Working together to protect from cyber attacks

Share this on social media:

Nick Fowler and Steven Inchcoombe introduce SNSI, an initiative to solve the cyber challenges facing the scholarly communications industry

Last year the Washington Post and several other media outlets reported that the U.S. Department of Justice (DoJ) was investigating pirate website Sci-Hub.

According to the Post, the investigation, which has both criminal and intelligence-gathering elements, is being undertaken because there is a suspicion that the founder of Sci-Hub, Alexandra Elbakyan, may be working with Russian intelligence to steal U.S. military secrets from Department of Defense (DoD) contractors. Why does the activity of an illegal website, supposedly operating in just the space of academic research, warrant investigation by the DoJ?

The answer is simple – cybercrime, to which the higher education sector is particularly vulnerable. In fact, the education sector is the third largest target of cyberattacks, ahead of retail, with library systems routinely storing a tremendous amount of personal data, making them dangerously attractive targets. Rutgers University has reportedly had to spend $3 million on cybersecurity. The UK’s National Cyber Security Centre last year published its first report on the cyber threat to UK universities, noting that some of the effects of state-sponsored espionage include damage to the value of research, notably in STEM subjects, a fall in investment by public or private sector in affected universities, and damage to the UK’s knowledge advantage.

In the specific case of Sci-Hub, academic content (journal articles and books) is illegally harvested using a variety of methods, such as abusing legitimate log in credentials to access the secure computer networks of major universities and by hijacking “proxy” credentials of legitimate users that facilitate off campus remote access to university computer systems and databases.  These actions result in a front door being opened up into universities’ networks through which Sci-Hub, and potentially others, can gain access to other valuable institutional databases such as personnel and medical records, patent information, and grant details.

This can cause significant damage. It can result in slowing IT systems, attacks and phishing; loss of access to electronic resources; personal profiles accessed and amended including changing mobile/cell numbers; skewed usage metrics; virus and / or monitoring software placed on personal computers – not to forget the unnecessary time and effort of staff analysing and then dealing with this activity.

Such activities threaten the scholarly communications ecosystem and the integrity of the academic record. Sci-Hub has no incentive to ensure the accuracy of the research articles being accessed, no incentive to ensure research meets ethical standards, and no incentive to retract or correct if issues arise.

As this issue goes beyond that of the illegal accessing of academic research, publishers cannot tackle it alone. We need to work with librarians, university network security officers and others responsible for cybersecurity in academic institutions which is why a new pan-publisher initiative has recently been set up with the purpose of encouraging exactly that. The Scholarly Networks Security Initiative brings together publishers and institutions to solve cyber challenges threatening the integrity of the scientific record, scholarly systems and the safety of personal data. The group will explore, for example, how the dangers related to Sci-Hub use can be included in information literacy and other library outreach programs.

This action shouldn’t however been seen in isolation and is designed to complement other activity being undertaken by publishers to address Sci-Hub’s supposed USP - that all research from all publishers can be accessed in one place.

Academic research was digitised and made available across a range of platforms faster than music or film content. Open access articles are immediately accessible and sharable by anyone who wishes to read them. Most publishers have policies that allow authors to post their articles to publicly accessible platforms such as author websites and institutional repositories, and most fully support pre-print servers which allow researchers to post preliminary versions of their articles to share breaking developments with their peers.

Publishers worked together to create Crossref so that research outputs could be easy to find, cite, link, assess, and reuse. Publishers have also been working together as part of the RA21 initiative, now called seamlessaccess.org, to make access to articles easier for researchers using their institutional log ins when they are not on campus. As publishers implement it across their platforms it will negate the need for researchers to log in again each time they move between publishers’ websites. Most recently, a group of publishers came together to develop GetFTR (Get Full Text Research), a new, free-to-use solution that will enable faster access for researchers to the published journal articles they need from a wide variety of discovery tools that they are already using. 

Ultimately a combination of forces are needed to protect institutions from cyber-attacks and to ensure that researchers are presented with the best possible user experience, safe in the knowledge that the work they are accessing is correct, up to date and properly connected to the scientific record. Awareness of the damage Sci-Hub is inflicting on institutions and academia needs to be increased. Law enforcement efforts to address the site’s illegality need to be supported. And publishers need to continue making their platforms more interactive and interconnected so that our communities can access the research we publish how they want to. We need to demonstrate that Sci-Hub is not only harmful to the research community but that it is also redundant.

Nick Fowler is chief academic officer at Elsevier, Steven Inchcoombe is chief publishing officer at Springer Nature); they are co-chairs of the Scholarly Networks Security Initiative (SNSI)

Other tags: