For months now our nation’s knowledge has been under attack from malicious hackers who have shut down whole databases for ransom. The most recent was the Oct. 8 hacks on archive.org, but there have also been attacks on public library systems around the country in places such as Seattle and Delaware. Why has the government been sitting back allowing this to happen? This is a serious threat to our schools and deserves a serious response.
In our modern digital landscape, the Internet is heavily relied on not only to preserve knowledge resources but also as a tool to view those resources, aiding in the educational advancement and knowledge expansion of many, including college students, many of whom must conduct research for theses or projects.
Clearly, there is an unaddressed need for increased cybersecurity measures to secure educational and historical digital assets. Law enforcement has an obligation to address this threat as soon as possible.
According to Brewster Kahle, founder of archive.org, the FBI is currently investigating the hack against the Internet Archive. Other U.S. libraries have made no mention of federal involvement in cybercrime against them. Why isn’t the law effectively addressing this surge in cybercrime?
Katelyn Fairley, a Computer Science student at College of DuPage who currently serves as the president of COD’s Computer Science Club, pointed out the prevalence of cyberattack vulnerabilities.
“I would say [open-source platforms are] probably a little more [vulnerable] since it’s open to more users in general,” she said. “But no platform is immune to cyber attacks.”
Cybercrime can result in a multitude of devastating effects not just limited to financial loss but also including reputation damage, barred access to important data, and even emotional trauma.
Justin Wagner, a Computer and Information Technologies professor at College of DuPage, noted that the limited resources of open-source platforms in particular make them more vulnerable.
“Open-source platforms face all of the same vulnerabilities that all organizations face,” he said. “But they often lack the resources to adequately protect their assets. Due to lack of resources, open-source platforms often need to find sponsors to help with resources to keep them safe.”
Indeed, no platform remains completely safe from malicious cyber activity. Though small businesses consist of the largest target demographic of cyberattacks, they also occur in the education, healthcare and government sectors.
Despite the prevalent vulnerability to cybercrime, the FBI generally tends to prioritize cybercrime targeting government, military, and financial sectors, creating a disparity between knowledge-oriented entities (namely libraries and historical resource archives) and other entities in cybercrime proneness.
According to Cisco, cyberattacks are most commonly done in pursuit of a ransom, but can also be done for political or social purposes, a practice known as “hacktivism.”
In 2020, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN) outlawed paying ransom for cybercrimes in most situations. This undermines the reality of the desperation many under-resourced entities experience when faced with ransomware attacks to retrieve important information.
Fairley noted that she holds some first-hand experience with cybersecurity, but would have to expand upon that experience to address actual cybercrime incidents, highlighting the need for additional support in cybersecurity measures.
“As a software development major, you have to take one course on cyber security at COD,” she said. “That course allows you to learn the general aspects of cyber security. I don’t think that class alone is enough to help me address any real-world issues that could arise, but it’s definitely a start.”
Wagner noted the importance of funding cybersecurity efforts financially to ensure increased protection against cybercrimes.
“Archive.org, along with numerous nonprofit organizations, need to secure their assets,” he said. “Unfortunately, in today’s environment, it does cost money to adequately implement security measures. Finding donors to help with costs needs to be a priority for these organizations.”
Good cybersecurity requires funding that educational and open-source organizations often lack. The U.S. government should intervene to protect educational institutions from cybercrime, perhaps in the form of grants or funding programs. This would provide a strong start to curtailing cybercrime and securing the digital assets of smaller public sectors.
The criminalization of paying ransoms for cybercrime must be abolished as well, so that entities facing cyberattacks may comfortably report incidents to the law, allowing for appropriate investigation and intervention to prevent future attacks.
The Federal Communications Commission (FCC) has recently proposed the three-year Schools and Libraries Cybersecurity Pilot Program, which aims to provide schools and libraries with proper cybersecurity assets. Hopefully, this will be implemented and provide these institutions and knowledge archives with the security they need.