How CU Responded During the Recent Global Security ThreatJan 20, 2022
Universities and businesses around the world were impacted last month by what is being dubbed the most significant cybersecurity vulnerability of the last decade, involving Log4j software. The CU System and all four campuses immediately sprang into action to identify and patch vulnerable servers and restrict access to online systems where necessary to keep our data safe, while still allowing students, faculty, and staff the ability to continue learning, teaching, and working.
Because the Log4j vulnerability impacted so many areas including university system servers as well as applications and cloud-based services maintained by our vendor partners, it required swift collaboration among OIT, technology partners, and schools and colleges. As security teams and system administrators partnered together to mitigate risk and remediate this security problem, many bad actors were already at work with tools to manipulate the vulnerabilities.
We thank the entire university community who worked together to keep services operational and those who helped our students and employees navigate workarounds when services were placed behind the CU firewall until appropriately remediated. Steps for many students, faculty, and staff included learning to use our VMWare Horizon virtual desktop for access to student services and engagement, prospective student enrollment, CU resources including Peoplesoft and HCM human resources applications, financial software, and constituent relationship management systems.
As Laura Morris, associate vice chancellor and chief information officer, CU Anschutz Medical Campus stated, “This was not just an OIT effort, but truly one team with one mission: protect our campus. That team, in concert with other campuses and the CU System, shared information, assisted one another selflessly, and worked diligently to protect us.” David Lowry, interim chief information officer, CU Denver, added his thank you to all the teams that spent weeks – including over the holidays – working to safeguard our data while still providing as much as access as possible for business continuity.
Teams leading the charge to identify and remediate potential threats and keep the university community informed appreciate the efforts of the Office of Information Security, University Information Services, Information Technology Advisory Community (CU Denver | Anschutz Medical Campus school, college, and department IT staff), University Communications, Student Services, and campus leadership teams.
Information about emergency service impacting interruptions – such as the Log4j Global Security Threat – as well as planned system maintenance work are posted to the OIT webpage under System Status. OIT also provides updates for service alerts, special initiatives, and helpful technology insights via our twitter alerts at https://twitter.com/cuanschutzoit and https://twitter.com/CUDenverOIT.
Have additional questions about technology? Contact the OIT Service Desk for assistance: