The following statement was issued on Friday, March 18, 2022, by the Executive Steering Committee, IT Governance at UNCG members: Provost and Executive Vice Chancellor Debbie Storrs, Vice Chancellor for Finance and Administration Robert Shea, Vice Chancellor for Enrollment Management Tina McEntire, and Vice Chancellor for Information Technology Donna Heath.
The War & Federal Warnings of U.S. Cybersecurity Vulnerability
Like others around the world, we watch, with horror and dismay, Russia’s violence towards the Ukrainian people. We denounce the war and advocate for an end to the violence. UNCG currently has no students, faculty, or staff in the Ukraine or Russia. We do, however, have students studying at UNCG from Russia, Poland, and other countries in the region and have reached out to these students to offer our support. Some of us may also have friends, family, and colleagues in affected areas. The employee assistance program is a free and confidential resource for those who need counseling services.
As the Russia-Ukraine conflict continues to escalate in Eastern Europe, threat intelligence shows an increase in the volume and severity of Russian Advanced Persistent Threat (APT) cyber activities against Ukraine. These attacks have the potential to spread to other countries, including the United States (US).
While there is no known direct, credible, or specific threat to North Carolina’s infrastructure at this time, the U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) warn that any US response against Russia could result in cyber-attacks against the U.S. by the Russian government or its proxies. CISA has launched Shields Up to help organizations prepare for, respond to, and mitigate the impact of cyber-attacks.
In response to Federal and State guidance and mandates, UNCG Information Technology Services (ITS) increased relative attack pattern evaluation and threat monitoring for all University critical infrastructure and key resources. Significant upticks in phishing and brute force attacks against targeted UNCG systems by actors in geographic locales of political concern were identified. These types of attacks are consistent with financially motivated threat actors and ransomware attacks.
Based on this and recent intelligence, ITS is acting swiftly to deploy critical defensive measures and safeguards recommended by the DHS, CISA, North Carolina Department of Information Technology, and UNC System Office.
Campus Impact and Support
We know that strengthening our security posture quickly causes some degree of operational change for faculty, staff and students. You may be prompted to take additional steps during your normal computing routine because we are implementing necessary risk prevention measures over the next several weeks, such as:
- increasing email phishing protections which will increase the likelihood that unintended messages are placed in the SPAM folder,
- enabling automated artificial intelligence defense for increased risk detection and prevention which will require additional login steps when a risk is detected, and
- requiring increased virtual private network (VPN) and multifactor authentication (MFA) usage in situations where risk is elevated.
If you need assistance logging in due to these heightened security measures, please contact 6-TECH. Please also be assured that every action taken at UNCG will be thoughtfully considered, consistent with the actions of other schools within and outside the UNC System, and in the best interest of the University. UNCG’s greatest defense against cyber threats is our collective and individual vigilance when using our electronic resources. Cyber Vigilance @ UNCG outlines best practices for protecting yourself and the University.
ITS is closely monitoring alerts from trusted information-sharing and analysis centers to ensure the protection of UNCG’s critical infrastructure and key resources. Although we cannot fully eliminate the cyber risks associated with current geopolitical tensions, the steps we have taken will provide increased cyber protection to our students, faculty, and staff, and increase our overall ability to continue to operate.
We respectfully ask for your partnership, stewardship, patience, and cooperation during this time of heightened cybersecurity risk.