Posted by Leah Burns, IT Communications Coordinator, UCOP. “We need to make a collective effort to stay well-informed about what causes cyber risk,” said UC CIO Tom Andriola at the 2016 Cybersecurity Summit. “As perpetrators get more sophisticated, stakes rise and we should be able to detect situations at all of our locations and make sure they aren’t affecting others.”
Over a hundred UC IT security professionals gathered at UCI February 23 for an all-day, systemwide summit on cybersecurity. The summit featured professional security organizations, including Cycura and Ingalls Information Security, along with presentations by UC staff.
Jason Ingalls, founder of Ingalls Information Security, kicked off the day with a presentation about the role of virtual reality in cybersecurity. “Miniscule amounts of data contain a lot of information that perpetrators are looking for,” he said. Using 3D visualization, Ingalls showed how technologists can literally go inside data structures to identify abnormalities. This technology allows intrusions to be noticed quickly, but it also has drawbacks in that it’s harder to teach and more expensive.
UC IT Policy Director, Robert Smith reviewed the cybersecurity framework (CSF) issued by the National Institute of Standards and Technology (NIST), and how to apply them in an institution designed for openness, like universities. The five functions of the framework are:
- Identify – know your assets
- Protect – limit the damage
- Detect – find the bad actors
- Respond – hunt the bad actors and expel
- Recover – get back to a normal state
“The impending adoption of this framework will help university leaders ask the right questions to manage cyber risks,” said Tye Stallard, information security manager at UC Davis, who attended the summit. “It’s not just an IT problem, but involves investments to have trained people, documented and repeatable business processes, and technology to detect and react to threats.”
A little fun was added to the mix. Summit attendees played “Game of PWNS” – inspired by the television show, “Game of Thrones” – in which they developed cyberattack scenarios. The winning scenario was a Distributed Denial of Service (DDoS) hitting web services, routers, vending machines, and parking meters. Winning team member Victor Hill (pictured right), UCR manager of technical operations, said, “Effective cyber defense requires understanding attack vectors and prioritized mitigation of associated risks. The exercise enabled us to come together and raise cybersecurity awareness in a challenging set of scenarios.”
The event wrapped up with a review of the UC cyber incident escalation protocol. Chief Information Security Officer David Rusting (pictured left) emphasized the importance of addressing cybersecurity incidents collectively. “What goes on at a department or campus doesn’t stay at a department or campus for very long,” he said. “We continue to strive for a culture of ‘when in doubt, report.’ When one of us gets hit, we all get hit.”
I’m all for sharing across our system to minimize/mitigate risk and attacks. So, where should we “report” in a way that will get system-wide attention when it should, and not when it shouldn’t?
Annelie, thanks for the question. The best place to start is your information security officer, who knows the protocol for communicating incidents.