IT outage at Scotland's Heriot-Watt University enters second week Edinburgh's Heriot-Watt University has entered a second week of woe following a vist by an infosec nasty. The 200-year-old institution's IT team first referred to the crisis as a "security incident" but a spokesperson confirmed to The Register that it was a cyber attack. A week on, things remain resolutely broken. VPN? Down. …
Obviously. It's a university. They don't have the money or the intellectual resources to do things properly.
I know I'm not going to make any friends by saying this, but I've never seen a university network without some major, jaw-dropping choices (and I've seen a few), all because the IT people they have were never top-tier in the first place.
In the second place, an "urgent" ticket is generally considered as something that must be fixed this semester. University IT does not live in the same timeframe as its computers. A cyber attack ? That must have reset their clocks in a very hard fashion.
Maybe some good can come of this. And, if indeed there was no data leaked, well their IT guys do deserve a few brownie points.
Now all they have to do is properly segment their data domains and, the next time, they might be able to not lose everything.
I hope their backups are good.
I know someone who works at a university...
To be fair to the IT staff, there is probably only two of them (one if the other guy/girl is on holiday).
They probably have to deal with a huge number of PCs that are almost unusable after being upgraded to Win10.
At the same time as this sort of thing is happening - https://www.ucu.org.uk/article/11865/Vice-chancellor-pay-exposes-cavernous-gap-between-staff--management
The IT staff may very well be on strike. They count as "academic-related" so if they are in a union at all it is UCU, along with the academic staff. And they are in the same pension scheme (USS) which those overpaid vice-chancellors are complicit in the gutting of. If they are not on strike it is probably because they are not paid enough to to be able to afford to lose a few week's pay.
Disclaimer: I work at one of H-W's neighbours and I am currently on strike. They do not call me "Red Shuggy" but I am angry enough that they will probably start doing that Real Soon Now.
"In the second place, an "urgent" ticket is generally considered as something that must be fixed this semester."
A ridiculous statement. In our university, an urgent ticket requires immediate attention. How long it takes to fix depends on what the problem is, of course.
Oh I absolutely agree.
For a given value of "immediate", that is.
Nor did I say that the ticket wouldn't be read immediately.
In other words, we are in perfect agreement.
Now, let me tell you how things would go in some other customers I have worked with (ie banks and insurance companies) . . .
To put it simply : do you know what an SLA is ? It's what a university generally doesn't have.
You're talking shite.
I recently retired after decades of working in IT at a university. It wasn't even a particularly large or famous one, but things were never run as unprofessionally or as incompetently as you claim. If you have a specific institution in mind, name it. If you don't, then stop making such broad unevidenced claims.
And we were fucking buried under SLAs.
Given that I work with a variety of UK universities almost daily, you couldn't be more wrong. Yes, you'll find some utter asshats, but you find those *everywhere*, regardless of whether it's academia or the private sector. You might be referring to non-UK universities, but even then, you're tarring an entire sector with an extraordinarily broad brush.
What you are saying is offensive and insulting to those who actually do the work, try to keep all sides happy, and end up being stressed out of their minds and decide to decamp to the private sector (if they're not positively pushed by restructurings and outsourcings).
There's nothing you (@Pascal Monett) can say in reply to this message that will change my mind here, so don't even bother replying with a comment.
For those of us who have actually worked in the sector you will discover that there are many different issues and just stating that their IT Staff are not "Top-Tier" is disingenuous.
There are some seriously smart people working in IT in universities, often doing things that are unique to the sector.
The issues will be around funding, working practices of users (staff, student's & researchers) and invariably having to make do in a way that the private sector simply cannot comprehend.
Researchers are a particular problem because anything that comes down from IT in an attempt to secure things is seen as a direct attack on their work and ways to stop them doing things. The networks are more open and usually there are many unmanaged devices. It is getting a lot better but in this sort of environment it is very difficult to impose the level of restrictions that a corporate entity can.
At the university where I taught computer science we had an excellent IT support staff. We ran our own email and storage etc. But the university wanted to take over our email and student submission system and, last time I heard, the CS department was still resisting. Our systems work, the university's, not so much.
Heriot-Watt, my old Alma Mater, was initially a brewing school which evolved through Polytechnic to University. Following the demise of Birmingham University Brewing School (or dept, I forget which) HW is teaching just about all the British brewers.
My point is, don't these bastards drink beer?
I did a week long PGL-run computer course there back in... oooh... the first week of August 1984.
My memory is not that good, TBH. I recall the dates because that week was the week the UK aired 'V' for the first time, and I missed it. Shared a room in the student halls with "Kevin the Punk", for whom it was too much of an effort to visit the toilet down the hall, so he pissed out of the window. Or in the bin. After drinking a considerable amount of beer, IIRC. And at age 14.
Ah, but young Kirsty... lovely lady. Fond memories. It was only a week, and we didn't get up to anything, but at that age you know you have hormone tinted vision.
They had a connection to a local X.25 network. When we discovered it, we were pinging stupid messages all over Edinburgh at random, until someone at one of the banks phoned the university to complain and officialdom descended.
Anyway, good luck to the H-W team.
The idea that Heriot-Watt started as a brewing school is total cobblers. It was also never a polytechnic. A cursory check of the wikipedia page would disabuse anyone of those false narratives. It is remarkable that if it is genuinely your Alma Mater that you are so ill informed of the institutions history. Having passed through Heriot-Watt myself I cannot understand how you could be so ill informed.
From a cursory check of the wikipedia page you refer to "After the establishment of Heriot-Watt as a technical college... it offered awards equivalent to university degrees and doctorates in all practical respects."
Looks, walks and smells like a polytechnic to me.
Also, this article states brewing courses were available at Heriot-Watt back in 1904. This article states brewing courses started being offered there in 1903. Heriot Watt is also the home of The International Centre for Brewing & Distilling, so there's probably some truth to it being a brewing school from the early days.
It looks to me like the scrutiny of further education provision brought about by the Robbins Report led to H-W being awarded University status. This would only have been done if their level of teaching and assessment was equivalent to the classic university. What we think of as the classic "Polytechnic" was a creation of the local education authorities's responses to the Robbins Report. This new drive in vocational learning, to match the new "red brick" universities, led to the take over of existing, willing, educational colleges, schools, polytechnics (of which there were scarce few calling themselves that prior to the 60s) etc. The government funding injections into technical subjects following WW2 (they got very keen on training the youth in engineering and electronics following that little conflict for some reason!) were no doubt dependent upon submitting to LEA control under Wilson and Crosland etc. Where provision didn't exist to expand, LEAs created it de novo.
H-W doesn't fit any of this. It was a "private" establishment long before this time, and I expect it was "boosted" to university status in order to distinguish it from the slightly more vocational, work-place based, training envisaged for the polytechnics, i.e. the skilled factory floor engineer rather than the design department boffin types.
Or you could see Crosland's reforms as being the formalisation, standardisation and generalisation of the apprenticeship system that operated prior, which took youths from ages 14 to 18 and delivered a very specific skill set. As the school leaving age was raised, the foundations taught during an apprenticeship, such as more advanced levels of numeracy and literacy, had to be transferred entirely to a schoolroom setting. This led to what you might call assembly-line learning.
TL;DR, H-W never called itself a Polytechnic and was a university before the widespread emergence of Polytechnics that were modelled on the few places prior to that era which already called themselves that.
Probably because the original was created before there were standard solutions, and many "standard" solutions turn out to be hopelessly missing some key feature or another?
Nothing to do with being a Uni, you will find the same issue of odd-but-critical systems lurking in many businesses older than a decade or so.
The joys of the central mainframe! I started in 77 and we had an ICL 1902 (IIRC) and it spent more time on its arse than I did during freshers week. It was close to where most of my degree was done but as I didnt attend much and the machine was rarely working when I did or the card punchers were all occupied I used to hike over from my flat a couple of miles away in the evenings , enter and look up at the HARDWARE FAULT sign glowing rose pink and spin on a heel and depart for a bar. I'm sure the arthritis in my left hip is due to that heel being worn down from spinning on it in the computer lab!
That's because it's true.
There's a reason many organisations that HE work with are nervous about giving access to HE staff/researchers - because your networks are frankly filthy compared to ours, you don't fall under half the regulation we do and when the **** hits the fan the most we'd get is a shrug.
They need to start investing in proper IT staffing levels, kit and stop outsourcing.
Many HE establishments have the theoretical knowledge to do exceptionally well at this but those are teaching staff who lack the real world skills (or time - it's not their job!) to actually make it a reality.
"They need to start investing in proper IT staffing levels, kit and stop outsourcing." Getting the proper IT staffing levels is easy, its the 5 or 6 times more guards you need to prevent outside 'experts and advisers etc' wineing and dining the VC and others and thus fucking everything up.
Remember, its only in code you can give the correct access to the objects that own the data and no-one else.
The 2006 HERA job assessment and salary scale restructuring was supposed to put an end to that, but it was an uphill struggle to get professional qualifications and technical knowledge to be assessed more favourably than any other non-management non-specialist desk job (I think the finance and the library people saw the same issues as did IT and the other technical specialisms). It was almost like the assessment criteria had been written by management consultants who had failed to consult...
It ended up in a lot of local agreements recognising and resolving the problem, some of which I can well imagine hard-pressed universities have walked back on in recent years.
"They need to start investing in proper IT staffing levels, kit and stop outsourcing." Getting the proper IT staffing levels is easy, its the 5 or 6 times more guards you need to prevent outside 'experts and advisers etc' wineing and dining the VC and others and thus fucking everything up.
Some years ago my university decided to get serious about data security. For example, USB drives had to be encrypted and to make things even safer, only one make and model of encrypted drive was permitted. Which went out of production two weeks later ...
The best bit, though, was that all university owned computers became managed and restricted to just a few applications so that, amongst other things, data would stay secure. However, because the then-VC was a big fan, one of the permitted applications was ... Dropbox. On personal accounts.
I've worked with most of the major UK universities on projects over the last couple of years, in particular since Covid, and they have in the main been highly professional IT orgs with skilled staff. The threat landscape at the moment is severe, and I would wager that a lot of people in this thread accusing universities of being low standard work for orgs that are just as vulnerable, and indeed may already be compromised. There are few orgs that can stand up to a truly determined APT.
HW produces the best engineers in Scotland, and has done since the seventies. [Disclaimer: I didn't go there but kudos to the alum posting here.]
HW for engineers, Edinburgh for lawyers, Glasgow for biologists, St Andrews for royalty/oligarchs.
Now what might have pissed off HW students in the past two years? Lockdown without a return of fees, Zoom lectures, the 35 bus to the campus. I was going to say the closure of Edinburgh nightclubs but that wouldn't affect them.
Take a look at this report: Link: https://en.wikipedia.org/wiki/2017_Equifax_data_breach
......where bad actors were in Equifax for 76 days before Equifax noticed anything was amiss. (SEVENTY SIX DAYS.......)
Quote from Heriot-Watt: "...We can confirm that there has been no data leak ..."
Really? How would they know?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
