The University of Michigan was grappling with a second day without internet on Tuesday, a situation that an expert called “highly unusual” as UM and federal officials continued to investigate a cybersecurity threat that led to the disruption.
A “significant security issue” prompted the state’s largest university to sever its server from the internet on Sunday, leading to an internet outage for students on its Ann Arbor and Dearborn campuses on the first day fall classes began Monday. UM’s Flint campus was largely unaffected.
UM Regent Paul Brown, a venture capitalist who invests in early-stage technologies that often includes security technologies, said the regents have only been given a brief overview of what happened.
“It was a targeted attack on our institution,” said Brown. “With IT security, it’s not an ‘if’ but a ‘when.'”
UM has invested significantly in information security with resources and world class experts, Brown added.
“It is one of our highest priorities,” Brown said. “Our operations are so dependent on IT, both in the educational and the medical (spheres). Those operations need to run securely because of the information and data we possess.
“Our highest priority is the security of the information and the operations of the institution,” Brown continued. “I know that our administration is working day and night to achieve both of those things.”
UM information and technology services reported progress Tuesday afternoon in service restoration after President Santa Ono sent a letter to the campus community thanking everyone for their patience as the university works to resolve the situation.
“Our Information Technology Services teams, working together with leading cybersecurity service providers, are working tirelessly to resolve this disruption and I want to personally thank them for their dedication to this critical effort,” Ono wrote. “The investigative work into the security issue continues. As noted in Monday’s message to the community, our U-M Division of Public Safety and Security and federal law enforcement partners are involved in this investigation. … While we will continue to share as much information as possible as this work progresses, we are not able to share any information that might compromise the investigation.”
Avi Rubin, a computer science professor at Johns Hopkins University, called UM’s move “highly unusual.”
“I have not heard of a major university to be offline like this,” said Rubin, technical director of the JHU Information Security Institute. “It sounds like it’s very serious.”
But Rubin, a UM alumnus who earned his bachelor, master and PHD degrees in computer science, said UM has a “very highly skilled” information and technology team. He said he is confident the team made decisions that were well thought-out and will get the university’s internet restored as soon as it possibly can.
“I have a lot of confidence that the university will recover quickly with the least amount of damage,” Rubin said.
The university’s information and technology services posted an update Tuesday afternoon on X, formerly known as Twitter, that, “our team has made significant progress over the past 24 hours.
“All students, faculty, and staff can now authenticate into their U-M accounts and access http://umich.edu when using off-campus or cellular networks,” the update said. “Off-campus/cellular network access has also been restored to cloud-based services like Google products, Canvas, Adobe Creative Suite, Zoom, Wolverine Access, Dropbox, Slack, Duo, Wolverine Access, and more.
“We also continue to focus on restoring wiFi and internet access. Further announcements will be made on https://umich.edu and @umichtech.”
Teams have been working around the clock to address the issue at UM, Ono said in his statement. On Monday, UM reported that some cloud services were back online and could be reached with cellular or off-campus networks. But it may take a few days before all connectivity is back to normal, officials said.
The clinical applications at Michigan Medicine, UM’s hospital system, are functioning, officials said, and patient care has not been disrupted.