THE CENTRAL Applications Office (CAO) will not investigate the cyber attack that crashed its website on Monday until after the second round of third-level offers is issued next month.
Tens of thousands of applicants were unable to check their first-round course offers for several hours on Monday morning after the website was hit by a “denial of service” attack. A decision on whether to report the matter to the Garda will not be taken until after the internal investigation is held.
A “denial of service” attack occurs when criminals or hackers manipulate computers to swamp a web address with page requests, preventing it from responding to legitimate users.
The CAO website was previously attacked on another important day in its calendar – the deadline for change-of-mind applications on July 1st. On that occasion, the site did not experience the same level of disruption as it did on Monday, and a subsequent investigation failed to identify the source of the attack.
The CAO would not say yesterday whether additional resources would be put in place to counter any repeat of Monday’s attack when round-two offers are made on September 2nd.
In a statement, CAO operations manager Joseph O’Grady said the office’s “priority” was to process offers and acceptances on behalf of students. He said the CAO would carry out a “full investigation” into the attack.
In the meantime, he said the office would keep monitoring the system to ensure continuity of online services. Cao.ie was working well yesterday, Mr O’Grady said, and was not subject to “fallout” from Monday’s attack.
“Once we have completed our assessment, we will decide how to progress this issue,” he added.
TJ McIntyre, law lecturer at UCD and chairman of Digital Rights Ireland, said it was “very difficult” to defend websites from such attacks as they can be launched from any country.
Mr McIntyre was critical of the Government’s response to cyber crime over the last decade and said Irish policy lagged behind the rest of Europe. He said there was a need for a “co-ordinated response” to provide support for critical infrastructure, which is susceptible to crime of this nature.
He added that assistance provided to law enforcement should be accompanied by reform of the law on cyber crime and funding for research into defensive measures and responses.