At the end of last year, Grenoble INP-UGA fell victim to a cyberattack. Fortunately, they discovered it in time and were able to counter it effectively. Marie-Laurence Caron-Fasan, vice-president of information and digital systems at INP-UGA, looks back on these long months of crisis.
–
Today at 6:15 p.m.
This story is behind them now. But the months following the cyberattack suffered by the Institute of Engineering and Management (Grenoble INP-UGA) were long and complicated. The university was put under a bell for three months to protect itself. “We detected the beginning of an intrusion at the end of November,” says Marie-Laurence Caron-Fasan, vice-president of information and digital systems at INP-UGA. Fortunately, we reacted quickly by setting up a crisis unit. »
The alert came from one of the 60 computer scientists at the INP-UGA. “He found an anomaly on one of our servers and quickly realized that something unusual was happening. The hacker(s) entered through a student’s PC. And since our servers are interconnected…” The risk was that the attackers could access all of the university’s data.
“On the computers, there was nothing left”
Afterwards, everything came together, because the teams were made aware of the subject. “We understood what was happening to us so we considerably reduced what we call the phase of amazement, where we say to ourselves that it is happening to us, to us! “And in 24 hours, the management took the decision to disconnect all its servers to carry out a real investigative work. “As it went very quickly, they could not be encrypted by the hackers, which allowed us to avoid a ransom demand. Then, the blackout. The visible part was the website which was no longer accessible, as we mentioned last December. But behind, the INP-UGA teams were mobilized to manage the crisis.
Marie-Laurence Caron-Fasan, vice-president of information and digital systems at Grenoble INP-UGA. Photo Le DL / Grenoble INP – UGA
“When the IT specialist suspected a real problem, he immediately called our director of information systems who, in turn, triggered the crisis unit. “The first days, the latter saw the people in charge of the university pass. “When we were able to give a name to what was happening to us, we brought together all the decision-makers concerned to draw up a remediation plan, with a specialized external service provider. »
Initially, the crisis unit met every evening. Then every other day as time passed. A titanic job awaited them, with their IT department. That of blocking everything, checking everything, in order to then be able to restart little by little, in safety. “At first, we only kept our email. On the computers, there was nothing left. » More applications, more software, more documents. “Grenoble INP was like a bubble to protect ourselves and others. »
Your opinion counts
Cyber attacks: are you afraid of being hacked? Vote and give your opinion
“We didn’t know when we were going to get out of the crisis”
The total reactivation of the various IT services took three months. “I was the guarantor of the security of our system so we did not restart everything. That way, we checked everything and when we were sure, we unlocked an application. First, we managed the emergencies, such as being able to pay the salaries. But then we had to deal with people’s impatience, because everyone was in trouble. We were asked when everything was going to restart and it was hard because at that time, we didn’t know when we were going to get out of the crisis. »
Marie-Laurence Caron-Fasan finally saw the end of the tunnel “in a fairly short time” given what the university has been through. But she affirms it today: “The simple fact of getting out of a crisis is not enough. We are going to strengthen our staff awareness and our information system. We have implemented automatic attack detection tools, and the latest generations of antivirus, but hackers will try to find solutions. Everything is changing all the time, it’s a race against time! »
Blocking a university “is putting a nation in difficulty”
A work of several months still awaits the INP-UGA around this awareness. Because computer attacks on universities in France, there are very many of them every week, which succeed or not. “There are several motivations for attacking a university: they can be financial, but also more political. When you block a university, you block training. A nation that can no longer train its youth is in difficulty. If you can no longer train your students, care for your citizens, provide them with a public service… That complicates everything. »
Faced with all this, Marie-Laurence Caron-Fasan tempers: “You should not worry too much. Everything exists to help us, we can find plenty of information on phishing (phishing), changing the password… The DGSI* even gives free conferences to have certain reflexes. You have to be aware, anticipate… be ready. »
*General Directorate of Homeland Security.
“We did not have any data stolen”
Marie-Laurence Caron-Fasan, vice-president of information and digital systems at INP-UGA, wants to reassure on one point: “We haven’t lost anything, and we haven’t had any data stolen. . We worked with the national authorities who are also looking on their side, on the dark web, if there is stolen data. Until today, no stolen data has been resold on the dark web. So when she explains that there was nothing left on the computers, it must be understood that these are the accesses that were blocked by their own IT department. “From experience, we know that hackers can enter a place and erase their tracks. We had to control everything, so we controlled everything so as not to relapse. »
A complaint was filed with the CNIL*“it’s mandatory”, but also with the Directorate of the Judicial Police (DPJ) of Nanterre.
*National Commission for Computing and Liberties.
#Isère #debate #week #Cyberattack #Grenoble #university #put #bubble #months
