§9.02
Operational Procedures for Computing and Communications

Revised 09/08

  1. Communications and Networking Systems
    1. Communications and Networking Management
    2. ICS Voice Telephone System
    3. ICS Data-Switching System
    4. LBLnet
    5. ICS-Dedicated Wiring and Optical-Fiber Systems
    6. Public Address System
    7. Public Address System Announcements
    8. Radio Communications Systems
    9. Radio Paging Systems
    10. Radio Emissions Standards and Spectrum Management
    11. Card Access, Security, Alarms, and Surveillance Systems
    12. Video, Fiber-Optic, and Other Signal Systems
    13. Video Teleconferencing
    14. Remote Access Services
  2. Electronic Access
    1. Background
    2. Fundamental Principles and Characteristics
    3. Kinds of Access
    4. Forms of Electronic Publishing
  3. Use of Information Systems and Services
    1. Background
    2. Definitions
    3. Scope
    4. Fundamental Principles
    5. General Page and File Policy
    6. Home Page Policy
    7. Server Policy
  4. Computer and Network Security
    1. Basic Principles
    2. Organization for Computer Security
    3. Responsibilities
    4. Host Policies
    5. Procedure for Handling Computer and Network Security Incidents
    6. Confidentiality of Computer Files
    7. Computer Security Monitoring
    8. Physical Security
    9. Network Citizenship Guidelines
    10. Information Security Guidelines
    11. Training and Awareness
    12. Computer and Network Security Glossary
  5. Computer Software
    1. Laboratory-Developed Software
    2. DOE-Developed Software
    3. Public Domain Software
    4. Commercial Software
    5. Licensed Software

A. COMMUNICATIONS AND NETWORKING SYSTEMS

1. Communications and Networking Management

Laboratory voice telephone, cellular telephone, data-switching, networking, and teleconferencing systems (except for public address and radio communications systems; see Paragraphs (8) and (11), below) are managed by the IT Infrastructure Department of the Information Technology (IT) Division. Laboratory communications systems include the Integrated Communications System (ICS), which is based on a large distributed voice/data digital switching system and LBLnet, a Laboratory-wide high-speed local area network. These systems also include extensive underground and intrabuilding copper-wire and optical-fiber cable plants and microwave links. Inquiries or suggestions concerning the operation or development of Laboratory communications and networking resources should be directed to the IT Infrastructure Department.

All requests for communications and networking resources, services, or expenditures must be processed through the appropriate office of the IT Infrastructure Department, as described below.

Procedures governing communications, networking systems, and computing may be found on the Berkeley Lab IT Policy Web site.

2. ICS Voice Telephone System

  1. Requesting Services. The Telephone Service Center handles requests for all types of ICS services, including information about voice and cellular telephone services. To ensure compliance with DOE and Laboratory policies, voice services or equipment may be ordered only through the Telephone Service Center. Unauthorized equipment may not be attached to the ICS system or its related equipment. Violations causing damage may result in the cost of repair being charged to the responsible party.

  2. Repairs. Requests for ICS repairs should be made to the Telephone Service Center.

  3. Planning New or Changed Services. Planning for and design of new or modified ICS services are accomplished through the Telephone Service Center to ensure compatibility with existing systems and the most cost-effective use of Laboratory funds. See Telephone Service Center in the Organizations and Services section of the Telephone Directory (Directory Services on the Web) for the appropriate extension.

  4. Long-Distance Services. It is the Laboratory's policy to use the least-cost routing for long-distance calling. ICS automatically selects the least-cost facility for long-distance service.

  5. Personal Calls. Laboratory desktop and cellular telephones are for official business, and the Laboratory pays for each official call. Use of Laboratory telephones for brief personal calls is permitted when required by changes in work plans, emergencies, or coordination of work activities with family members or others who can be reached only during working hours. These calls are also treated as official calls and are paid for by the Laboratory.

    1. Desktop Telephones. If an employee finds it necessary to use a Laboratory desktop telephone for a personal call not treated as an official call (see above), the employee is responsible for the cost of the call. Pay telephones are located throughout the Laboratory for the convenience of employees. See the General Information/Pay Telephone Locations on the Telephone Services Center Web site for specific locations.

      Laboratory telephone use is subject to audit by random sampling. Employees may be required to validate an itemized telephone bill and reimburse the Laboratory for personal calls not treated as official calls.
    2. Cellular Personal Calls. Laboratory cellular telephones are intended for official business use. Issuance of a cellular phone must be approved by the employee's division management.

      Employees must acknowledge receipt of the cellular procedures governing the use of Laboratory cell phones by returning a signed copy to Telephone Services MS 50E0101 prior to receiving a Laboratory cell phone.

      If an employee does not adhere to the cellular procedures, his/her Laboratory cell phone may be disconnected, and further disciplinary action may be taken.

    3. Personal Usage Criteria. Personal usage must also satisfy the following criteria:

      • It does not impact or interfere with the employee's legitimate job performance.
      • It does not impact or interfere with the work of any other employee or the correct functioning of any Berkeley Lab information service.
      • It does not support running a business or paid consulting.
      • It does not involve illegal activities or violate Berkeley Lab policy.
      • It does not involve any activity that could potentially embarrass Berkeley Lab, DOE, or UC, or result in a loss of public trust.

  6. Calling Cards. The Telephone Services Center handles all requests for calling cards. Requests for calling cards must have the approval of the requester's division director or division administrator.

  7. Laboratory Telephone Directory, Operator Information, and Other Telephone Directories. The Telephone Services Center maintains the word-processing and database systems used to publish the Telephone Directory. The information in these systems is also used to provide operator information services. Electronic versions of the directory are available through the World Wide Web and other servers. All requests for changes to published information or inquiries about electronic access to personnel data should be directed to the Telephone Service Center.

3. ICS Data-Switching System

  1. Requesting Services. The Telephone Service Center handles requests for all types of ICS switched-data services. These services primarily provide asynchronous switched connections between terminals, personal computers, Laboratory computer systems, and incoming or outgoing connections over external communications networks.

    Unauthorized equipment may not be attached to the ICS or its related equipment. Connection of RS-232 asynchronous devices to ICS data sets may be done by users as long as the equipment is authorized. If in doubt, check with the Data Communications Support Group. See Communications & Networking Facilities in the Organizations and Services section of the Telephone Directory (or in Directory Services on the Web) for the appropriate extension. Violations causing damage may result in the cost of repair being charged to the responsible party.

  2. Repairs. Requests for ICS repairs should be made to the Telephone Service Center.

  3. Technical Questions and Planning. Users needing to discuss technical issues or plan significant data-switching applications should contact Communications & Networking Facilities of the IT Infrastructure Department. See Communications & Networking Facilities in the Organizations and Services section of the Telephone Directory (or in Directory Services on the Web) for the appropriate extension.

4. LBLnet

  1. Requesting Services, Technical Questions, and Planning. LBLnet is a Laboratory-wide high-speed local area network managed by the IT Infrastructure Department of the IT Division.

    LBLnet also provides Wireless LAN installation and coordination services (WLAN) to the Laboratory as part of its standard networking technology and service offerings. To ensure interoperability and appropriate cyber security and to prevent radio frequency interference, only the IT Infrastructure Department will provide WLAN services that are integrated with LBLnet. The authority of the IT Infrastructure Department for WLAN services extends to remote Berkeley Lab sites, and all deployment of WLAN must follow the Berkeley Lab policy for Radio Frequency Management specified in RPM §9.02(A)(13) (Radio Emissions Standards and Spectrum Management).

    Requests for services, information, planning of new installations, or changes to existing installations should be directed to the LBLnet office. See LBLnet in the Organizations and Services section of the Telephone Directory (or in Directory Services on the Web) for the appropriate extension.

  2. Repairs. Requests for repairs to LBLnet should be made through the LBLnet Operations Office. See LBLnet in the Organizations and Services section of the Telephone Directory (or in Directory Services on the Web) for the appropriate extension.

5. ICS-Dedicated Wiring and Optical-Fiber Systems

All interactions concerning planning for the use of, or information about, these resources should be directed to Communications & Networking Facilities of the IT Infrastructure Department. See Communications & Networking Facilities in the Organizations and Services section of the Telephone Directory (or in Directory Services on the Web) for the appropriate extension.

ICS wall receptacles include a separate keyed receptacle that can be used to support a wide range of communications services over twisted-pair copper wire between any two points in the Laboratory. Twisted-pair copper-wire and optical-fiber facilities with customized terminations can also be provided. Off-site dedicated twisted-pair wire facilities requiring Pacific Bell or other supplier services must be ordered through Communications and Networking Facilities.

6. Public Address System

The Laboratory public address system is designed to give broad coverage in most buildings and general work areas to provide general announcements to Laboratory personnel. It may be used to transmit information during emergencies, but it is not considered an emergency communications system.

Modifications and maintenance of the public address system are under the exclusive control of the Engineering Division Communications Engineering staff. See Communications Engineering in the Organizations and Services section of the Telephone Directory (Directory Services on the Web) for the appropriate extension. Communications Engineering must be notified in advance if any changes in the public address system are required.

The public address system is tested on the second Wednesday of each month at 2 p.m. The test consists of alert tones (two beeps in quick succession) followed by a voice announcement. To ensure complete coverage, employees should notify Communications Engineering or their building managers if the test announcement is weak or unintelligible.

7. Public Address System Announcements

Announcements are normally made by the Fire Department dispatcher or the telephone operators. Use of the public address system is reserved at all times for emergencies and health and safety matters. See Integrated Communications System Office in the Organizations and Services section of the Telephone Directory (Directory Services on the Web) for the appropriate extension.

8. Radio Communications Systems

The Engineering Division Communications Engineering Group is responsible for the engineering, installation, maintenance, and adjustment of Laboratory radio communications systems such as portable, mobile, base, and microwave radios. All requests for such equipment require authorization by this group. See Communications Engineering in the Organizations and Services section of the Telephone Directory (Directory Services on the Web) for the appropriate extension. Each request should include a description of the intended use and the need for the equipment or system desired. Purchased equipment is Laboratory property and should be returned to the Engineering Division when the authorized use or function is completed.

9. Radio Paging Systems

Requests for internal Laboratory-provided and Laboratory-maintained radio pagers should be made through the Engineering Division, Communications Engineering Group. This group is responsible for the engineering design and maintenance of Laboratory radio paging systems. Requests for external vendor-provided radio pagers should be made through the Telephone Service Center.

10. Radio Emissions Standards and Spectrum Management

The Engineering Division Communications Engineering Group is responsible for the Laboratory's spectrum management and radio emissions. All equipment that generates or uses radio frequencies must be certified by this group for initial installation and after any changes or modifications.

11. Card Access, Security, Alarms, and Surveillance Systems

All requests for card access, property protection, area surveillance, and personal assistance alarm devices must be made through the Physical Security and Property Protection group for approval by the Security Manager. Physical Security and Property Protection will coordinate engineering design and installation with the Facilities Division. For security points of contact, see the Integrated Safeguards and Security Management Web page.

The Facilities Division is responsible for the engineering design, installation, and maintenance of security systems. Security maintenance issues should be directed to the Work Request Center.

12. Video, Fiber-Optic, and Other Signal Systems

The Engineering Division Communications Engineering Group has services available for the design and installation of video, fiber-optic, and other signal systems.

13. Video Teleconferencing

The Information Technology Division has responsibility for Laboratory video teleconferencing systems. Current conference rooms include 50B-4205 and 50F. Point-to-point and multiple-site direct-dialed conferences are possible in Standards Mode and in both VTEL and CLI proprietary modes. For more information, see Berkeley Lab Communications and Networking Resources.

A dedicated full-motion microwave radio video to SLAC is located in Building 71-263.

For information or technical support, contact the Video Data Communications group. This group also handles scheduling for the Video Teleconferencing Room. See Video Conferencing in the Organizations and Services section of the Telephone Directory (or in Directory Services on the Web) for the appropriate extension.

14. Remote Access Services

The Information Technology Division is responsible for Laboratory-managed and funded remote access services, including reimbursed services. The IT Infrastructure Department is the Responsible Office for establishing procedures and guidelines for the provision or reimbursement of remote access services, including dialup, DSL, cable, satellite, cellular packet switches, and other data services. The Computer Protection Program is the Responsible Office for establishing baseline security configurations and security policies governing all Laboratory managed and funded remote access services. Available remote access services and procedures may be found on the IT Infrastructure Department Web site.

B. ELECTRONIC ACCESS

1. Background

As a scientific institution, the Laboratory has a responsibility to enhance the ability of its staff to communicate with colleagues around the world. This communication includes correspondence, raw data, preliminary drafts of technical papers, and finished publications. At the same time, as a primarily federally funded institution, the Laboratory has a responsibility to ensure that federal laws and DOE directives regarding authorized access and the protection of information are observed. This operational guideline is concerned primarily with the first of these responsibilities and with questions of access. The protection of information is addressed in Paragraph (D), below.

This guideline is intended to provide a graded approach to electronic access, recognizing that the mechanisms used for granting or restricting access should be appropriate for the breadth of access desired, the sensitivity of the information involved, and the protection mechanisms in use on the systems employed.

All users of electronic media should remember that once information has been committed to the network, the originator loses all control over how it is used, how it is modified, to whom it is distributed, or to whom it is attributed.

2. Fundamental Principles and Characteristics

  1. Whenever appropriate, it should be possible to provide broad access in a convenient fashion to information held at the Laboratory.
  2. Proprietary, regulatory, and licensing constraints should be observed at all times.
  3. Information should not be made generally available before it is ready for publication. This restriction does not imply that incomplete data or unfinished documents may not be shared over the network within the workgroup, but only that such information should have appropriate access controls.
  4. Responsibility for propriety, access, protection, and usage rests with the owner of the data, files, systems, or user identification involved.
  5. The provision of electronic access to information held at Berkeley Lab is a form of publication by the Laboratory, and thus such information is subject to Laboratory publication policies. Any material that is to be made available to the general public should be reviewed by a qualified reviewer before its access restrictions are lifted. Division administrators maintain lists of qualified reviewers for their divisions.
  6. It is impossible to ensure that the recipient will treat information transmitted or posted on electronic media in a manner consistent with the degree of informality intended by the originator.
  7. Electronic correspondence originating at the Laboratory should be composed with the same care as is afforded to traditional correspondence transmitted on Laboratory letterhead.
  8. All electronic correspondence should be considered to be more permanent than its obvious conventional (telephone or paper) analogue.
  9. Electronic correspondence that identifies the author as a Laboratory staff member is often interpreted by some recipients as containing official Laboratory positions. There is no guarantee that any disclaimer inserted or appended by the originator will remain associated with the correspondence when it is forwarded or transcribed.
  10. Laboratory employees are prohibited by the DOE/LBNL Contract between the University and DOE from engaging in activities that are considered to be lobbying. Lobbying includes attempts to influence the introduction, enactment, or modification of state or federal legislation. If you have questions about a specific activity or need a complete definition, see your division director or division administrator. For more details, see RPM §2.23(H) (Contacts with State and Federal Officials).

3. Kinds of Access

This guideline covers the kinds of electronic access listed in RPM Table 9.02(B) (Access Categories). The categories of access are listed in rough order of increasing risk of damage resulting from improprieties or inadequate access control.

Table 9.02(B)
Access Categories

Information content

Breadth of access

1.

Read-only access to fully formatted publications that have been adequately reviewed in accordance with Laboratory publication policy. RPM §5.02 (Scientific and Technical Publications).

Unrestricted world access.
2. Read-only access to raw data files or to draft material intended for publication. Group only (includes collaborators).
3. Correspondence. Content-dependent.
4. Read-only access to proprietary data. Need to know.
5. Read/write access to raw data files or draft material intended for publication. Owner/designee only.
6. Read/write access to final-form publications. Author/designee or technical editor only.
7. Read/write access to files containing proprietary data. Owner/designee only.


Electronic access controls can be exercised at site, system, user, individual data set, or file level. Because of its nature as a scientific institution, the Laboratory places no generic restrictions on access at the site level. Provisions exist to deny access to the Laboratory from sites that tolerate computer network security abuses or to deny on-site access to Laboratory personnel who violate Laboratory computer and network security and propriety policies. It is not expected, however, that it will be necessary to make extensive use of these policies.

With respect to access control at the system, user, or file levels, controls may be applied at any or all levels. For most Laboratory information, access protection at any one level should be sufficient. Thus, except in unusually sensitive cases, either of the following modes should suffice:

In other words, sufficient access control can be obtained by limiting access to the system, the file, or both. Further protection can be provided by limiting the ability of individual users to access specific files, directories, or system commands, and by encrypting particularly sensitive files.

4. Forms of Electronic Publishing

Laboratory information can be promulgated electronically through four general mechanisms: correspondence, file transfer, voice and video, or facsimile. In each case, certain proprieties, procedures, and precautions should be observed:

  1. Correspondence (including e-mail, bulletin boards, USEnet News, List Servs, conferencing systems, and the like). The Laboratory correspondent is responsible for limiting his or her participation to topics within the scope of the Laboratory mission and for avoiding comments that could be construed as lobbying or attempting to influence legislation. In some situations it may be necessary to insist that one is acting as an individual expert, but it cannot be ensured that the recipients will differentiate between an individual position and an official Laboratory position. For further information, see RPM §2.23(H) (Contacts with State and Federal Officials).

  2. File Transfer (whether provided through individual user accounts or through file or data servers, including public access servers). The person posting the file is responsible for ensuring that everyone who has write access to the file is in fact authorized to make changes in the file, and that everyone who has read access to the file is in fact authorized to have access to the information. These conditions are particularly true of proprietary information, but they also apply to information destined for external copyright or that has not been fully reviewed.

    Furthermore, if the existence of the file has been mentioned in any public-access bulletin board, List Serv, or conference, it must be assumed that sufficient knowledge to obtain access is available worldwide.

    If access to the data should be restricted because of sensitivity, its proprietary nature, or for any other reason, the owner must take appropriate steps to limit access to authorized individuals.

    Finally, when using public domain software (e.g., FTP (file transfer protocol) to provide access), the owner is responsible for securing up-to-date (protected) versions of the software. The Laboratory Computer Protection Program Manager (CPPM) maintains a list of names of staff members knowledgeable in appropriate software. Unexamined versions of either new or familiar programs must not be used on systems that contain valuable information.

  3. Voice and Video (including voice mail, voice-only teleconferencing, room-based or studio video teleconferencing, and desktop messaging or teleconferencing). In these cases, the rules of ordinary conduct apply. In general, the more limited the audience, the more informal the interaction may be.

  4. Facsimile. Fax traffic should be treated as if the material were being sent through Laboratory or United States mail, except that information subject to the Privacy Act should not be sent to an unattended fax machine.

The foregoing summary does not cover all cases, or even any single case in full detail. Nevertheless, it should provide guidelines sufficient to address most situations. Questions should be addressed to the CPPM.

C. USE OF INFORMATION SYSTEMS AND SERVICE

1. Background

This policy is concerned with publicly accessible electronic media and browsers such as the World Wide Web (Web) front-ended by Netscape. It provides a graded approach to control presentation and content, restriction of access, and scope of responsibility, recognizing that the procedures employed should be appropriate for the breadth of access expected and the sensitivity of the information involved.

All users of electronic media should remember that once information has been committed to the network, the originator loses all control over how it is used, to whom it is distributed, or to whom it is attributed.

These principles and guidelines use the page terminology of the Web, but they should be taken to apply more generally as technology advances. They should also be taken to apply, as appropriate, to older technology such as anonymous FTP and Usenet

2. Definitions

  1. LBL Server. A network node that provides access to information or services and that is part of or administered on behalf of a Laboratory facility, function, project, or program.
  2. Page. A logical information structure, accessible as a unit from, on, or through an information server. A page may contain links to other pages or files located on other servers.
  3. LBL page (file). A page (file) resident on any Laboratory server or accessible directly through any Laboratory server without passing through a server or page belonging to another institution.

3. Scope

These guidelines apply to all Laboratory information servers, regardless of location, and to all Laboratory files posted on any information server, whether or not located at the Laboratory, and regardless of the home page(s) or directories with which they are associated.

A server that is administered by the Laboratory for another institution or agency, or located at the Laboratory but administered by another institution or agency, is governed by the policies established by that institution or agency.

4. Fundamental Principles

  1. Whenever appropriate, it should be possible to provide broad access in a convenient fashion to information held at the Laboratory.
  2. Proprietary, regulatory, and licensing constraints should be observed at all times.
  3. Information should not be made available to the general public before it is ready for publication. This restriction does not imply that incomplete data or unfinished documents may not be made available through network information services, but only that such information should have appropriate access controls. See Paragraph (B), above. If the desired server does not provide the capability to install appropriate access controls, the information should not be posted.
  4. Responsibility for propriety, access, protection, and usage rests with the owner of the data, files, servers, or pages involved. The page owner is responsible for ensuring that both the content and presentation of information on a page are consistent with Laboratory policies and guidance. Questions concerning the suitability of information for publication should be addressed to the Laboratory Scientific and Technical Information Officer.
  5. The posting of information on any Laboratory page is a form of publication by the Laboratory and subject to Laboratory publication policies. See RPM §5.02 (Scientific and Technical Publications).
  6. Any material that is to be made available to the general public should be reviewed by a qualified reviewer before its access restrictions are lifted. Division administrators maintain lists of qualified reviewers for their divisions.
  7. The scope of responsibility of a page owner extends to, but not beyond, links that occur on the page (i.e., the owner of a page is responsible for knowing the immediate content of all links on a page, but not for ensuring the propriety of information existing at the end of an arbitrary chain of links).
  8. The default for Laboratory pages is universal read access and owner-only write access.

5. General Page and File Policy

  1. The page (file) owner is responsible for determining the appropriate level of access for the page (file) and for ensuring that appropriate access restrictions are in place.
  2. The page (file) owner is responsible for ensuring that everyone who has write access to the page (file) is in fact authorized to make changes to the page (file), and that everyone who has read access to the page (file) is in fact authorized to have access to the information. This responsibility applies particularly to proprietary information, but it also applies to information that is destined for external copyright or that has not been fully reviewed.
  3. The Laboratory may establish open pages, analogous to open bulletin boards. The owner of an open page is responsible for verifying that the person making a posting is authorized to post information on a Laboratory page. Every posting on an open page must carry the name of a Laboratory sponsor either directly or on an obvious link. The Laboratory sponsor is responsible for the content of the posting.
  4. The posting of inappropriate information on a Laboratory page or file may be cause for disciplinary action. Information that is proprietary in nature or contrary to Laboratory policy concerning lobbying, the use of Laboratory computers, or the use of open bulletin boards may be considered to be inappropriate. This policy applies to nontextual information as well as to text.
  5. All individuals posting information on any publicly accessible Laboratory page or file are encouraged to review posted material carefully. Everything posted on any network information service reflects on the intelligence, quality, integrity, and competence of the Laboratory as an institution and the page-owner and page-poster as individuals.
  6. Every Laboratory page must contain the following information directly or contain a link to an owner's page that provides it: owner's name, address, e-mail address, and telephone and fax numbers, plus any disclaimers or restrictions that apply to the contents of the page.

6. Home Page Policy

  1. The owner of the Laboratory Home Page is the Head of the Public Affairs Department. He or she is responsible for establishing and enforcing guidelines for the content, presentation, and style of the Home Page and its immediate links.
  2. The Home Page and its immediate links are to be considered as corporate data, which may be changed or deleted only by authorized personnel.

7. Server Policy

  1. The administrator of each Laboratory server is responsible for ensuring that each file on or first-level page accessible through that server has a Laboratory sponsor. The Laboratory sponsor is responsible for ensuring that all applicable page policies are observed. A first-level page is one that is directly accessible without passing through another server or intermediate page.
  2. The administrator of each Laboratory server will maintain records of the owners and Laboratory sponsors of all current first-level pages and will provide this information to the IT Division Network Information Services group in a timely fashion.
  3. The administrator of each Laboratory server is responsible for ensuring an appropriate level of data and access protection for the server and for informing file- and page-owners and Laboratory sponsors of all first-level pages of the protection level maintained.

D. COMPUTER AND NETWORK SECURITY

These guidelines are concerned with minimum acceptable computer and network security practices for general operations. Divisions or groups may apply more stringent policies if warranted by the sensitivity of the data or applications involved.

These guidelines, together with RPM §9.01 (Computing and Communications), embody the Laboratory's implementation of DOE Order 1360.2B.

1. Basic Principles

  1. Distribution of function and capability entails equal distribution of responsibility. The owners of individual and workgroup systems must assume responsibility for the proper administration and operation of the systems they control. This responsibility extends to individual staff members working at home or on travel.
  2. The Laboratory is a federally funded scientific institution. As such, it has a responsibility to enhance the ability of its staff to communicate with colleagues around the world and to practice appropriate economy in operation. Thus, the level of protection and cost of protective measures should be commensurate with the magnitude of the threat to the institution inherent in the system, breadth of access, and sensitivity of the data and application involved. Threat is a combination of likelihood of compromise and magnitude of potential damage.
  3. Breadth of access should be encouraged within the constraints imposed by provision of adequate protection. System managers are charged with the responsibility of determining and enforcing the level of protection necessary.

2. Organization for Computer Security

  1. The primary elements of the Laboratory organization for computer and network security are the Computer Protection Program Manager (CPPM) and the Computer Protection Implementation Committee (CPIC), which is chaired by the CPPM and includes computer security liaisons (CSLs) from each division, office, and center (including the Reception Center), plus assistant CPPMs for the Scientific Computing Facility, the Administrative Computing Facility, distributed workstations, telephone systems, and networks.
  2. The generic distribution of responsibility between the Laboratory CPPM and the divisions (D), centers (C), and offices (O) is given in RPM Table 9.02(D)(2) (Distribution of Computer Responsibility). Specific responsibilities are addressed in the next section.

Table 9.02(D)(2)
Distribution of Computer Responsibility

Responsibility

Responsible parties

Definition of Laboratory-wide policy Computer Protection Program Manager (CPPM)
Random file checks D, O, and C
Implementation of access policies D, O, and C
Computer and communications security training CPPM; Computer Security Liaisons (CSLs)
Computer security awareness: program definition CPPM
Computer security awareness: program implementation Reception Center; D, O, and C
Incident detection D, O, and C; CPPM
Incident reporting: internal D, O, and C
Incident reporting: external CPPM

 

3. Responsibilities

Table 9.02(D)(3)
Specific Computer Responsibilities

Responsible party

Specific responsibilities

 

Associate Laboratory Director for Operations Appoints Laboratory Computer Protection Program Manager (CPPM) and Assistant CPPMs. CPPM is listed in the Telephone Directory.
Laboratory Computer Protection Program Manager (CPPM) Defines and, with assistance of Computer Protection Implementation Committee (CPIC), implements and administers Laboratory's computer security program in accordance with Laboratory policy and applicable DOE directives.
Assistant CPPMs Assist CPPM as necessary in activities pertaining to their areas of expertise.
Computer Protection Implementation Committee (CPIC) Meets periodically to:

  • Review computer and communications security awareness and training.

  • Provide regular (at least every other year) reviews of Laboratory's computer and communications incident history and current security technology.

  • Make recommendations for revisions to Laboratory's computer security policies as necessary.

Committee reviews and revises electronic access and computer security guidelines as appropriate.
Division, Center Directors, and Heads of Offices Appoint a representative to the CPIC, for their division, center, or office and ensure that Laboratory computer security policies and procedures are observed within their division, center, or office.
Computer Security Liaisons (CSLs) Serve as two-way communication channels between Laboratory Computer and Communications Security Program and their division, office, or center.

Participate in meetings of CCSC, learn and understand Laboratory computer and communications security policy, and assist as necessary in implementation of this policy.

Human Resources Staffing Unit Ensures that all new employees, visitors, and participating guests receive an appropriate introduction to computer security policy and practice at Laboratory.
Division administrators Ensure that all user IDs and passwords used by terminating employees and guests are deactivated or continued through a Laboratory sponsor.
Supervisors and managers Ensure that employees under their supervision maintain a continuing awareness of proper computer security practices. A standard computer security awareness statement (Form CPP 13) is available from CPPM. It may be used to document a computer user's continuing awareness.
System managers Maintain an appropriate level of security for their systems.

Respond appropriately to detection of a security incident.

Are responsible for all security threats or other improper usage originating from or passing through systems under their control.

Have authority to deny access to their systems to any person observed not using proper computer security practice.

Network managers Maintain network integrity and a level of security awareness appropriate to their networks.

Know how to isolate their networks from all non-Laboratory connections and respond appropriately to detection of a security incident.

Have authority to deny network access to any system or external connection for security reasons.

Individual users Know and follow Laboratory computer and network security policies.

Bring any security violations to attention of their system manager, CPPM, or other proper authority.

Are responsible for all actions originating from user IDs under their name or control, whether or not they authorized such use.

University of California Police Department Maintains 24-hour telephone service to assist users in locating appropriate management or administrative authority to deal with suspected data security incidents.

4. Host Policies

  1. Designated Systems Administrators. All UNIX systems connected to LBLnet must have designated system administrators who have completed UNIX system administration and security education. In addition, system administrators are required to update their UNIX system security education at least annually.
  2. Minimum Standard Configurations. All UNIX systems connected to LBLnet will be required to conform to minimum standard configurations set by the UNIX group. These standard configurations include OS versions, patches, and specific utilities as well as general configuration policies. The UNIX group will post these configurations on the Web and update them as necessary.
  3. LBNL Host Database. All hosts that are connected to LBLnet must be listed in the LBNL Host database. This database will include the names of the currently designated systems administrators or contacts. The database must be reviewed annually by each division to ensure that host information is current.

5. Procedure for Handling Computer and Network Security Incidents

The computer and network security incident-handling procedure is given here in summary form. A more detailed version can be obtained from the CPPM.

An employee who encounters a suspected computer or network security incident (repeated attempts at unauthorized access or the occurrence of a rogue program, i.e., one that intends to disrupt or subvert the system in some way; viruses and worms are rogue programs) should first try to inform the appropriate people (by telephone rather than e-mail) and then, if necessary, respond to the incident.

To inform the appropriate people, call one of the following and report the system affected and the nature of the problem:

The following general rules govern response to the incident:

6. Confidentiality of Computer Files

It is Laboratory policy that all computer files be accessible only by the person responsible for those files unless that person has explicitly authorized others to access them. Access will be granted to the person's supervisor or manager if it is necessary for Laboratory purposes. This policy applies regardless of the level of access protection assigned to a particular file.

In the course of their work, certain authorized individuals (e.g., system managers and computer security personnel) are required to inspect users' files. Under no circumstances, except as specified below, are the contents of those files to be revealed and then only to the CPPM, the Director of the Information Technology Division, or such other persons specified by the Associate Laboratory Director for Operations. In these circumstances, only the following information may be divulged:

7. Computer Security Monitoring

To ensure adequate security of Laboratory computer systems and networks, a program of computer security monitoring will be conducted under the supervision of the CPPM. It will include the following activities, as necessary:

Any apparent violation of Laboratory policy, attempt at unauthorized access, or any situation that exhibits less than acceptable computer security will be reported to the CPPM for further action. In all cases involving the monitoring of user files and data traffic, Laboratory policy on confidentiality of computer files applies.

8. Physical Security

  1. Desktop and Other Small Systems. Microcomputer-based personal or desktop computers, notebook and palmtop computers, intelligent terminals, word-processing, and similar systems are commonplace in Laboratory offices and because of their portability are particularly vulnerable to physical attack, including theft. Laboratory employees who possess such equipment are responsible for ensuring the physical safety of that equipment. Contact Electronics Engineering's Installation Shop to obtain information and technical assistance with antitheft lockdown devices and permanent imprinting of the manufacturer's serial numbers on the equipment.

  2. Proprietary Software and Data. Proprietary software and data should be secured in a manner commensurate with the threat.

9. Network Citizenship Guidelines

Laboratory staff, visitors, guests, and contractors are expected to exhibit good network citizenship in all network interactions by following these rules:

10. Information Security Guidelines

These guidelines are not intended to address every situation that can arise, but to provide a reasonable background so that individuals may make appropriate judgments in those cases that are not covered. Questions should be addressed to your CSL, assistant CPPM, or the CPPM.

  1. Individual Responsibility

    1. Each user is responsible for all activities originating from any of his or her user IDs.
    2. Each password owner is responsible for all activities resulting from shared use of that password.
    3. Shared user IDs and passwords are not generally allowed, but such sharing may be appropriate under some circumstances. Users needing to share their user IDs or passwords must request authorization from the system manager. The system manager has the authority to deny such requests.
    4. Each system owner is responsible for the network citizenship of all users of that system.

  2. System Protection

    1. Access to all Laboratory systems should be available only to Laboratory staff (including participating guests and contractors) or to others through a Laboratory sponsor. If an anonymous ftp or a similar utility is enabled for a system, the system manager becomes a default sponsor for the whole world. The Laboratory sponsor assumes responsibility for all activities of sponsored persons. The use of someone else's user ID or password implies sponsorship by the owner of the user ID or password, whether or not the owner has explicitly granted permission.

    2. The safeguards that are provided by the operating system in use should be invoked to the maximum extent that does not interfere with the work of the users. Such safeguards include the following:

      • Control over system privileges
      • Protection of the password file
      • User notification of unsuccessful log-in attempts
      • Temporary deactivation of user ID after several successive failure
      • Less-than-universal defaults for file access

    3. Suitable physical security measures should be employed. In addition to appropriate fire and seismic protection, among the measures to be considered are controlled access to the space, separate locked storage of media, lock-down devices, and physical separation of backups from primary versions.

  3. User IDs and Passwords

    Access to all multiuser systems must be protected by standards that conform to the following rules:

    1. User-selected passwords. Users who select their own passwords must ensure that these passwords are consistent with the security features listed below:

      • Passwords must contain at least eight nonblank characters;
      • Passwords must contain a combination of letters (preferably a mixture of upper and lowercase letters), numbers, and at least one special character within the first seven positions;
      • Passwords must contain a nonnumeric letter or symbol in the first and last positions;
      • Passwords may not contain the user ID
      • Passwords may not include the user's own or (to the best of his or her knowledge) a close friend's or relative's name, employee number, Social Security number, birthdate, telephone number, or any information about him or her that the user believes could be readily learned or guessed;
      • Passwords may not (to the best of the user's knowledge) include common words from an English dictionary or a dictionary of another language with which the user has familiarity;
      • Passwords may not (to the best of the user's knowledge) contain commonly used proper names, including the name of any fictional character or place; and
      • Passwords may not contain any simple pattern of letters or numbers such as "qwertyxx" or "xyz123xx."
    2. Password protection. Individuals may not:
      • Share passwords except in emergency circumstances or when there is an overriding operational necessity; or
      • Leave clear-text passwords in a location accessible to others or secured in a location for which protection is less than that required for protecting the information that can be accessed using the password.

    3. Password changing. Passwords must be changed under any one of the following circumstances:

      • At least every six months.
      • Immediately after sharing.
      • As soon as possible, but at least within one business day after a password has been compromised or after the user suspects that a password has been compromised.
      • On direction from management.

    4. Password administration. If the capability exists in the information system, application, or resource, the system must be configured to ensure the following:

      • Except in the case of anonymous FTP servers and embedded systems that use only cleartext passwords, any password sent over the network is encrypted through use of secure shell (SSH), secure sockets layer (SSL), or an equivalent protocol;
      • Three failed attempts to provide a legitimate password for an access request will result in an access lockout, which is automatically restored following a period predetermined by the system manager;
      • The password is rejected when a password specification does not comply with the above requirements and the failure to comply is verifiable by automated means;
      • After six months of use, individuals are notified that their passwords have expired and that lockout will occur if their password is not changed within five access requests; and
      • If technically feasible, any password file or database used by the information system is protected from access by unauthorized individuals.

  4. Network Security
    1. Network Access

      • Scripts should not contain network access passwords.
      • Use of the default DECnet account is not permitted except in certain public-access situations.
      • Proxy access should be used for remote log-ins to VMS systems.
      • UNIX .rhosts entries should be aged and expired after 180 days.
      • .xhost + should not be used.
      • Access lists should be reviewed at least annually.

    2. LBLnet Connections

      • The network address and/or name of each Laboratory system that is connected to LBLnet, either directly or through a gateway, must be registered with the administrator of network addresses for that network. For example, an Internet-based system (i.e., one using TCP/IP) must be registered with the IT Infrastructure Department. The registration must include the user name and location of the system. The Head of the Communications and Networking Resources Department maintains a list of Laboratory network administrators.

      • Only the LBLnet Manager may authorize a new physical connection to the LBLnet, and he or she will document all such connections. The LBLnet Manager is listed in the Telephone Directory (Directory Services on the Web).

    3. Individual Remote Access

      Individual users accessing LBLnet remotely (e.g., from home) must observe all LBLnet security policies.

    4. Physical Security

      Physical access to all LBLnet computers will be limited to authorized personnel.

  5. Institutional Information

    Institutional information is any business or management information involved in the support of the Laboratory as a whole or of specific projects or groups within the Laboratory.

    1. Systems that process or store institutional data (as defined above) should be backed up on a regular schedule. The intervals between back-ups should be determined by the criticality and recoverability of the data and the frequency of update. Both software and data need to be backed up.

    2. Owners of applications that use an electronic signature as a legal signature must ensure that any risks specific to electronic signatures are analyzed and that security controls for the application are appropriate to the risks. When an on-line signature is requested, the following language should be used to indicate that a legal signature is being solicited: "The information requested constitutes a legal signature for the person named. Use of this electronic signature by anyone other than the person named, or his or her designee, is forbidden and may result in disciplinary action, dismissal, or civil or criminal liability." Electronic record keeping requirements specific to the application must be developed and implemented.

  6. Other Guidelines

    1. Specific Applications. Systems that process environmental, safety, or health data must be protected according to the stricter laws that
    2. govern these data, if the requirements go beyond DOE policy.
    3. Distribution Lists. The addressees on mail explorers and automatic distribution lists should be reviewed for proper authorization at least semiannually.

11. Training and Awareness

  1. The CCSC will develop and administer training curricula for system managers, division administrators, the reception center, and general staff, and will provide material to assist in the determination of application sensitivity.
  2. The CPIC will develop appropriate access and computer and network security guidelines and make them available to all staff as needed.
  3. The CPPM will ensure that all assistant CPPMs and CSLs receive appropriate training.

12. Computer and Network Security Glossary

FTP File transfer protocol. The process by which files are copied from one system to another over the Internet. Anonymous FTP is the process that allows such transfers to take place without requiring a log-in to the remote system.
log-in The process of gaining access to a computer system. It usually consists of providing a user ID and a password.
password An access code that is associated with a particular user ID. The user ID and password must match for access to be granted. Password protection may be applied to individual files or commands as well as to general system access.
proprietary data Data that require extra protection because they are the intellectual property of someone (internal or external to LBNL) who has restricted their distribution.
.rhosts; xhost + Mechanisms for granting and using remote access to a UNIX system.
threat The product of the probability of compromise or damage and the dollar impact of the average incident: T = p(C) X $.
user ID The name by which an individual user is known to a system. A single user may have multiple user IDs on the same or different systems. In special circumstances, multiple users may use the same user ID.
VMS proxy access A mechanism for granting access to a remote user of a VMS system.
xhost + See .rhosts.

E. COMPUTER SOFTWARE

1. Laboratory-Developed Software

In-house software development must be managed in accordance with the Laboratory Software Management Policy. DOE Order 1360.4A and DOE Notice 1360.8 define the procedures to be used for the external distribution of finished software. In particular, if finished software is to be distributed outside the United States to other than programmatically approved collaborators, such distribution must be accomplished through the Energy Science and Technology Software Center (ESTSC) or the appropriate Specialized Information Analysis Center (SIAC).

2. DOE-Developed Software

DOE policy (DOE Order 1360.4) promotes sharing of DOE-developed software wherever appropriate. This policy is implemented through the ESTSC. The policy requires review of available shared software before a decision to develop new software and submission of Laboratory-developed software to ESTSC when it may have value to other DOE sites. Both review and submission of ESTSC software are accomplished through the Laboratory Library. Questions of policy or appropriateness of software for submission to ESTSC should be addressed to the Office of Information Technology Resources (ITR) Planning.

3. Public Domain Software

Public domain software must be used with great care. Computer viruses or other such mischievous or detrimental modifications to computer software could cause significant loss or damage to the Laboratory. The importer of public domain software into the Laboratory is responsible for ensuring that such software does not contain such harmful modifications.

4. Commercial Software

Laboratory policy is to use commercial software whenever it is functionally appropriate and cost-effective rather than develop software in house. Many users share development, documentation, and maintenance costs of commercial software, and larger knowledgeable communities use the same software, which can be advantageous.

5. Licensed Software

Most commercial and some noncommercial software is made available under a license agreement. Such agreements typically restrict usage to certain CPUs, place restrictions on copying, require labeling of copies, and may contain other terms and conditions of use. Occasionally some terms or conditions contained in software license agreements are unacceptable to the Laboratory. In such cases, an acceptable agreement must be negotiated or the software cannot be used.

License agreements generally follow one of three formats:

  1. Some software suppliers (usually of larger or more expensive software) require an explicit signed agreement before delivery of the software. This type of agreement is managed as part of the official Laboratory purchase order. No staff member, except authorized Purchasing Department staff, may sign such an agreement.
  2. Other software (usually inexpensive or personal/microcomputer software) is purchased without prior agreement but is delivered to the end user with a license agreement included. Such agreements either claim to be in effect if the software is used or request a signature on a postcard-type agreement to be returned to the supplier. Recipients of such software usually want to sign the agreement and return it because that is the mechanism for obtaining updates. Generally, staff members may sign such agreements after a careful reading. Any liability assumed by the signing of such an agreement may be personal and not indemnified by the Laboratory. Questions concerning the advisability of signing an agreement or using the software should be referred to the Head of the Office of ITR Planning or the Purchasing Manager.
  3. Software is occasionally made available to the Laboratory under specific agreement, but at no cost. If the software is to be handled as proprietary information, see RPM §5.06 (Proprietary Information from External Sources).

Printed . The official or current version is located in the online LBNL Requirements and Policies Manual.
Printed or electronically transmitted copies are not official. Users are responsible for working with the latest approved revision.

Chapter 9 Contents | RPM Contents | Home | Search the RPM