Dealing with the Perils of Cyberspace
by Fred Siff, Vice President and CIO
We live in an age where threats to our security come at us on multiple levels, from multiple sources. The UC community has been reminded of those coming from cyberspace by the hacking incident in May. We decided to build this summer issue of UCit now around the issue of information security, to inform the community and to hopefully reduce any anxiety that might have been aroused by the incident.
UCit has a number of security measures in place, on an ongoing basis, designed to protect our information resources. Every day we see millions of attempts - yes, millions; these attempts are usually automated - to enter our secure space, breach the firewall, and so on. Most of these are routinely denied. Such is the world of cyberspace we live in. It becomes particularly difficult for public institutions like UC, which provide open access to some systems to the public, and secure others. There are levels of security, much as in your personal life. We cannot afford (in terms of openness and system architecture) to have the highest level of security on all systems. Much as one might design a home security system: what level do you want/need/afford? It is a serious design issue. The real truth is, no matter how much effort you put into security, it can be breached with enough effort on the part of the intruder, just like at home. An intruder can breach even the most intense security system by waiting for an opening, like a door left ajar or a window open.
We take our responsibility to protect the university's digital information resources very seriously. These include not only the new UC Flex financial data, but personal data of employees and students, which is why we deeply regret the security breach identified in May. While it was small and contained compared to scores of others at universities - just the week before our hack, Purdue and Stanford went public with breaches that compromised between 13- and 27,000 social security numbers; last week the University of Southern California announced that some 270,000 records of applicants over the past several years were compromised - it was not small to each of the nearly 3,900 employees whose records the hacker might have viewed. We have taken many steps both to notify and assist those who were affected. There are several articles in this issue regarding identity theft, informing the community what might be done to manage the situation, whether affected by this university incident, or in one of the many ways such information can be compromised, often without the knowledge of the individual. In our society, it is prudent for everyone to take precautionary steps, and we identify them. We are also working with the university's human resources division to put on a seminar for the community on managing your digital identity and information. We expect to hold this seminar in September.
There are other steps being taken. We sent out a security flyer to the entire university last year, reminding individuals what they can do to safeguard their own information. (The single greatest security vulnerability continues to be poorly guarded individual passwords.) We are reevaluating the security protection on our network, systems, and over 400 servers under central UCit management. By September, we will have upgraded the universityıs firewall protection at the front door of the UC.edu domain. We are communicating with the campus system administrators who operate local servers, regarding security precautions they should take. We have established a position responsible for information security to coordinate all of the policies and procedures in this area. We plan to install a sophisticated spam filter that will not only improve the 'email experience' but also reduce the probability that a recipient will respond to one of these, thus threatening their security. We are already embarked on a multi-year program to change the employee and student identifier from the social security number to a new code; this will begin with the new UC Flex Human Resources Management System, due to go online next July.
This issue of UCit now is designed to address very legitimate concerns of our community. We hope it addresses yours and provides you with the information you need to protect yourself from the threats of cyberspace.
|
