Dec 2021: Lessons learned from a real-world ransomware attack on researchers at MSU

Ransomware report: https://hdl.handle.net/2022/26638

Cybercriminals are increasingly targeting researchers (along with hospitals, cities, schools, and utilities) because ransomware allows them to target a broader set of victims. Ransomware monetizes the attack by encrypting data and holding it ransom until victims pay, meaning victims no longer need to hold data of direct financial value. The proliferation of ransomware attacks has led to the U.S. Department of Justice calling it a growing national security threat.

The Physics and Astronomy department at Michigan State University (MSU) suffered a ransomware attack in 2020. The MSU Information Security Office partnered with Trusted CI, the NSF Cybersecurity Center of Excellence, to investigate the attack and produce a report for the research community on lessons learned.

This webinar by MSU CISO Tom Siu and Trusted CI, will present that report. MSU and Trusted CI will discuss the impact and lessons learned from the attack and offer cybersecurity mitigation strategies for protecting academic researchers. The webinar will conclude with a Q&A session. Audience members are encouraged to ask about their challenges engaging with researchers on the importance of information security.

Speaker Bios:

Andrew Adams is the Principal Information Security Officer at Pittsburgh Supercomputer Center (PSC) under Carnegie Mellon University, and the Security Manager for the Bridges-2 supercomputer. He also acts as the Chief Information Security Officer for Trusted CI, the NSF Cybersecurity Center of Excellence. Andrew holds M.S. degrees in both computer science and information science (U. Pittsburgh), and has 20+ years of experience in computer networking research as a previous member of PSC’s Networking Group, including operational responsibilities in the 3ROX GigaPoP. In the field of security, he has designed and developed multiple security oriented systems, performed risk assessments, developed security policies, and has engaged with the open-science community 15+ times to improve their cybersecurity posture. At present, his focus is on methods to keep HPC secure during the pandemic.

Tom Siu joined MSU IT in October 2020 as chief information security officer. As CISO, Tom leads the Security Engineering; Security Operations; Incident Response; and Governance, Risk and Compliance teams within the Information Security department and is responsible for the university-wide information security strategy.

Prior to arriving at MSU, Tom served as CISO for Case Western Reserve University (CWRU) for 14 years where he oversaw the development of the information security program. His notable achievements include the deployment of multifactor authentication and passphrases to all core services for all users, transition to default-deny network posture, creation and operation of a secure research computing enclave, and the development of a highly capable team of information assurance professionals. As a culmination of his time at CWRU, Tom’s team, in combination with colleagues from the Cleveland Clinic Foundation, worked to provide a secured operational IT environment for the first 2020 Presidential Debate.

Von Welch is the associate vice president for Information Security and executive director for Cybersecurity Innovation at Indiana University, executive director for the OmniSOC, and the director of IU's Center for Applied Cybersecurity Research (CACR).

CACR has a unique focus - improve real world cybersecurity for organizations with missions that challenge traditional cybersecurity approaches. Examples include research and development, open science, and highly distributed collaborations. CACR project partners and funders include the US Department of Defense, National Science Foundation, Department of Homeland Security, as well as private sector organizations - and Von’s roles span research, development, operations, and leadership.

He specializes in cybersecurity for distributed systems, particularly scientific collaborations and federated identity. His current roles include serving as PI and director for the NSF Cybersecurity Center of Excellence (Trusted CI), a project dedicated to helping NSF science projects with their cybersecurity needs. He is also PI and director of the Research Security Operations Center (ResearchSOC), a collaborative security response center that addresses the unique cybersecurity concerns of the research community.

Jeannette Dopheide