Inside this issue…

• In the Know: What’s happening in ISO & Berkeley IT
• In the News: Top Stories in Cyber Security+
• Policy Updates
• Grow Your Cyber Skills with Professional Development
• Upcoming Events

In the Know: What’s happening in ISO & Berkeley IT

• 2023 UC Cyber Risk Program Report: Every year the Cyber-Risk Coordination Center in the UC Office of the President puts out a report on how the system is doing as it relates to cybersecurity. This year’s annual report shines a light on the people throughout the University of California and the initiatives they’re spearheading to make UC, and all of us, more cyber-safe.

• Some highlights from this year’s report include:

  • Launched the inaugural UC Tech Academy: Cyber Leadership Program in July 2023 and hosted at UC Berkeley’s Haas School of Business 

  • Our very own Lia Grant, Assessments Security Analyst, crafted a cybersecurity game called JeoparTy, based on the Jeopardy game. JeoparTy tested users’ cybersecurity knowledge of definitions, acronyms, passwords, and the internet. To add to the fun, a “Stump the CISO” version of the game tested UC CISOs’ cybersecurity knowledge!

  • In the UC Berkeley Master of Information and Cybersecurity (MICS) program, where students participate in capstone projects during their final semester to demonstrate the cybersecurity technical and professional skills acquired during the program. The capstone projects showcase core cybersecurity technical skills, understanding how cybersecurity issues impact humans, and professional skills—proficiencies that prepare students for success in the field. The top projects receive the Lily L. Chang MICS Capstone Award, established in 2019 through a gift by Lily L. Chang.

• President’s Letter on Cybersecurity Investments
  • Endpoint Detection and Response (EDR) Project

    • In support of improving our security posture and the President’s letter on cybersecurity investments, the Security Operations and Security Development teams in ISO are kicking our existing EDR project into high gear.  Over the next few months, ISO will be working with our partners in EOS, and ITCS to push out the Trellix (formerly FireEye) HX agent using BigFix and JAMF to all supported workstations using those products. While that is happening, we will also be working with our partners in Platform Service on deploying it to all supported servers.  Our goal is to have these two groups completed or nearly completed by the beginning of August.

      After the beginning of August, we will be shifting our focus to non-centrally supported users and admins who will be required to utilize the agent under the UC EDR deployment standards. We recognize that there are going to be use cases where EDR will not work, so we are also in the process of developing both mitigation plans and an exception process to align with the standards.

      For more information please visit the Endpoint Detection and Response Service Page

• CDU Privacy & Pronouns: CalNet has released a new Campus Directory Update tool that allows you to customize privacy settings for individual data fields (such as email and phone number) and even hide your entire directory entry from directory search results.  The new app also allows users to display their pronouns (which will be entered by students in BCS, employees in UCPath, and alumni in BCS or with the Registrar). To see the new tool and customize your settings, log into mycalnet.berkeley.edu using your CalNet ID and select “Directory Update” from the menu.

• ISO Kudos: 

  • Members of the CalNet team have been recognized along with stakeholders across the campus for their work on the Gender Recognition and Lived Name implementation program with the 2024 Chancellor’s Outstanding Staff Award. Congratulations to Mary, Brian, Jonathan, Xijie, and Summer (previously with CalNet)!

  • Our Web Application Security Assessment course, a partnership with the School of Information, won the 2023 California College Personnel Association’s Outstanding Use of Technology Award and was named runner-up for the Gartner Eye on Innovation Award for Education in the category of Enhancing Student Experience.

• ISO Recruitment Updates: 

  • Recruitments in Progress

    • SecOps

      • Senior Security Analyst - ISA4 and ISA5 (only one role will be filled)

    • CalNet

      • Data Sys Anl 2:  Interviews are in progress

  • Upcoming recruitments:

    • CalNet 

      • Sys Admin 3

    • SecOps

      • Security Analyst 2 (two roles will be filled)

In the News: Top Stories in Cyber Security+

• Xz utils: Xz utils is a popular data compression library found in many Linux distributions and in MacOs via homebrew. Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The critical vulnerability found in recent versions of the xz library, liblzma, includes a malicious code injection designed to allow unauthorized remote access. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library. Luckily, the affected versions were not widely used when the issue was discovered. xz utils 5.6.x is no longer considered trustworthy and as a precaution, we recommend downgrading any packages and OS systems to use xz utils 5.4.6.

• Palo Alto Networks firewalls vulnerable to critical command injection flaw: In recent news, it was identified that 22k+ Palo Alto firewalls could possibly be vulnerable to ongoing attacks.  The CVE-2024-3400 flaw is a critical command injection vulnerability impacting PAN-OS versions in their GlobaLProtect feature that allows unauthenticated attackers to execute commands with root privilege using command injection triggered by arbitrary file creation.  The vulnerability appears to have been actively exploited in targeted attacks since at least March 26, 2024. The flaw was disclosed by Palo Alto Networks on April 12, with the security advisory urging system administrators to apply provided mitigations immediately until a patch was made available. (NOTE: UCB firewalls are not running a vulnerable version of PAN-OS)

Policy Updates

After an extensive campus review process, we are pleased to announce that the updated Minimum Security Standards for Electronic Information (MSSEI) was ratified on Feb. 29, 2024, effective April 1, 2024. An announcement was sent to all campus employees via CalMessage in early April. 

A new MSSEI home page provides a high-level overview of the updated Standard, plus links to the full MSSEI, the former MSSEI, and IS-3. There is also a project to develop a “requirement finder” to assist people with identifying relevant requirements. Questions about the MSSEI can be directed to [email protected]. 

The Data Classification Standard is being updated to include a third classification category, Recovery Level (RL), from the systemwide IT Recovery Policy, IS-12. This way all of the IT classification scales (Protection Level, Availability Level, and Recovery Level) will be together in one campus standard. It also provides campus-specific clarifications and examples for Recovery level, and changes the title of the Standard from “Data Classification Standard” to “IT Classification Standard”.

Please see the proposed revision for additional background, the review process, and a redlined version of the Standard. Comments and feedback are welcome! Please email [email protected] by May 8, 2024.

This semester, the final cohort of academic and administrative units are going through their initial IS-3 onboarding. We thank all of the nearly 100 units and the many, many individuals involved for their engagement and partnership on this priority work for the campus.

Moving forward, the IS-3 Information Security Program will transition to an ongoing program of regular reviews, annual themes, and enhanced metrics/reporting for units and Leadership. Units can expect to review their information in Socreg annually and to update their IS-3 self-assessment every 2-5 years (depending on the risk level of the unit). The IS-3 Onboarding and Review Schedule has a projected schedule through FY26. Please note that the time of year for the annual review cycle is currently being determined. Thank you to all of the Security Leads who weighed in to help identify the best timing. ISO will reach out to units with details and program support as each review period approaches.

Grow Your Cyber Skills with Professional Development

• Cybersecurity Boot Camp in the San Francisco Bay Area at Berkeley extension
• Free SANS Community Events
• Become a Cybersecurity Professional Learning Path on LinkedIn Learning
• Plus many other cybersecurity-related courses via LinkedIn Learning. As a reminder, all UC employees have free access to content on all kinds of topics for professional and personal development.

• Questions about or to report a security incident: [email protected]
• General office inquiries: [email protected]
• Contact individual ISO team members: See Staff Listing
• Visit the Information Security website: security.berkeley.edu