Many issues of note are in this story worth teasing out.
1. Do students know and understand behaviors that have the potential to compromise network security which therefore might run them afoul of IT policy?
In this case, apparently not. Not all the facts are in, so I am not trying to adjudicate this particular case. Let's extrapolate from it. As students in general, and those interested in computer science and engineering come onto our campus networks, it might be important to raise the level of technical and policy education related to their use of the network. Quarantine and patching may be with more sophisticated users insufficient warning on matters that might go up to the level of denial of service attacks. It is time to increase the sophistication of our education on network security to meet this challenge.
2. Does the administration understand how difficult and frustrating it is for students to register and get into required classes?
Maybe not enough. The 5-7 year plan, and problems with completion rates, are not in all cases because students are slow to develop, but are a compacted mix of financial burdens, price of education, family responsibilities AND course requirements that place many students out of a four year sequence, especially when those classes are over-subscribed every time offered. There is no analogy to an overbooked flight, where options of free tickets and the like provide incentives. Ingenuity combined with frustration and necessity is my guess for the motivation of this incident. The student was trying to help other students expedite the means by which a schedule could be shaped.
3. Are there ways that enterprising students might know how to communicate such plans with necessary administration officials?
Not usually the case, unless you are a student at an institution that has taken student entrepreneurship and technology seriously to heart. For those that have not, there is a new crop of students out there who thrive on "coding" as an extracurricular sport. Create those channels if they don't already exist. Administrators could not only head off trouble by so doing, but encourage hands-on, innovative undergraduate research.
4. What role does IT play in all of this?
First and foremost, to protect the network. And that is what the CIO of this institution did, and did right. Let's make sure we understand what it is not: to be the communication channel for undergraduate software engineering research. Before anyone experiments on the campus network the CIO and his/her staff must be consulted and allowed to weight in on how to do it best, but as a stakeholder, not as the leader of that initiative. To think otherwise is to conflate technology at a time when higher education should be teasing the threads of what technology means to higher education out. Nor should the CIO and his/her staff be the disciplinarians. That is not our role. That said, there should be healthy communication between IT and the disciplinary bodies on campus to help those bodies understand the issues that undergird IT policy, what behaviors do and do not trip the violation wire, and to procure evidence, for example the exact number of "hits" on a server or other such forensics.
5. From Lemons to Lemonade
This is a great case where myriad higher education concerns meet: the role of IT, challenges of completion rates, undergraduate research, and how software can help a student to plan accordingly. I hope that Central Florida will take advantage of the great opportunity that this case presents not only to tease out the policy, technical, administrative and educational aspects of it, but to weave those threads back together in a way that makes sense for everyone caught up in the mix!