Recent cyber attacks and increasing federal regulation and compliance activities are the latest challenges faced by the Lab’s cyber protection team.

“Two serious cyber attacks, which occurred within the last six months, have revealed serious and intractable vulnerabilities in our computing environment,” said Computer Protection Manager Dwayne Ramsey. “They caused significant damage to the Lab’s resources and reputation.”

Stolen credentials were the initial vector for both attacks. Intruders masqueraded as Berkeley Lab users or collaborators and exploited trust relationships between computers. The intrusion then quickly extended to other machines inside and outside of the Lab. To date all initial credential thefts have occurred on remote systems outside the Lab’s control.

There is no simple defense against this type of attack. The goal of the Computer Protection Program (CPP) is to have system administrators integrate good account management principles into their daily operations.

“As the Lab’s CIO, I will soon require Division certification that all users of its systems are authorized and that unused accounts have been purged,” said Sandy Merola, CIO and ITSD Division Director.

CPP will offer specific guidance to improve account management and provide consulting. CPP will also issue new protection policy for networks with trust relationships, which will apply to networks using NIS technology and cover all “extended webs of trust.”

Another form of defense will require certain users located offsite to use one-time password technology for login access. The scope and implementation schedule for this policy will be released within the next month. CPP will work with ITSD’s Computing Infrastructure Support (CIS) Department to create a one time password “store,” and possibly a central authentication server. This will make it easier to comply with the new policy. CPP provide implementation assistance to the owners of these networks and monitor for compliance with the new policy.

In addition, the Lab is under increasing pressure from OMB/DOE to comply with a variety of cyber protection policies. There are three areas of OMB/DOE compliance that must be addressed: risk management, disaster recovery testing and self assessment.

These fit within our overall protection strategy, and will strengthen our program significantly when completed, Ramsey said. CPP is developing guidance to assist in the preparation of the necessary documentation and testing to complete these assurance activities.