Posted By Laura Sawyer, ICA Executive Director,
Monday, November 21, 2016
Late last week, ICA's website and back-end member management system experienced intermittent outages connected to a global cyberattack by hackers on numerous platforms. Twitter, eBay, and numerous other global sites were attacked as well, and many of those experienced full-day outages from which they are still recovering. Those first few attempts last week were fought off by the security systems in place at our website & member management system provider, CCS, and they were able to get all of their association clients' sites (30 associations in addition to ICA) back up and running after a couple of hours.
Phase Two of the Attack
Our provider was attacked again on Wednesday, 26 October, at approximately 5:15pm EST and all client sites were again shut down as a security measure (this protected the information housed within those systems, much like a bank's security system triggering a giant metal door to drop when the alarm is tripped). Attempts continued throughout the night that night-not only against our provider but many other providers around the globe-and into the next day. As a result, the ICA website and back-end were down for over24 hours to protect the integrity of the data as attempted hacks continued to assault the servers. Our provider was able to implement several countermeasures and our site came back on Friday night, 28 October.
Did the Hackers Access Any of Our Information?
No. The site was shut down precisely so that that would not happen. The hackers never gained access to our site (it was not the hackers that took our site down, it was our provider who took our site down in order to insulate it from the hackers). Regardless, we do not store credit card information on our site-credit cards transactions are processed through a third-party system, so that information was never at risk.
When Will This Be Over?
The site appears to be back up for good now. Our provider is working with authorities and their consultants to mitigate any issues and keep things working. Please know that our provider has been with us for over a decade so they know how crucial this timing is for us as an association.
What Is Currently Affected?
All portions of the site are back up and running now. While we did initially have a delay in regaining access to the "forgot my password" function and the ability for chairs to e-mail their division members, those problems have since been resolved. We have now updated the website to reflect the extended deadline and as you can see if you are reading this, we now have the ability to send our newsletter!
What Was Not Affected
E-mail: We were able to expedite moving ICA's staff e-mail accounts over to another provider (already planned for this month, but expedited in case we had another attack) on Friday morning, so you may again reach ICA staff via e-mail as this method of communication is no longer affected.
Social Media: For future reference, please be sure to follow the official ICA Facebook page and our Twitter handle, @icahdq, for updates. These forms of communication remain uninterrupted and they are a good source of information from ICA if our normal channels of communication are down-during this crisis we posted regular updates on both channels for our followers.
All Academic: If you've already put information into the submission site run by All Academic, all of that information was unaffected. All Academic is a different provider from the rest of our site.
How This Affects the 2017 Annual Conference CFP & Submissions Process
We share your frustration that access to the submission system was down because the "handshake" for user authentication was broken. As a result of the downtime during which people were unable to submit their papers, the paper submission deadline for the 2017 ICA Annual Conference in San Diego was extended to Saturday, 5 November, at 11:55 PM UTC (please see www.timeanddate.com to double-check what time this "Coordinated Universal Time" translates to for your time zone).
Why Couldn't We Just Circumvent the ICA Website and Go Straight to All Academic?
We would love to have done this, but unfortunately the way All Academic works is through a complex "handshake" system with our member record management system. Even nonmembers must create a profile, which is simultaneously created within AA and CCS. We cannot break that handshake; AA relies on that information and all of that information shows up in our program.
What's the Plan Moving Forward?
We are monitoring the situation closely and will keep an eye on the site over the next week. Again, while our ability to e-mail our entire membership may be interrupted if the site goes down again, our Twitter (@icahdq) and Facebook accounts will have the latest news.
One Final Thought
While there is no one to blame (hackers being the anonymous, shadowy figures that they are), I certainly have no trouble knowing who to thank. I was so impressed this past week with the teamwork and ingenuity exhibited by the ICA staff, particularly Jennifer Le (Manager of Conference Services) and Kristine Rosa (Member Services Coordinator), who worked tirelessly all week to keep on top of our provider for updates and fixes and to problem-solve themselves while simultaneously answering our all of your calls and e-mails-they manually did several hundred "forgot my password" requests when that function was down-and they kept a great attitude and an heroic amount of patience the entire time. ICA is incredibly lucky to have these two on our team. Thank you, Jen and Kris!
Lastly, thanks very much to you, our members and participants, for your patience as we worked through this issue and resolved it appropriately. ICA is a great community, and we've been heartened to see the support and patience our members and attendees have exhibited during this challenge. We will do our best to keep you informed and keep your stress levels reasonably low as we move forward, and we look forward to seeing everyone by the ocean in beautiful San Diego!