Council Meeting — April 28, 2021

SFU gives ransomware attacks presentation to Council in final meeting of the semester

Image: Irene Lo

Written by: Karissa Ketter, News Writer

Update on SFU’s security measures since recent ransomware attack 

SFU chief information officer Mark Roman presented security updates to the SFSS Council. In light of the recent ransomware attacks, Roman reported SFU’s new security approach is “safety over convenience.”

Part of the new security system includes enforcing multi-factor authentication (MFA) for all faculty and staff by the end of May 2021. By the end of the year, all students will be required to use MFA. Students can switch to MFA at any time. Failing to do so before the deadline may result in account restrictions.

They are also introducing a Virtual Private Network (VPN) to all faculty and are hoping to extend the VPN to all students. 

Part of reimagining SFU security will include bringing SFU faculty who are experts on criminology, computer security, and privacy into a committee to guide decision making.

“We’re dealing with professional criminal organizations [and] nation-states. In other words, parts of nations’ armies now do cyber warfare and they’re attacking us,” said Roman. They added that attacks are becoming increasingly complex and sophisticated.

“Universities are institutions of national significance but we are culturally open [ . . . ] and that makes us vulnerable.”

Prior to social distancing protocols and off-campus projects being implemented, security perimeters used to exist around the university. “In IT, we used to have a data centre and some people on campus — and that was our perimeter. We could put firewalls around it and protect it,” said Roman. Now, creating a defense to cyber-warfare is growing increasingly complicated.

Roman noted over 12 cyber attacks on established Canadian post-secondary institutions since last February. Additionally, they said in the first week of April 2021, there had been multiple high security threats to major American universities such as Stanford University, University of California Berkeley, and Harvard Business School.

French student union representative Kylee Pocrnich questioned why it was necessary for students to provide their social insurance number on goSFU as it puts students at higher risk of identity theft. Roman did not comment, explaining it wasn’t in their expertise — but said they would update Pocrnich with more information at a later date. goSFU states that “SFU is required to collect your Canadian SIN/ITN or US SSN/ITIN for government reporting purposes and/or student financial assistance.”

In effort to protect data, Roman recommended students do not wait to sign up for MFA but so do immediately. They also said, “When we do open up VPN for everyone, I’d strongly suggest that [students] use VPN to access systems.”

Roman said SFU will be running a student advisory council for IT which is currently seeking volunteers. 

Donation of remaining funds

As the last Council Meeting of the 2020/2021 term, the Council decided to donate the remainder of their funds. This was introduced by Disability and Neurodiversity Alliance representative Serena Bains, who requested the funds go to an anti-Asian racism organization. 

Council voted unanimously to donate the $520 remainder of their budget to SWAN Vancouver: a local advocacy group for immigrant/migrant sex worker Asian women.

Leave a Reply