UCSF Banner
UCSF home page UCSF home page About UCSF Search UCSF UCSF Medical Center
UCSF TodayMasthead

Front Page

People

Features

Multimedia

Calendar

Spotlight


calendar

CUCSF Memory and Aging Center Memory Walk

FYI… UCSF in the News

Search UCSF Today

Week in Review

Strategic Plan

Help/Resources

Science Café

Advancing Health

UCSF Identity

UCSF Mission Bay

News Services

Archive

 
NEWS
<!-- -->

First Appeared Wednesday, 01 October '03

UCSF Takes Steps to Protect IT Systems from Attacks

By

After suffering from a major disruption of essential operations due to attacks on UCSF’s computer systems by viruses and worms, the University is taking steps to better guard its information technology from hackers.

UCSF has been hit by repeated attacks on computers using the Microsoft Windows operating system.


print
Print story

email
E-mail story

“These particularly powerful computer infections, once in place, spread quickly and easily from one UCSF computer to another, sending copious amounts of infected email, degrading computer and server performance, bringing down the network, and disrupting normal academic, clinical, research and administrative operations,” said Steve Barclay, vice chancellor of administration, in a Sept. 19 email message to the campus.

While some campus and medical center computer systems were back online and conducting business as usual within hours of the attacks, other department computers were down for a couple of days, making communicating to the campus about the virus itself impossible.

Since then, campus and IT staff have met to discuss and evaluate the situation. They found that:

• The disruption could have been minimized or possibly even prevented. Software patches that would have blocked the virus and worm attacks were available but had not been installed on many UCSF computers running Windows.

• Taking action to further safeguard the network will require increased preparation, vigilance and collaboration between campus IT, the schools and the medical center.

• It is likely that the UCSF network and technology infrastructure will be attacked again.

UCSF campus and medical center information technology (IT) units, with guidance from the Chancellor’s IT Governance Committee, are working on a plan embodying both short- and long-term strategies to put in place an information security structure to address this increasing threat to mission-critical systems and functions.

Short-Term Actions

To immediately address current threats, UCSF is recruiting two senior network security specialists to begin working by October and will install network traffic analysis tools this fall to provide better visibility of the level and types of network traffic at the network connection level and allow for better detection and targeting of specific problem devices.

In emergency situations, network access to any computer found to be infected or that poses an immediate threat to the network will be denied. Until the tools described above are available, it may still be necessary to shut down individual subnets but only under the direst of circumstances. This action will be taken only under the direction of the campus and medical center chief information officers, following agreed-upon policies and procedures, and after thorough analysis by a team of Network Operations Center staff. Affected individuals or units will be notified immediately.

In addition, the campus will establish an improved desktop support framework with better lines of communication between distributed IT support personnel and central IT units. The first step in this process, to be made in consultation with departmental managers and IT technicians, will be an assessment of the capabilities of the existing support structure and an identification of the gaps in support and developing a plan to close them.

The above actions represent improvements, but preventing future attacks will require everyone’s diligence, Barclay adds.

Central and departmental IT staffs need the cooperation of all computer users to keep current with software security patches, install anti-virus software and consider installing personal firewalls where appropriate. Despite numerous communications to the IT support community, many computers on campus today still remain “unpatched” and vulnerable.

Long-Term Actions

Over the last few months, the central IT units have been developing a strategic action plan to improve the level of information security on an enterprise-wide level. This plan includes major improvements to perimeter security, the purchase of additional software security tools that identify – and prevent – attempts to hack into the network, and the implementation of secure messaging. This planning is being undertaken in a careful, methodical manner and will include solicitation of input from the user community through the IT governance process and consultations with campus and departmental leaders.

In addition, the campus will provide periodic updates on the activities outlined above to the UCSF community.

For additional information on security patches, personal firewalls, antivirus software and other security-related items, please see the information security website. Those with questions about how to keep their computer system protected should contact their Computer Support Coordinator (CSC). If you don’t have a CSC, contact Customer Support Services at 514-4100.

Questions and comments can be directed to Ian Tuller, director of customer support, security and planning via email.

Links:

Information Security Website
Feedback | Help | Contact | RSS News Feed

Please direct all comments or questions to the ucsftoday editor. For technical comments or questions please contact our webmaster.

The University of California, San Francisco, CA 94143, (415) 476-9000, Copyright 2008, The Regents of the University of California.