Two weeks before a “malicious threat” crippled Regis University’s information technology services — rendering the Denver campus’s phones, email and internet useless just as summer courses ended and the fall semester began — Bob Bowles was teaching students how to respond to a cyberattack.

“Once an incident happens, the first thing you want to do is contain the damage, stop the bleeding,” said Bowles, a cybersecurity professional of more than 20 years who is now the director of Regis’ Center for Information Assurance Studies. “Go into ratification and recovery phase — determining how it happened, patching the weakness and trying to put controls in place.

“Then you come up with lessons learned,” he said. “Every incident is unique. Even if you did it perfectly in terms of response time and recovery, you always wonder what worked well, what didn’t work well. It’s a continuous cycle.”

Bowles and the rest of Regis’s cybersecurity faculty have witnessed their lesson plans come to life since the attack two weeks ago that continues to wreak havoc on campus technology services. Although the academics aren’t on the frontlines fighting the intrusion, leaving that job to IT services and forensic investigators, the educators are taking notes.

They plan to use the attack as a case study in their own classrooms and as a lesson for others in the community.

“It’ll have an impact outside of our cyber programs as well, I’m sure,” Bowles said. “There’s more of a community focus. Everybody wants to help because it’s not like you’re isolated. If government or private industry gets hit, it affects us all. I see the information sharing happening so much more. Whenever there’s an incident where somebody suffers a loss, if we can all learn from those events and better prepare ourselves, that’s one of the good things I can see that’ll come out of this.”

Shari Plantz-Masters, dean of Regis’s College of Computer and Information Sciences, said the university plans to hold an invitational conference when the situation is resolved to talk about what they learned and help prepare others.

“We’ll be able to analyze what we did well, what we could have done differently, how we’re going to move forward,” Plantz-Masters said.

Cyberattacks are becoming increasingly common, with nearly two dozen Texas cities last month hit by hackers who took down or otherwise crippled computer systems while demanding ransom payments to restore them.

Regis is the first non-military school in Colorado to earn the prestigious designation of being a Center of Academic Excellence in cybersecurity form the U.S. Department of Homeland Security and the National Security Agency, said Plantz-Masters.

As an example of the some of the rigorous work that earned the school the designation, Plantz-Masters noted the institution has its own “cyber-range” — an internal network in which students can fight off actual cyberattacks carried out by volunteer industry professionals.

Plantz-Masters said use of this network did not cause the current situation at Regis, which was still in a recovery phase on Thursday.

Phone lines and faculty and staff email remain down. While some Mac computers have been restored, PC computers on campus remain under “quarantine.” The downed university website has been redirected to a makeshift mothership of information at regisupdates.com, which is kept up to date with the latest on the attack and how to navigate around it.

Regis officials said experts were still investigating what was happening, and have declined to say whether the attack involved a ransom demand.

“These things take time, and our first priority is the recovery of our systems,” said Jennifer Forker, Regis spokeswoman. “We’ve spoken with law enforcement, and it may be a while before we can speak to the ‘who done it’ side of this. Things are getting back to normal. All of our classes, including our online classes, are resuming. Students have email. Some employees have regained the use of their computers and that will continue throughout the week. The system is not totally up but we’re making progress.”

A student in Bowle’s cyber course who also works for the campus’s IT services and has been helping battle the attack came to Bowles recently to let his professor know just how relevant the lessons were.

“He said, ‘We put together exactly what you’re teaching in the classroom,’ ” Bowles said. “That’s what we like to hear.”