Project name: Network security coordinator

Project name:

Network security coordinator

Sponsor:

ITPG Security Working Group

Project summary:

UCSB has experienced repeated and ongoing computer system compromises over the past several years. There has been dramatic increase in security incidents over the past year and it is unlikely that these activities will abate in the future. This proposal seeks to define a campus focal point for electronic communications security issues with the creation of a Campus Network Security Coordinator position. This position would be recruited at the CNT-III level.

The position would serve as the primary contact for computer/network security issues at UCSB, handle CERT reporting and liaison with law enforcement, develop security services (e.g. conduct scans for known vulnerabilities and report results to system administrators, arrange Access Control List (ACL) installations with the NOC for blocking active attacks, operate an intrusion detection system), formulate proposed security policies, participate in ITPG-SecWG, distribute information on secure service operations via web and classes, and help secure systems after compromise on a recharge and time-available basis. The position would be part of the Campus Network Programmers, subject to relocation as part of the Office of Information Technology.

How this project supports the academic mission of UCSB:

Computers and networks are a permanent and integral part of UCSB's research and instruction efforts. Security incidents result in loss of access to these resources, loss of data, and loss of staff time. This project will help reduce the number of successful system compromises, allow for a more thorough response to new incidents, and permit rapid restoration of service.

At present, the coordination and response functions outlined for this project are marginally provided by the Campus Network Programmers (CNP) on an as-needed basis. The number of incidents has increased substantially over the past several years to the point that CNP efforts on other campus projects are being impacted. This project will relieve existing CNP staff of this responsibility and allow renewed efforts at other service areas.

Funding source and how this project relates to it:

There is no funding source at this time. Existing efforts by the CNP have been provided through the annual IP recharge (RUAC).

Costs - initial year and recurring:

First-year costs are anticipated at approximately $121924, with $92790 per year thereafter.

Costs associated with this project would include the one FTE (approx. $65000/yr. + benefits), a desktop computer, a laptop computer, and monitoring system with proper intrusion detection software and vulnerability analysis tools (approx. $28200 first year, $5066 each subsequent year), S&E (approx. $3500/yr., including space, pager, and telephone), and one training/conference event (approx. $3000/yr.). Two additional training classes at $3000/ea. are included in the first year.

Matching opportunities (if available):

No matching opportunities are known.

Staff support required:

One FTE at the CNT III level.

Existing resources to be used:

Existing CNP staff will provide initial training and access to the limited in-house software/hardware used for current compromise detection and response.

Project timeline:

Ongoing. Initial implementation would depend upon locating appropriate staff and a period of 3-4 months for the evaluation and acquisition of necessary hardware and software.

Life cycle of result:

A replacement cycle and its associated support would continue indefinitely, contingent on continuance of funding.

Please note that the funding of this position would provide for a seed position for campus electronic security and that over time, the needs in this area may increase.