Photo illustration by Justin Morrison/Inside Higher Ed | Getty Images
The University of Michigan cut off internet access and online services across all three of its campuses early this week to ward off a potential cyberattack, leaving students and faculty in digital limbo during the first week of classes.
The shutdown came after a “significant security concern” on Sunday afternoon, U-M said in a statement. The university did not elaborate on the attack, except that it is under investigation.
“We made the intentional decision to sever our ties to the internet,” the announcement said. “We recognize that cutting off online services to our campus community on the eve of a new academic year is stressful and a major inconvenience.”
The university said in a Tuesday afternoon update that its “team of IT and cybersecurity experts has made significant progress” in restoring services. Students, faculty and staff can now log in to their U-M accounts and access umich.edu when using off-campus or cellular networks.
There is no timeline as to when internet access will be fully restored, and it could take several days, U-M spokesman Rick Fitzgerald told Inside Higher Ed. In the meantime, he said, U-M students can also access cloud-based services including Zoom, Canvas and Dropbox through off-campus and cellular networks.
“The team’s working around the clock and has been successfully bringing other functions online and back up to functionality,” Fitzgerald said.
The FBI’s Detroit field office would not confirm the existence of an investigation into the attack, but the FBI is aware of the outage and prepared to provide assistance if U-M requests it, said Mara Schneider, public affairs officer at the Detroit FBI office.
U-M classes will continue to operate, and the campuses—including residence halls, dining halls and office buildings—will remain open, the university said. However, donor and financial systems are down, which could delay financial aid refunds. The university added that cellular networks may also be under “much greater stress than normal.”
While there is some leniency with attending classes and accessing documents, the university was vague on exactly what students can expect.
“Campus leaders recognize that many students rely on U-M systems to access class information and navigate campus, especially on the first day of classes,” the university said. “Consideration will be given to students for impacts to class attendance or assignments that depend on U-M systems while our teams work to restore service.”
Late registration fees and disenrollment fees were pre-emptively waived throughout the month of August.
Fitzgerald said this is the most widespread outage he has seen in the roughly a dozen years he’s been at the university.
“We’ve certainly had our information-assurance team fight off cyberattacks almost every day,” he said. “But something of this length [being] out of service … no, this is the longest I can remember.”
We made the intentional decision to sever our ties to the internet.
—University of Michigan online announcement, posted during the first day of class
This is the second public cyberattack on the University of Michigan this year. In January, the university announced its University of Michigan Health system experienced a third-party attack on one of its vendors.
“Unfortunately, the issue of cyberattacks on public and private sector entities is ongoing, and I do not think we will see a slowdown in numbers,” Schneider of the FBI said.
Attacks in the higher education sector have cropped up in headlines in recent months, as institutions contend with a widespread attack on MOVEit, a software product used for file transfers that many government and academic institutions employ to move sensitive data.
The University of Michigan did not state whether the current outage is related to a MOVEit attack, although experts previously told Inside Higher Ed the education sector as a whole can expect more cyberattacks to occur, as hackers have found an easy target.
“I would hope people in higher education are aware they have some disadvantages already,” said Christopher Budd, director of threat research at Sophos, a software and hardware security firm. “And I hope they’re in a heightened state of alert.”