Dear Ulster University, could you please forward these questions onto the correct department and/or personnel.

1) Between September 2016 - December 2017, has your university been targeted via a cyber-attack?
A) - Yes
B) - No

2) Between September 2016 - December 2017, how many cyber-attacks has your university encountered?
A) - Under 50 attacks
B) - 50 - 100 attacks
C) - 150 - 200 attacks
D) - Greater than 200 attacks

3) Between September 2016 - December 2017, which cyber-attacks has your university encountered? (Please choose which are applicable.)
A) - Phishing attacks
B) - Spear phishing attacks
C) - Ransomware attacks
D) - SQL injection attacks
E) - Rootkit attacks

4) How many phishing attacks has your university encountered?
(Please base your answer between September 2016 - December 2017.)
A) - Under 100 attacks
B) - 100 - 200 attacks
C) - 300 - 400 attacks
D) - Greater than 400 attacks

5) From research, many universities across the country have been targeted via a number of phishing campaigns. What impact have they had on your university?

6) From research, there has been successful phishing campaigns across many universities. When considering that both students and lecturers can be victims, who has been affected the most?
A) - Students
B) - Lecturers

7) How many targeted spear phishing attacks has your university encountered?
A) - Under 25 attacks
B) - 25 - 50 attacks
C) - 50 - 75 attacks
D) - 75 - 100 attacks
E) - Greater than 100 attacks

8) What impact has spear phishing attacks had on your university?

9) How many ransomware attacks has your university encountered?
(Please base your answer between September 2016 - December 2017.)
A) - Under 25 attacks
B) - 25 - 50 attacks
C) - 50 - 75 attacks
D) - 75 - 100 attacks
E) - Over 100 attacks

10) When a Ransomware attack was triggered, how quickly was it resolved?
A) - Resolved Immediately
B) - Resolved within and under 24 hours
C) - Resolved between 1 - 2 days
D) - Resolved after 3 or more days

11) Considering that ransomware affects the availability of a system or systems,
please describe the impact that ransomware has had on your university institution.

12) How many SQL injection attacks has your university encountered?
(when contemplating the number of attacks, please include attempted attacks and
unfortunate successful attacks and Please base your answer between September 2016 - December 2017.)

A) - Under 100 attacks
B) - 100 - 200 attacks
C) - 200 - 300 attacks
D) - 300 - 400 attacks
E) - Over 400 attacks

13) What impact has SQL injection attacks had on your university?

14) How many rootkit attacks has your university encountered?
A) - Under 5 attacks
B) - 5 - 10 attacks
C) - 10 - 20 attacks
D) - Over 20 attacks

15) What impact has rootkit attacks had on your university?

16) When considering the different types of cyber-attacks, that many university institutions are targeted with, how would you class your current and existing security controls?
A) - Inadequate
B) - Good
C) - Adequate
D) - Excellent

17) Do you believe your existing and current IT infrastructure will protect you from cyber-attacks that may occur in the next 18 months?
A) - Yes
B) - No

18) Should more funding be given to IT Security to help improve and maintain the current security that is already in place within your university institution?
A) - Yes
B) - No

Yours faithfully,
Jordan Gifford

foi, Ulster University

1 Attachment

Dear Mr Gifford

 

RESPONSE FOIA/18/28

 

Further to your Freedom of Information request for information on
cyberattacks between September 2016 – December 2017, please view Ulster
University’s response as follows –

 

It is the view of Ulster University that compliance with questions 1 to 18
of your request is exempt under the Freedom of Information Act 2000
Section 31(1)a and 31(3) - Prejudice the prevention or detection of crime
and Section 43 (2) – prejudice the commercial interests of the University.
Note that Ulster University is designated as a “Public Authority” for the
purposes of the Act.

 

The University takes security of information and the risk of cyber-attacks
seriously and we can confirm we have appropriate controls in place to
protect our networks commensurate with risks and periodic review. We also
have additional controls planned.

 

It is the view of the University that providing information relating to
any cyber-attacks could be used to threaten the University information
systems and in the current climate we are compelled to mitigate as much as
possible the risks posed by cybercrime. Consequently the University will
neither confirm nor deny whether the information requested is held. In
addition providing this information would prejudice commercial interests
as it would increase risk to our security.

 

As the above exemptions are qualified, we are required to undertake a
public interest test to examine if the public interest favouring
disclosure outweighs the public interest in withholding it. In favour of
disclosure we considered the principles of both transparency and
accountability in the way a public authority performs its functions.
Opposing this we considered the factors favouring the withholding the
information and this specifically relates to the nature of the exemption
concerning the prevention or detection of crime. There is a substantial
public interest in protecting society from the impact of crime and not
facilitating any steps which are likely to prejudice the prevention or
detection of crime. Furthermore there is a substantial public interest in
not jeopardising the University’s resilience to cyber threats given the
likelihood of an attack. Our assessment is that in all the circumstances
of the case, the public interest in maintaining the exclusion of the duty
to confirm or deny outweighs the public interest in disclosing whether the
University holds the information.

 

If you are unhappy with how the University has dealt with your request you
may raise the matter under the University's internal review process for
FOI requests. Please submit written details of your appeal to

Mr Eamon Mullan, University Secretary, Room J312, University of Ulster,
Coleraine BT52 1SA, email at[1][email address]. The University will
normally undertake to issue a decision on an appeal within 20 working days
of receipt.

 

If you do not wish to submit an appeal to the University in relation to
your request or if you are unhappy with the outcome of an appeal you may
apply to the Office of the Information Commissioner. Full particulars of
the FOI Act including the Information Commissioner's address may be found
at [2]www.ico.org.uk

 

Yours sincerely

 

Azlina Cohen

 

[3]UU_Corp_logo_Process_email

 

Ms Azlina Cohen

Office of the University Secretary

 

Ulster University  l  Cromore Road  l  Coleraine  l  BT52  1SA

T: +44 (0)28 7012 4403

E: [4][email address]

[5]www.ulster.ac.uk

 

 

show quoted sections

Looking for an EU Authority?

You can request documents directly from EU Institutions at our sister site AskTheEU.org . Find out more .

AskTheEU.org