The Cavalier Daily
Serving the University Community Since 1890

U.Va. asks faculty to take cybersecurity precautions, avoid business with sanctioned areas amidst war in Ukraine

University leadership issued the guidance in an email sent to all academic division faculty and staff Monday


The University is encouraging members of the University community to exercise caution on the Internet and ensure individuals are not giving or receiving services or doing business in sanctioned areas as the Russian invasion of Ukraine continues. Currently, sanctioned areas include Russia, Belarus and the Luhansk and Donetsk regions of Ukraine.

The conflict between Russia and Ukraine stems from the dissolution of the Soviet Union in the 1990s, when Ukraine gained independence — the country has long been divided between Ukrainians who see Ukraine as part of Europe and those who feel it is linked to Russia. In 2014, Russia invaded and annexed Crimea, and tensions have risen since. Belarus has supported Russia in its invasion of Ukraine, while the Ukrainian regions of Luhansk and Donetsk publicly stated their intent to secede from Ukraine and join Russia, which became part of the pretense for Russia’s invasion. 

In an email to professors and researchers March 14, J.J. Davis, executive vice president and chief operating officer, Ian Baucom, executive vice president and provost and vice president for research Melur Ramasubramanian said sanctions and restrictions imposed by the U.S. and other nations do have an impact on the University.

“We anticipate that the U.S. and international response to the ongoing crisis in Ukraine will continue to evolve over the coming days and weeks,” the email read. “The University will monitor these changes and assess impacts on our community and activities.” 

Among the active sanctions issued by the U.S., it is prohibited for businesses to provide services — financial and non-financial — to or from individuals and entities in the previously listed areas. As such, providers like Duo and Zoom — which the University contracts services from — will not be available in those countries.

The University advises that professors and researchers contact the University’s Office of Export Controls before getting a shipment from a sanctioned region, engaging with entities or individuals in sanctioned regions and entering into or operating under existing relationships between entities or collaborators in sanctioned regions.

University spokesperson Brian Coy told The Cavalier Daily that the warning from the University was not issued because of any specific threat — rather, that it was standard in times of global conflict. 

“The advice applies primarily to University employees, however we encourage students to continue to follow good cybersecurity practices in order to protect themselves from all manner of phishing attempts and other threats,” Coy said.

Philip Potter, associate professor of politics and public policy and director of the National Security Policy Center at the University, wrote in an email to The Cavalier Daily that the University is simply making sure that it is complying with government restrictions.

“The University must adhere to export control restrictions or potentially face serious consequences. This is something we track even in normal times,” Potter explained. “Increased restrictions on Russia mean that preexisting collaborations or relationships could become problematic.“

Davis, Baucom and Ramasubramanian encouraged all University community members to take cybersecurity precautions — an issue that Potter says has grown more salient due to the ongoing geopolitical conflict.

Professors and researchers should also be wary of phishing emails, a type of social engineering where a hacker pretends to be someone they are not in order to get sensitive information. They also ask community members to avoid opening malware, to update their systems to limit the likelihood that they get hacked, to backup their data and to report any cybersecurity incidents to the University Information Security office.