UK universities are facing an onslaught of cyber threats — here's why

Cyber security concept image showing digitized padlock sitting on a computer circuit board.
(Image credit: Getty Images)

MI5 is warning that foreign states are targeting UK universities to steal cutting-edge research and boost their own militaries and economies.

The warning comes after a slew of attacks against academic institutions across the country in recent months. In response, the government said it plans to launch a consultation to try and work out the best ways to counter the threat, following an internal government review.

"Maintaining the UK’s world-leading reputation as an academic superpower relies on having strong safeguards to protect research from those who wish to do us harm," said science and technology secretary Michelle Donelan.

"Today we are exploring new and innovative ways of collaborating on research security, ensuring that we are always one step ahead of the next threat."

The consultation will look at a range of options, including extending security clearance to key personnel within universities, funding the development of security research within universities, and establishing a working group with government and research sector representatives to develop a new professional standard for research security practitioners.

Also on the table is an expansion of responsibilities and resources for the Research Collaboration Advice Team (RCAT), along with strengthened reporting processes to improve the transparency of funding flows and where they originate, as well as an examination of the long-term impact of existing security measures.

"Boosting support for the Research Collaboration Advice Team (RCAT) would be a really positive move that will make it easier for universities to identify risks when exploring new research partnership opportunities," said Dr Tim Bradshaw, chief executive of the Russell Group of universities.

"Extending security clearance to key university personnel would be another step forward, and extra resources to boost capabilities through a Research Security Fund or alternative arrangements would help universities understand and respond at pace to new and emerging threats."

The National Protective Security Agency (NPSA) and the National Cyber Security Centre (NCSC) have already recently launched the Trusted Research Evaluation Framework (TREF).

The aim is to help institutions evaluate their own research security across seven areas of activity. This includes senior endorsement and governance, communications, training, institutional risk and collaboration, people, processes, and guidance, data and devices, and impact evaluation.

Late last year, a report from Universities UK, Jisc, and the NCSC last year found that academic institutions face unique security challenges, thanks to the need to preserve access for students and researchers while keeping a grip on the integrity of data.

Earlier this year, the Anonymous Sudan hacker group, believed to be Russian-backed, claimed responsibility for attacks against the universities of Cambridge, Manchester, and Wolverhampton.

"Recent attacks against the HE sector have been hacktivist or geopolitically motivated such as the attack against the Janet network in February, but the latest warning from MI5 to UK universities makes clear that nation states are now also eyeing these institutions to obtain research and IP that could secure economic or military advantage," commented Jack Porter, public sector specialist at security firm Logpoint.

"This is significant, because of the pioneering work these institutions do in advancing our understanding and use of emerging technologies such as AI and quantum computing," Porter added.

"We’re now seeing innovation accelerate in these domains and if such knowledge were to fall into the wrong hands, it could enable a nation state to progress in leaps and bounds."

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.