During the cyber attack on the TU, the scripts for crises were also unreachable. ‘Fortunately they were in our head’

Patrick Groothuis, vice-president of TU Eindhoven, was sleeping at home when the IT team of the university tried to call him in the night from Saturday 11 to Sunday 12 January. His phone stopped. When he woke up a little later and looked at his phone what time it was, he saw that he had missed two calls. On the voicemail there was a message from his IT colleagues: Hackers had managed to access the university’s network.

He called back and was told that alarmed IT employees had tried in vain to challenge the invaders. Just before midnight it was decided that there was only one solution: turn off all network connections. « You suddenly get into a different reality, » says Groothuis, who at the time led the central crisis team.

This Monday, TU Eindhoven looked back on the cyber attack, which ensured that the university remained closed for a week in January. The university also made public reports from FOX IT and the COT, Institute for Security and Crisis Management. « It fits us as a university to share this knowledge, even when it comes to less fun things, » says Groothuis. “That can make other organizations more resilient, such as The cyber attack at Maastricht University In 2019 a wake-up call for us. « 

Do you now know who was behind the attack on your systems and what the motive was?

“Unfortunately, we have not learned much about that, the police are also investigating it. We don’t even know if it was one person in his attic room, or a collective. The attack was used from three hacked accounts whose login details were probably traded on the dark web. We have the impression that the hackers have not been in search of your network. On an attack with hostage software.

Because you flattened the network, it was difficult for you to communicate for a week. Together, but also with students and employees. How do you solve that?

« Yes, that was difficult. Twenty thousand people at our university suddenly could no longer be in the systems. We ourselves either. We could not even in the scripts for a crisis like this. But luckily they were well in our heads. To warn students and teachers that the university would remain closed, we posted a message on our website. That could be created on the internet. WhatsApp account. ”

« We think the hackers were not state actors. The activities previously point to an attack with hostage software »

How great has the impact for students?

« There were few lectures planned that week, the following week there would be exams. The biggest problem was that students could not get in Canvas, the system in which all the information about subjects is. We decided to postpone the exams for a week on Tuesday. Students for whom that was bad were allowed to catch up with the exams at another time. »

Could other activities at the university continue?

« There were teachers who wanted to give students some explanation for exams, that could go on. And researchers in some labs could continue their tests. We first had to find out if it was safe, or, for example, detection systems for dangerous gases. In addition, there were people who worked at home. »

Have all problems been resolved?

« After a week, Canvas worked again and a lot of other systems. But there are still limitations in certain research groups, because their servers still have to go through the digital car wash. »

What lessons do you draw and what can other organizations learn from this?

« With CyberSecurity you are never ready, you have to invest in it continuously. Regularly check whether people do not use old passwords, as was unfortunately the case with us. And don’t wait too long with multifactor authentication (an extra security layer where you confirm your identity with two or more resources). We would enter it for this summer for the VPN system.

« It is also about crisis management. People must be trained to keep peace in such a storm. I am very proud of our IT department that dared to make the decision at the right time to eliminate the entire network. »

« It is also about crisis management. People have to learn to keep peace in such a storm »

The cabinet wants education as a vital sector to fall under a new law to improve cyber security in the Netherlands. How do you view that?

« I think that a very bad plan, because the universities have been working in a sectoral context for improving cyber safety for several years. Under that new law we would have to switch to another system. That costs a lot of effort and money, while it does not yield extra safety. Money that cannot be spent on education or research. »

Parties in the Lower House want vital sectors to make a 48-hour plan to quickly get their IT systems back in the air, or to continue analogue. Can the university be able to do that?

« I understand the wish, but the reality is of course different. We are very digitized. Then we would have to go all the way back to paper. Theoretically everything is possible, but then I would also like tens of millions extra a year to do it. »

To share

Mail the editors