• NCAR Annual Report
• CISL report
• EOL report
• ESSL report
• RAL report
• SERE report

Cybersecurity enhancement

UCAR manages and maintains a large and diverse set of compute, data, data storage, email, web, and network servers that form the core information technology within the institution. Not only are these systems valuable monetarily, they comprise vital scientific research tools and business continuation systems used by the UCAR organization and university communities. To pursue the scientific mission of the organization in an unobstructed manner, CISL is committed to maintaining a security posture that represents an enterprise to the community and adheres to NSF security best practices and recommendations.

Providing secure information technology systems within CISL and across UCAR supports the NCAR strategic priority of "Developing and providing advanced services and tools." It is vital to the organization that we protect systems, data, and intellectual property at the highest level possible that keeps usability and security in balance. This work is supported by UCAR Communications Pool indirect funds.

During FY2007, these factors are vital to the continued security of IT systems at UCAR:

• Coordinated consistent security policies and procedures across UCAR by the Computer Security Advisory Committee (CSAC), with a goal of achieving the appropriate balance between reasonable protection and pursuit of the scientific mission of the institution

• Staff participation in the community-wide, NSF-sponsored Cybersecurity Summit 2006 held in December 2006

• Initiating a redesign of the UCAR-wide token authentication service

• Placing increased importance on computer and network security when acquiring and configuring new equipment (computers, storage, network routers, etc.)

• Coordinating security training for system administrators throughout UCAR

 

To maintain a meaningful security posture and to fulfill the near-term security objectives of CISL, the following plans for FY2008 are in place:

• Produce a UCAR/NCAR Cybersecurity Strategic Plan for 2007-2012

• Perform in a leadership role at the NSF-sponsored Cybersecurity Summit 2007

• Complete implementating one-time password (OTP) technology across UCAR

• Upgrade our aggressive network and host monitoring tools; augment current intrusion detection system (IDS) software

• Engage in collaborative efforts with peer and TeraGrid centers to share cybersecurity information, best practices, and incident notification

• Optimize our central logging system to incorporate all of UCAR

 

Cybersecurity at NCAR is supported by a combination of NSF Core funding and UCAR Communications Pool indirect funds.