Navarro, said the committee regularly meets to discuss new ideas and concerns in order to fulfill their aim to protect the University from any such breach again.
“Overall, the [ITTF] quickly focused on a few important items that were needed to be added to our system, and we agreed that an educated community, from an IT perspective, is a more secure one,” Sammakia said in a statement. “As [ITTF] chairs, [Navarro] and I feel that the task force is working really well as a team and quickly arrived at pragmatic, reasonable security measures to add to our system, which will significantly enhance our security and resiliency.”