IT services have been working around the clock since Friday in ongoing investigation into widescale cyberattack
Lewis & Clark has been the target of an ongoing cyberattack that has caused network outages of systems and services since March 3.
A campus-wide notification was sent at 7:35 a.m. explaining that the Voice over Internet Protocol (VoIP) phone system was experiencing an outage. Another notification was sent at 9:38 a.m. that all three campuses were experiencing a widespread outage with no estimated time for restoration. On March 4, the Executive Council notified the school that the outage was the result of an external cyberattack on all of LC’s IT systems, though the source of the attack is unknown.
According to tech company IBM, “cyberattacks are unwelcome attempts to steal, expose, alter, disable or destroy information through unauthorized access to computer systems.”
Motivations behind cyberattacks differ and fall into three main categories: Criminal, political and personal. More fringe motivations include espionage, spying and intellectual challenge. Cyberattacks can be both insider and outsider threats and tend to target personal data, IT services, clients lists and financial data. Cyberattacks can hurt enterprises, if successful. Practicing good cybersecurity habits is crucial, as in 2022 the average data breach in the U.S. costs $9.44 million.
According to IT student employee Gabriel Mantione-Holmes ‘23, the department has all hands on deck. However, a lot of information has remained confidential among staff and student employees.
“I do not know who we are working with, I do not know what they are even doing, I do know that I have been installing a software called Sentinel,” Mantione-Holmes said. “Clearly, our security was not good and that’s why we need to install that in our software. For something as big as this, it makes sense that there needs to be some discretion. There is a lot of opportunity for people to be liable in certain ways, say something on our end was not (as) secure as we thought it was.”
Sentinel is a software tool that mitigates security risks, improves compliance and maintains a detailed audit history of user, role and permission list changes.
At LC, the cyberattack has affected nearly every department. Bon Appétit catering services’ payment processing system was out of service. This led to a partial closure of the Trail Room where only coffee and grab & go food can be served. The outage also still affects students’ flex points, and meal swipes can currently only be used in Fields Dining Hall. The Dovecote remains open, but can only take cash or cards. According to Bon Appétit’s Food Service Director Ryan Jensen, this has greatly impacted students.
“Predominantly, our meal plans are not working which is why we cannot accept any flex point,” Jensen said. “Traditionally, students do not carry a lot of cash. As of Monday, when we started to reopen the coffee bars and the market, some students have taken advantage of it, some faculty and staff but we do not have the ability to accept flex points anywhere.”
Online services that require single sign-on — including Colleague, Moodle, Workday, StarRes, Slate, Panopto and Webadvisor — have been out of service.
In the Aubrey R. Watzek Library, desktop computers have been restored as Ethernet is still available on campus. Some network printers have been unavailable, as well as the Pionet secure wifi network. Director of Watzek Mark Dahl explained the impact of library shortages on students.
“It has had a modern impact on the library services. Anything that requires campus authentication has been disrupted. The system to log into the wifi in the library did not work for a while. Logging into databases and journals off-campus, like JSTOR, was disrupted,” Dahl said. “We have been lucky that a lot of our services are off-site, such as Alma and JSTOR. We have been able to patch things through so students can access those services. We will continue to do circulation and course reserves.”
Student researchers unable to access Primo’s various databases that require sign-on with LC credentials, such as Sage Journals, are able to access them by emailing Watzek and receiving working login credentials.
Online work orders to facilities have been unavailable and any urgent facilities issues should be directed to Campus Safety at 503-768-7777. All on-campus events and classes are continuing as scheduled. According to the Dean of the College Bruce Suttmeier, the outage has halted the advising period due to Webadvisors inaccessibility.
“The Advising Period for Fall 2023 Registration is currently running from March 6 through March 24,” Suttmeier said via email. “Due to the ongoing system outage, however, Webadvisor is not available to check program evaluations, look up class times, etc., and we recognize that this hampers faculty’s ability to accurately advise students for fall and clear them to register.”
According to Associate Vice President for Admissions Hollie Elliott, admissions data was similarly inaccessible through their program Slate. Only one employee will have access until March 7.
“The system that we use, the main office of it, they recommend that you have somebody who has the ability to access the system from outside if that was ever necessary,” Elliot said. “It turns out it is one of those situations where that comes into play.”
On the first day of the outage, admissions was focused on their in-person admissions event. The regular decision acceptance letters were also intended to be received today, so the department had to come up with a workaround for printing acceptance letters.
“I wouldn’t say we have had any huge impact, but it definitely has created some moments where we needed to be creative,” Elliot said.
Services that have been restored or not been impacted include LC websites, on-campus phone services, Gmail and the Google Workspace, classroom technology and online reporting through Maxient, according to the LC Newsroom website.
Changing passwords on lclark.edu accounts is not encouraged, as the system that manages network sign-on is unavailable. Any attempt to change a password will be unsuccessful.
IT services has had a backlog of work orders.
“Any normal IT work has been put to the side because we do not even have access to new work orders because the system is down,” Mantione-Holmes said. “Everything is devoted to the attack.”
Many LC students have improvised around the inconvenience of the outages. Many questions have been raised about how this affects scheduled exams, assignment deadlines and access to materials.
“I’ve talked to many faculty, many students over the past several days and I want to express gratitude for all the creative ways students and faculty have found to maneuver around the obstacles caused by this disruption,” Suttmeier said. “Patience and understanding is a great example of how this community pulls together in difficult times.We continue to work with IT to restore access. As our systems come back online, we will adjust the advising and registration periods as needed. Our primary goal is to ensure that faculty and students have time to plan for next fall, and that registration proceeds as smoothly as possible.”
The causes and consequences of this attack have been undisclosed. Many have been left to speculate. Mantione-Holmes thinks that this attack is a smaller practice for a bigger hacking attack.
“Hacking into systems, you cannot just jump into that,” Mantione-Holmes said. “You got to start on a small system first and then work your way up to a moderate system. Then, if that works, you can do a big system. LC is a couple thousand people. That is a moderate system.I kind of viewed this as someone’s practice run or it is a college with a bunch of wealthy students. If I was going to target a college, this is not going to be one where people are in debt. I could see trying to get banking information from us or social security numbers.“
The IT department has been working nonstop with external contractors to undergo an extensive technical investigation into the outage. This investigation is in its early stages and is very much ongoing. Currently, the top priority for the investigation team is to restore normal operations and protect data integrity. IT declined to comment at this time.