Over the years, there have been numerous information security incidents. In 2011, the “water outage incident” occurred when hackers breached the public water supply network system in Springfield, USA, destroying a water pump that supplied water to thousands of households. In 2019, South Africa’s major power company, City Power, was hit by ransomware attacks, resulting in the encryption of their databases, networks, and applications, rendering them inoperable. To make matters worse, their maintenance service system also failed, leading to a 12-hour power outage that affected over 250,000 people.
In 2019, the “toxic water incident” unfolded in Florida, USA, when hackers infiltrated the water facility’s computer system, attempting to increase the sodium hydroxide content in the water to dangerous levels over 100 times the norm. Fortunately, the staff discovered and prevented the attack. The Russian Railways company’s website experienced a large-scale hacker attack, paralyzing the system and preventing passengers from purchasing tickets. The Flame malware struck Iran’s air defense system… In every minute or every second, every institution or company could become the next target of hackers. Everyone’s privacy and even their lives are at risk of becoming victims of cyber attacks.
This year, information security incidents have continued to emerge, with the education industry being a prime target.
In May, Greek national high school exams were hit by a distributed denial-of-service (DDoS) attack, causing delays in the exams as students waited in the exam rooms. Hackers from different endpoints simultaneously attacked the exam system, flooding it with fake network traffic, overwhelming the system. What made it worse was that the hackers targeted not just a single school but the entire national examination system, making their actions even more malicious.
In June of this year, The Kaiserslautern University of Applied Sciences (HS Kaiserslautern) in Germany suffered a network attack that affected all their IT facilities, including email and phone systems, rendering them offline and impacting over 6,200 students. The university issued an official statement through an emergency temporary website. Staff members were also notified not to open their office computers to prevent further intrusion by hackers.
In recent years, CUHK has taken various measures, such as upgrading VPN and Wi-Fi systems, to establish more comprehensive protection mechanisms and enhance overall security levels. To raise awareness of network security among faculty and students, CUHK Information Technology Services Centre even pretend to be “hackers,” sending out “phishing emails” to university members. If someone unfortunately falls victim, it serves as a wake-up call to increase vigilance. If they successfully identify the deception, they are encouraged to remain alert.
While higher education institutions must ensure the security of their own network systems, it is truly commendable when they actively invest time and effort in “clearing mines” for other organizations and businesses. Professor Chau’s team’s consistent dedication over the years is evident. They will continue to uphold the social responsibility as IT professionals and work together with all stakeholders to serve as a beacon guarding information security.
Text: HUANG Xiangkun Calvin