All universities in North Rhine-Westphalia have been hit by cyber attacks to varying degrees in the past five years. This emerges from a response from NRW Science Minister Ina Brandes (CDU) to a request from the SPD parliamentary group. Universities with a technical orientation were therefore more in the focus of attacks than, for example, art and music colleges.
Attacks without consequences thanks to sensitized personnel
Most of the attacks had no consequences thanks to the sensitized staff, the minister reported. However, there have been successful cyber attacks with damage at eight universities: at the Ruhr University in Bochum, the Ruhr-West University of Applied Sciences, the University of Cologne, at the Heinrich Heine University and the Düsseldorf Art Academy, at the Bergische University in Wuppertal and each twice at the University of Duisburg-Essen and at the University of Applied Sciences in Münster.
From July, a cross-university advisory and coordination structure to strengthen information security at the universities will be set up at the University of Siegen, Brandes reported. The state government will support the network with around two million euros over the next three years. In the future, it will regularly produce reports on the risk situation and the implementation of information security at the universities and make them available to the state.
“Does the state government take the cyber attacks on universities seriously?”
From the special fund to deal with the consequences of the Ukraine war, the state government is currently providing the universities with around 41 million euros in the area of cyber security, Brandes replied to the SPD question: “Does the state government take the cyber attacks on universities seriously?”. The Social Democrats pointed out that the Federal Office for Information Security had rated the level of risk since the start of the Russian war of aggression against Ukraine as “higher than ever”. It is therefore important that universities can protect themselves against cyber attacks.
Brandes replied that the universities could use the money to switch their IT services to two-factor authentication, to buy better firewalls and to create contingency and recovery plans. Last year they agreed on a cooperative concept for data backup to protect against accidents. The state-wide service started in 2022 with the first backup location at RWTH Aachen University, financed with state funds of eleven million euros.
Backup Location and Service Provider
“This year the University of Duisburg-Essen and in 2024 another university will start as a backup location and service provider,” announced Brandes. To this end, the state is planning further investments of around eight million euros.
“One hundred percent protection will not be possible at the universities due to their size, heterogeneity, large number of access points and different IT skills of the users,” summed up the minister. “Ultimately, every university must take responsibility for the security and integrity of its own IT systems.”
In the event of an attack, the “Cybercrime” contact point of the State Criminal Police Office can be reached around the clock, every day of the week. The universities would also have to report such attacks themselves.
(bme)
