Prioritizing IT Security at McMaster

I hope you had a wonderful, restful and sun filled weekend.

Last month, I wrote about adding IT security to your spring-cleaning checklist. Whether precaution or premonition, our recent IT security incident serves as a reminder that IT security must always be a priority for a Higher Education and Research institution like McMaster, and that each of you play an important role as we advance our IT security posture. 

Regardless of size or impact, IT security events present us with opportunities to react and reflect. This particular event illustrated, once again, the excellent way in which McMaster faces challenges — as a strong and supportive team, from the highest levels of leadership and across all areas of the campus.  

There are many of you within the McMaster IT community who literally dropped everything to contribute skills and resilience, humour and dedication, experience, and ideas in the early days of the containment and investigation. I am extremely proud of and grateful for the countless hours and enormous energy you afforded the containment and response activities. I feel even more confident than ever that McMaster is in very good hands and believe we will have a stronger McMaster IT community team and culture because of this difficult experience.  

Throughout, McMaster remained fully open for business and continued to operate with a relatively small impact to our functions. We have much to be grateful for because of past good planning and implementation across campus. That put us in an excellent position and has allowed us to react and recover quickly. A great deal of progress has been made over the last two weeks as the restoration and investigative work continues. A few high points:  

• Internal technology teams continue to work with the incidence response firm on forensic analysis and the secure restoration of servers 
• Servers in housing and residence services were restored earlier last week.  Deadlines were extended and all students are again able to use these systems 
• In addition, all other servers impacted have commenced their restoration process  
• A number of impacted connections between the university and our hospital partners have been restored 
• Robust backup systems have been a significant help in the restoration work 
• There continues to be no sign of active spread and no signs of data exfiltration 
• The continued, proactive rollout of protection software continues 
• A global password reset for all McMaster accounts has begun. This will take some time to complete and has begun with communications to the campus community that passwords for MacIDs will be required to change in this planned rollout. 

IT security incidents are excellent opportunities for learning, and I can say unequivocally that I learn so much from these challenges — although I would be glad to forgo the learning if it meant we could avoid the stress and effort! I am sure this will be a springboard for additional learning and action in the days and weeks ahead. I was recently privy to a presentation by Paul Calatayud, Chief Security Officer for Palo Alto Networks, where he shared his thoughts about the strategic imperative for a Cyber Transformation, and it really resonated with me. We know how fast we were able to pivot and advance our institutional Digital Transformation in the early days of the pandemic, and this is a similar paradigm. As we reflect on what has happened, we can see that in just the last two weeks we have accelerated our systems monitoring capabilities, begun rolling out our Self Service Password Reset tool and increased Multi-Factor Authentication adoption far beyond our expectations. That is phenomenal. More of this, please! 

You may be aware we were already developing an IT Security Roadmap for the institution, one of the key initiatives in our McMaster IT Strategic Plan. We were in the process of scheduling engagement activities to share and gather feedback to enhance the plan just as the current incident unfolded. We still plan to hold those activities over the next few weeks. Community engagement will be a key component for the Roadmap. We will also bring the IT Security Roadmap through McMaster’s IT Governance committees for endorsement. It will outline priority activities for the next three years with the intent of enhancing our IT Security posture, embedding lessons from recent events which have not only kickstarted some activities, but has helped to deepen our resolve to deliver on this strategy. 

In the meantime, IT Security activities are all about continuous improvement, as illustrated by everything I have highlighted above. Your efforts are commendable, and they are a gateway to further plans and engagement. I am proud of how far we’ve come in a short amount of time. And I am energized about where we are going. There is no doubt that IT security will continue to be a topic of conversation and planning. I encourage you to join the McMaster IT Mid-Summer Check-in scheduled for July 14th. We are putting together ideas for meaningful knowledge sharing and engagement. I hope you can join and contribute.  

In the meantime, thank YOU. Thank you for continuing to field the curveballs. Thank you for digging in during the challenging times. Thank you for your resiliency and commitment to McMaster. Thank you for sticking together. Our road ahead will have inevitable bumps and curves, and I am glad to be travelling it with our McMaster IT Community.