[A close look] Research team to focus on security

Experts at UC Berkeley, with other institutions and businesses,
are expected to begin work soon to research and develop technology
that will make communication systems more secure.

On Monday, the National Science Foundation announced its
decision to establish a new center, called the Team for Research in
Ubiquitous Secure Technology, that will focus on the cybersecurity
project.

The announcement comes at a time when University of California
institutions are also taking measures to help prevent security
breaches like those that have occurred at various campuses.

Recently, the personal data of some students, faculty and staff
may have been compromised as unauthorized individuals breached
university security measures at different UC campuses.

This month, UC San Francisco officials notified 7,000 students,
faculty and staff whose personal information may have been
compromised in February when a computer containing their Social
Security numbers was hacked.

Last month, an individual breached security measures and placed
information on the main computer at the plant biology department at
UC Davis. The Social Security numbers of 890 staff, faculty and
students were on the computer.

Mitchel Benson, a UC Davis spokesman, said there was no criminal
intent to obtain personal information by the individual. Though
there is no indication that the individual accessed the personal
data, those whose information was on the computer were notified of
the security breach.

The university is in the process of implementing a new security
protocol, Benson said.

Researchers who put together the TRUST cybersecurity project
proposal and presented it to the NSF focused on addressing the
vulnerability of computer systems, said Fred Schneider, a computer
science professor at Cornell University and the chief scientist at
TRUST.

“On the one hand, we are becoming dependent on computer
systems … for daily life. On the other hand, you cannot trust
them, and when they are not secure we all pay the price,”
Schneider said.

Institutions that will participate in TRUST, he said, are doing
so to prevent the problems that security breaches can cause.

Universities such as Carnegie Mellon, Mills College, Vanderbilt
University and Stanford University will work with UC Berkeley and
Cornell University at TRUST. Businesses, including Hewlett Packard,
IBM, Microsoft and Sun Microsystems, will also help with the
project.

“We have really gotten together a dream team,”
Schneider said.

Schneider emphasized that security breaches are not unique to UC
institutions and are occurring nationwide.

In March, hackers accessed the LexisNexis system, a data
storehouse, and obtained the Social Security and driver’s
license numbers and other personal information of approximately
300,000 people. In the same month, medical records held by the San
Jose Medical Group were stolen. The records contained information
for 185,000 current and former patients.

The UC is taking measures systemwide to reduce the risk of
future security breaches, said Ravi Poorsina, a spokeswoman for the
UC Office of the President.

Security measures required of all UC institutions are being
updated and expanded to cover all university networks, Poorsina
said.

The newly updated security policies, she said, will aim to
improve the security of university networks by controlling access
and making means of identifying users more secure.

In addition, chief information officers from each campus attend
meetings held at various times each year, said Ken Orgill, the
chief information officer at UCSF.

Orgill added that security breaches and means of preventing such
incidents have been important topics in recent meetings.

In addition to the oversight from UCOP, each individual campus
is re-evaluating security measures at its respective
institutions.

Less than a year ago, a new department focusing on system
security was established at UCSF. The department was established in
response to international and national threats to systems in the
last two years, including the Slammer and Blaster viruses that
infected the university network, Orgill said.

While the department is in place, more needs to be done to
introduce policies that will make the university network more
secure, he said, such as the encryption of sensitive data.

The department has plans to institute what Orgill referred to as
a “first layer of defense,” which involves creating a
firewall that encompasses the entire campus, though these plans
still require university approval.

The new policy, expected to be approved in the next two weeks,
addresses 14 security practices developed by the Information and
Educational Technology at UC Davis. The IET is particularly
emphasizing some of these practices, including continuously running
anti-virus software, devising firewalls, and removing unnecessary
personal data from computers.