There are all kinds of threats on the internet, but recent high-profile security breaches, such as the one that has crippled Sony’s Playstation Network for the past few weeks, can have devastating effects.
In the case of the Playstation Network security breach, customers lost personal information and credit card information. Sony also lost consumer information. Since the hack, consumers have had serious doubts over whether the information they provide is safe.
So, is the UC Davis network safe?
“UC Davis has one of the leading information security programs within the University of California system,” said Robert Ono, Information Technologies (IT) security coordinator at UC Davis.
He said that the UC Davis network features layered security, an approach that serves to give the system reliability.
“We have 16 cyber-security standards which computers must comply with before connecting to our network on-campus,” Ono said.
Along with these standards, Ono said that the network is constantly being checked for improvements and weaknesses.
“We always monitor network traffic into and exiting the campus to identify malicious activity and vulnerabilities in computing systems on the campus network,” Ono said.
He said that the security exposure of the network is reduced through the outsourcing of credit card information processing.
“This means that we do not need to store credit card numbers and related transaction information on campus. Even with this outsourcing, our contractual agreements with our online credit card processors include specifications defining operational security standards,” Ono said.
He said that UC Davis strongly supports information security training. Over the summer, the university will host a system-wide security conference where over 300 technologists will attend. The conference will provide the technologists with computer and network security instruction.
Even with this security structure, the IT department still has standards in place in the event of a breach.
“The response plan is based on evaluating the scope and nature of a reported security incident,” Ono said. “We evaluate the severity and urgency of the incident to prioritize our response and define our reporting requirements.”
He said that if the network was persistently attacked by continuous and multiple intrusion methods by a hacker or hackers, that a breach could happen.
“However, that is likely true of any other higher education institution or corporation,” Ono said. “We do everything possible, within a cost-effective framework, to minimize the chances of a breach.”
Ono said that there are almost 30,000 systems connected to the UC Davis network on any given day, so it is important there is compliance to the security standards in place to minimize the chances of security risks.
“A vulnerable system is more likely to be successfully attacked and a compromised system could be used to spread malware and/or attack other vulnerable computer systems and data,” Ono said.
Nevertheless, Ono believes that the IT department is doing everything possible to protect the UC Davis network.
“I think we’re doing a very good job at protecting university information with the systems we have in place here and with the skilled group of security technologists we have,” he said.
Matt Bishop, professor in the department of computer science at UC Davis, believes the network is safe.
“They take a lot more precautions here than in commercial places when it comes to protecting information,” Bishop said.
Bishop said that the network is always monitoring itself and any threats to make sure everything that can be done, is being done.
“Let’s put it this way, I’d worry about other things than a Playstation-style breach here,” he said.
The Cyber Security Public Awareness Act of 2011 is attempting to raise the awareness of the concerns these security breaches pose. The bill attempts to raise public awareness of attacks on the government, attacks on infrastructure and attacks on businesses and consumers.
“Information breaches, such as the recent Sony breach, are raising everyone’s attention as to how computer vulnerabilities can create great privacy threats to individuals; as a result, we could see some legislation being instituted in the next 12 to 18 months,” Ono said.
ERIC C. LIPSKY can be reached at science@theaggie.org.
