Despite research ramping down for most since March, Marty Leidner and his team have been working harder than ever. As Rockefeller University’s Chief Information Security Officer, Leidner is responsible for protecting precious data and blocking malicious traffic from invading our campus network.
Leidner defends the Rockefeller community against phishing and other attacks using constantly evolving strategies and security appliances. In the age of widespread Zoom and VPN usage at home, malware can breach Rockefeller’s network from hundreds of entry points in New York City and around the country. “It’s a cat and mouse game with the bad attackers,” Leidner said. “Some of the bad things that are happening we couldn’t have even conceived of six months ago.”
In response to the shutdown, Leidner and his team more than tripled Rockefeller’s VPN capacity, from around 200 to 700 users. This project required accurate and efficient scaling in order to hastily accommodate a heightened average of 500 VPN users simultaneously.
Tripling the number of remote devices connected to Rockefeller’s network also triples the potential entry points for malware. “It’s much harder to protect everyone when they’re spread all over the place,” Leidner said. “It’s a whole different paradigm.”
Most students and employees are familiar with the concept of phishing, but multiple other threats are on Leidner’s radar. Distributed Denial of Service (DDoS) is a type of cyber attack that floods a network with malicious traffic. This can be achieved by connecting a collection of infected devices, called a “botnet,” and using them to send traffic through Rockefeller’s network. This clogs the network, making services unavailable to other users. Rockefeller has been under DDoS attack since last September. “We do not know the motivation for this attack,” Leidner said. “Routinely we have smaller DDoS attacks, but we have not had this magnitude in the fifteen years I’ve been here.”
Should Rockefeller be flooded by a DDoS attack, the consequences would be severe. Luckily, Leidner’s team is on it. “We mitigated the problem with a detection appliance that can figure out these traffic patterns and protect the campus network from these attacks,” he said.
However, more personalized attacks, especially via e-mail, are our biggest threat. “Phishing is the number one attack vector that we’re dealing with,” Leidner said.
Phishing attacks take advantage of emergency situations such as the COVID-19 pandemic in order to acquire victims’ credentials. For example, an e-mail might ask someone to enter their Rockefeller username and password in order to access their test results or view updates about lockdown policies. “We try to protect the e-mail system tremendously,” Leidner said. “We do a lot of spam protection, but there’s no way we can catch everything.”
“If people would be cognizant of potential bad e-mails, that would make everyone’s life easier,” Leidner said. “We wouldn’t have to invest so much time testing and remediating. We rely on the campus community’s alertness and awareness. We periodically test users by simulating phishing e-mails with safe ones that we send out. In the most recent internal phishing test 25% of those tested gave out their Rockefeller passwords.”
As some labs continue to do well publicized COVID research, they have become targets of phishing.
Leidner remotely checks in with his team at 10 a.m. most days, but the rest of the day is unpredictable. The team must respond to a multitude of emergencies precipitated by the pandemic, whether it be e-mail malfunctions or security threats. “Every day is very different,” he said. “Information tech in general is a very dynamic field. Cybersecurity is an order of magnitude more dynamic.”
Though the situation has increased his workload, working from home has been great for Leidner’s productivity. “I feel that the work at home has been excellent,” he said. “For me, it has been effective, efficient, and productive and while I miss on-campus interactions I really appreciate the benefits of working from home. My team, of which some also have very long commutes, also likes it, as do more than a few of my friends.”
Previously, Leidner spent nearly four hours commuting to and from campus every day on some days—50% of the time he actually spent on campus. This major inconvenience is unrelatable to those of us who live minutes from campus. “It’s physically grueling,” he said.
Soon after the campus shut down, Leidner realized that he didn’t need to leave Rockland County to complete the vast majority of his responsibilities, including attending online conferences and University meetings. He was also saving several hours of his day by working from his home office. “Morning work for me is very productive,” he said. “I’m up and running in five minutes.”
Further, Leidner is in a healthier place mentally and physically. Biking through Harriman State Park has been a favorite pastime of his throughout the spring and summer.
As New York City and Rockefeller work to establish a “new normal,” it may be worth considering that some quarantine practices need not be temporary. If, for example, our Information Security team works better to keep our data and network safe from home, why not keep it that way? “If anything, I think we may work too hard and don’t know how to shut it off at the end of the day,” Leidner said. “There’s always something more to do.”
On Friday, September 25, the Research Restart Committee chaired by Professors Tim O’Connor and Mike Rout announced that Phase III+ operations were a go. The following is stated in these guidelines: “Employees who need to be on-campus to work effectively are required to come to campus unless they are granted an exemption provided by existing Rockefeller employment policies, including but not limited to leave policies under Family Medical Leave Act (FMLA), NYS Paid Family Leave (NYPFL) and NYS Disability.” This seems to encourage nearly all employees to return to campus, but perhaps we are missing an opportunity to embrace remote work as a strategy for increasing productivity and sustaining the mental health of Rockefeller employees.
Leidner’s team continues to work effectively from home, ensuring the cyber safety of our data and community. “We are blessed that the majority of our work can be done remotely, but this is only possible because of the dedicated and appreciated work of our colleagues on campus,” Leidner said.