A6. Enhanced Cyber Security

smileybloatNetworking and Communications

Nov 20, 2013 (3 years and 7 months ago)

82 views


A6. Enhanced Cyber Security

A University Technology Support Partnerships initiative


Description and objectives:


The term
cyber security

comprises 1) hacking and unauthorized access to networks and file systems, 2)
computer viruses and other malicious so
ftware, 3) violations of intellectual property and copyright laws,
and 4) liability for negligence if hacked systems are used for illegal purposes such as denial of service
attacks, identity theft, or threats to national security. NC State cannot afford t
o have lax security in any of
these areas. The consequences of weak cyber security extend beyond the potential costly loss of data and
the reduced productivity of staff, researchers, faculty, and students. Learning in a technology rich
environment also dep
ends upon secure access to resources. Furthermore, security problems can impact the
university's ability to obtain federal grants and to comply with new national IT security requirements.


The university's good record in cyber security and compliance with

new security requirements cannot be
sustained without additional dedicated resources being allocated to this task. ITD has only one staff person
solely dedicated to computing and network security. He and already overburdened system administrators
across c
ampus face an alarming increase in cyber security problems. These include an increase in the
number of attacks and violations, in the number and types of potentially vulnerable devices on our network,
in the complexity of IT systems, in the costs of disrup
tions, and in the number of staff, faculty, researchers,
and students seriously affected by those disruptions.


In collaboration with other IT system administrators across campus and the Office of Legal Affairs, ITD
proposes to implement a more efficient,

effective and comprehensive cyber security program for NC State.
The primary objectives of this program are to improve computer and network security for NC State and to
comply with new national security mandates. Recognizing that cyber security has to be
a community effort,
the program will involve expanding education and outreach activities (see Initiative A2) in addition to
enhancing computer and network security capabilities in colleges and departments.


Implementation:


Implementation of a comprehens
ive proactive cyber security program for NC State requires the addition of
at least two qualified security staff members to focus on campus computer and network security issues.
Currently ITD has one full
-
time cyber security expert in charge of network mo
nitoring and coordinating
responses to hacker, virus and other attacks. This staff member has also been asked to serve as the
university’s HIPAA Security Officer with its associated duties and to coordinate the reporting of security
incidents as necessary
under State law as misuse of state property, but with no additional resources. (By
comparison, Chapel Hill has a five
-
person computer and network security team for a smaller and less
complex computing environment.) A single position simply can not adequate
ly cover all the attendant
responsibilities and duties for the university’s cyber security. As a result, the university now has a
necessarily reactive model. Other ITD staff and technical staff across campus are called to work on security
issues, mostly on

an emergency basis. These emergency duties now take up 50% of the time of one systems
programmer II for virus support; 15
-
35% of a systems programmer III for monitoring the network,
operating systems’ vulnerabilities and patches; and up to 80% of the time

of a Computing Consultant for
copyright violations. This pattern erodes other services, and it is repeated and amplified in colleges and
departments, where systems administrators do not have the time to keep up with new security problems and
at the same
time perform their regular duties.

The duties of new cyber security staff would fall into two categories: 1) transferred duties
-

being done now
on reactive basis by other ITD staff; 2) new proactive activities and duties in security research,
implementati
on and compliance



Transferred/existing duties:



Anti
-
virus support



Log/alert monitoring



Windows vulnerability and patch monitoring



Handling notices of copyright and DMCA violations


New proactive activities:



Develop and implement new intrusion dete
ction systems (IDS) to monitor the campus link to the
public Internet as well as key locations on campus. This would allow for increased capability to detect
attacks against campus computers and attacks originating from campus computers. Currently we are
u
sing network traffic pattern and volume analysis to monitor for attacks, but these methods miss a lot
of the activity.



Improve Windows vulnerability and patch tracking and notification of campus system administrators.



Develop better methods to detect unpa
tched computers as well as better methods of mass
-
installing
patches


initial focus on Windows computers.



Increase education and information resources for campus system administrators and general users on
computer and network security issues (working wit
h UTSP program; see initiative A2).

Outcomes and assessment

Assessment of this project will be based on the following intended outcomes:



Creation of an ITD security staff team whose job duties focus on computer and network security for
NC State. (This wil
l include transferring some duties from existing ITD staff to help consolidate the
critical cyber security work within one group.)



A proactive campus
-
wide model for cyber security (rather than the predominantly reactive model we
have been forced to adopt
due to under
-
staffing)



Improved network and computer security capabilities



Improved robustness and efficiency of campus security systems



Enhanced network monitoring in collaboration with ComTech



Advancements in cyber security research and development (
defense/monitoring areas and computer
maintenance issues such as efficient patching)



Increased support for cyber security efforts of colleges and departments



Increased education opportunities for students, faculty and staff on security issues



Increased a
wareness of students and others on the ethics and responsibilities of IT use.