By Garrett Kelly, Staff Writer
For the students of Regis University, the Fall 2019 cyber attack remains a present reality. I’m sure many of us remember the delayed and disorganized classes due to complications caused by the breach. We went many weeks with our homework systems disabled entirely or in disarray. Personally, I hoped to be sympathetic and forgiving given this was an attack and Regis was the victim, but, this previous semester left a bad taste in my mouth. Regis Updates is still an active page since the cyber attack, with the most recent post at the time of this article’s publication Feb. 3, 2020. Despite this site, updates since the attack have not been timely, instructive or even relevant to student life. Nowhere on this page is it mentioned how Regis University has chosen to respond to the crisis. As one avidly interested in such a thing, I followed the page closely. You might imagine my surprise when I was directed by one of my Highlander colleagues to an article from the Denver Post detailing that the university did in fact pay out the ransom requested by those that took the school hostage. Key details, relevant to our ability to function as members of this community remain undisclosed. What we’ve seen is a consistent pattern of non-communication to this university’s most important stakeholders--faculty and students. The Denver Post’s Jan. 28 article claims correctly that it was the first to report that Regis did in fact pay out the “malicious actors”, a revelation that took place six months after the event. Other “revelations” remain waiting in the wings.
The comments on the Denver Post article are even more interesting given the context. One user under the moniker Cloud claimed to be among the contractors hired to restore antivirus systems at the university. He wrote, “It was a mess. Everything was down.” Various others left probing questions as to how it could be possible that such an attack could disable our systems for such a length of time. In truth, even colloquially, I’m aware that the lack of backup built into the school’s servers represents another case in a series of internal security flaws that allowed us to be put in such a position. I wish I could write this in anger, but I can’t. To describe it as such would be a dishonest expression. More than anything, this experience has left me frustrated. It shocks me that the first report of Regis’ official decisions regarding this monumental event come only in the form of the Post article that I happened to be pointed towards.
After all this, Regis postures itself to host a cyber security summit, in the name of sharing what they’ve learned with others who are potentially vulnerable. For this, I want to applaud them. This summit has the promise to shed more light onto the events that paved the way for the events experienced in the fall semester. It should also address how to respond when such attacks are successful and disabling. Frankly, the first to know should have been us; the faculty and students of Regis who have a vested interest. That we’d only be informed indirectly a week after the fact bothered me deeply. Six months later, Regis’s updates remain ambiguous. Websites remain filled with dead links to disabled systems. But Regis Updates remains unchanged and I am doubtful that my peers know the latest news of what decisions the institution has made, and the impact those decisions will have on our path to education.
The silence present here is deafening in a way that breeds the worst kind of anxiety for college students. With the obvious financial and administrative turmoil at Regis, silence only inspires more doubt and fear of instability. I fear the further limitation of already slim programs. I fear for the professors, already overworked amongst a hiring freeze that could face an even greater workload in the near future. My priority is that of the quality of my education, something that the passionate teaching staff of Regis University has provided time and time again. But I’m not blind to what they’re facing here, all that challenges us with the recent technical challenges affect them twofold. I certainly don’t want my professors to be forced to take on greater responsibility while they’re already amongst the busiest in the country.
Much of the strength of Regis, in my observation, is that of the small class sizes and passionate teaching. As this crisis continues with little information and minimal communication, it is clear to see the strain it places on those who work so hard to provide a quality educational experience. This lack of communication undercuts the spirit of community, collaboration and our fundamental Jesuit values. The standard of communication during this crisis has fallen short of any reasonable expectation. It’s easy to assume that the communication received by the professors here is the same as that we have received--vague and unhelpful. As Regis continues to return to old refrains, discussing the building of community the lesson becomes solidified, all of us, the student population, will remain the last to know anything. We remain in the dark, unsure and unclear as to the path ahead, and our place on the road.
The answer to high tech problems is a low tech one. Trust. Communication. Community in more than name. This could have been a learning experience for all of us, but instead it’s been a fracture of trust.