I felt compelled to write this Letter to the Editor in response to The Highlander’s front page story entitled “Cyber attack on ASUCR website decreases transparency” published on January 13, 2015. I am an avid reader of The Highlander and regularly enjoy reading through it each week to learn about relevant and noteworthy happenings on our campus. Thus, I was very surprised to see that this insignificant subject actually made the front page headlines. As the Marketing Director of ASUCR, I would like to subsequently correct the many inaccuracies and questionable framing that was present throughout this story.
Speaking as a UCR student, I hope to see front page articles in The Highlander being more noteworthy and applicable to the campus community at large. It surprised me to see how a temporary site shutdown that occurred in Fall Quarter was the front page story at the start of the Winter Quarter, when articles in the same issue included stories such as “UC risks losing $120 million in proposed state budget,” “UCR alum begins path to ‘American Idol’ stardom,” and “Moldy university daycare building to reopen Jan. 26.” I would argue that any of these stories are more relevant and more attention-worthy as a front page news story
As Marketing Director and a fan of The Highlander, it was disheartening to see what was presented in the article in question. Starting with the headline, there was no deliberate cyber attack carried out upon the ASUCR website; both instances of the website going offline was due to unexpected and out-of-our-control technical problems. I firmly do not believe that having our website go offline for a combined 6 days (not 5 weeks) this school year made an impact on making ASUCR less transparent to the student body. I would have appreciated it if The Highlander could’ve mentioned the numerous updates we make with our robust social media presence which updates the student body to remain transparent. Moreover, it was surprising to me that the article was commenting on reduced transparency within ASUCR and block quoting a student’s concerns on a separate issue, but fail to mention how The Highlander livestreams and uploads every ASUCR senate meeting for the very purpose of staying transparent.
In terms of managing the website, the Marketing Director’s position has not been removed from that responsibility. The management of actually logging on to upload and update items on the website has fallen under the purview of our professional staff member, Amy Carrizosa, who has been an invaluable resource; however, creating the content that will be uploaded on the website has been and continues to be the Marketing Director’s responsibility, so there is no need to “set procedure for shifting job responsibilities.” The other reason our professional staff handles the technical side of the website is because students and student employees are not allowed access to OmniUpdate— the University’s website portal we’re currently using. Also, it is important to note that even when operating the website using the WordPress portal, we were still under the University’s firewall protection, and there was absolutely never any sensitive data on our website that could be compromised. When our website was first created, UCR C&C still had WordPress support; now that the campus has switched to providing support for OmniUpdate, we felt it was appropriate to also switch from WordPress in order to minimize vulnerabilities that could impact the site.
I want to give an accurate context of what happened with the ASUCR website. On September 17, 2014, office members had discovered that our website was offline and inaccessible to the student body. Immediately, we began to notify the students about the offline website through our Facebook page (facebook.com/ASUCRiverside) and followed up with a campus-wide email with information on how to access key resources while we worked with UCR Computing and Communications to sort out why and how the website went offline. Luckily, UCR C&C detected the problem as being a vulnerable plug-in being used on the website and patched the plug-in, thereby putting the website back online promptly on September 19, 2014. ASUCR conducted its work as usual with the now restored website, but on October 22, 2014 the website once again went offline. UCR C&C notified us that there was some spyware that infected the website, causing it to crash. C&C also notified us that the website would not be able to function at optimum performance at this point, and recommended ASUCR temporarily switch to our older website format at this point. On October 24, 2014, we officially switched to the recommended format in order to minimize the down time of the website, and began to update our new website with pertinent information.
