Hacking and cyber espionage - just a normal day at UCPH

It is probable that foreign states carry out cyber espionage against Danish public research. This is the assessment of the Center for Cyber ​​Security (CFCS) which now calls on Danish research centers, and especially universities to protect their research results.

The threat that Danish research institutions are facing is HIGH, which is the second highest threat assessment by the CFCS which is a unit in the Danish Defence Intelligence Service FE.

Danish research a target

Poul Halkjær Nielsen is information security manager at the University of Copenhagen (UCPH) and he confirms that the university experiences attempts at hacking or phishing every day.

“Like the rest of the world we are a target,” he says.

According to Poul Halkjær Nielsen it is difficult to estimate how often UCPH is exposed to attempts at cyber-intrusion, as not all attempts are discovered.

“It’s probably all the time. There are both people and programs that scan the network to find vulnerabilities. And if there is a vulnerability, they get into the network. It’s an art to ensure that all systems, at the very least, are fundamentally updated,” says information security manager.

Tradition for open doors – also for hackers

CFCS reckons that hackers have relatively easy access to Danish research because universities and public research uphold a tradition for openness. It makes communities highly vulnerable to cyber attacks.

You can look at it as a nightclub with a doorman. Some people we want to have coming in, while others are simply too drunk

Poul Halkjær Nielsen, information security manager at the University of Copenhagen

“Our Internet is indeed an open door. It is not because everyone is allowed into the network, and we also set up a number of criteria, but there is always someone trying to get in. You can look at it as a nightclub with a doorman. Some people we want to have coming in, while others are simply too drunk,” says Poul Halkjær Nielsen and continues:

“The sun is always up somewhere on the planet, and there is always someone who is awake, and always someone shooting at us.”

CFCS recommends that management at all levels of Danish universities and research centers make themselves aware of the cyber threat. It is not just an IT technical challenge, it is also about staff and students’ behavior, and about knowledge of network vulnerabilities, the centre writes in its threat assessment.

Individual responsibility

Poul Halkjær Nielsen emphasises the individual user’s responsibility.

“It starts with the individual user and rests ultimately on the individual. UCPH offers a wide range of services, but it’s you as a user that can often opt in and opt out. You have to look at what you actually work with, and how it must be protected.”

The University of Copenhagen has released a series of videos describing how to best protect and safeguard the university’s data and networks. You can find videos, along with advice here (needs log-in).