Info (in a) Sec: Summer 2023

Welcome to our quarterly newsletter!

Happy Summer! It was great to connect with so many of you at UC Tech! ISO was very busy at the conference, with a number of presentations, facilitations, and other activities to support this annual tradition. We've also been staying busy with tracking the emerging situation involving mass compromise of MOVEit software, Calnet work related to the Gender Recognition and Lived Name project, and getting the Cybersecurity Student Handbook ready for the upcoming semester. Keep reading for more updates, and I hope you are enjoying your summer! ~ Allison Henry, Chief Information Security Officer, Berkeley IT

Please feel free to forward this to your campus networks and let colleagues know they can join our newsletter(link is external) list to receive future installments. You can also catch up on past issues of Info (in a) Sec on our website

In the Know: What’s happening in ISO & Berkeley IT

Student Cybersecurity Hanbook

ISO is happy to announce the completion of our first Student Cybersecurity Handbook. The handbook is available online and will be an assigned agreement in CalCentral for all students at UC Berkeley this fall.

It is our hope that the Handbook helps create a culture of shared responsibility on campus regarding security best practices and empowers our students to protect themselves in today’s digital society. Each of us has a responsibility to protect our own information as well as the electronic resources of UC Berkeley. 

Handbook contents include:Security Handbook

  • Secure Your CalNet ID

  • 2-Step Verification 

  • Good Passphrase Management 

  • Secure Your Devices

  • Backup Important Files 

  • Recognize and Avoid Phishing Scams 

  • Report Cybersecurity Incidents 

  • How to Get Help

Hardcopies of the Cybersecurity Handbook will be distributed to students in limited quantities at Golden Bear Orientation, Fall Student Tech Experience, Student Technology Services help desks, and will also be available at the Information Security Office.

We believe the information contained in the Handbook is relevant for all cohorts at Berkeley, and even applies to folks outside of Higher Ed. Feel free to share it with your friends and family who need a reminder on security best practices!

ISO/MICS Web Application Security Testing Program 

The ISO/MICS Web Application Security Testing Program continues to offer free web application security testing for campus web apps. School students have discovered over 100 vulnerabilities in 9 different apps so far! Sign-ups are open for the fall and future semesters, and the service is offered to any campus-developed web application. For details, please see:

Identity and Access Managment Assessment

July marked the kickoff for the campuswide Identity and Access Management assessment kickoff.  The CalNet team has partnered with Integral Partners to perform an assessment of the UC Berkeley Identity and Access Management ecosystem.  We anticipate the assessment to last approximately 16 weeks with many stakeholders around campus having an opportunity to provide input into what will become a technology roadmap that supports and takes into account the needs of the entire campus.

    • You can view the kickoff meeting here

Gender Recognition and Lived Name Policy

Gender Recognition and Lived Name

Implementation of Lived Name for employees and HR affiliates went live on June 20th.  UCPath now provides name information to the campus to be displayed in campus systems including the campus directory and google mail.  These changes were made to bring UC Berkeley closer to our goal of implementing the University of California Gender Recognition and Lived Name (GRLN) Policy and to honor our campus communities' lived identities.

    • Where can I get more information or help?

  • If you have questions about this policy, please visit UC Berkeley's Gender Recognition and Lived Name Policy information page at

  • Questions about using UCPath should be directed to the UCPath support team

  • Questions about CalNet or campus data flow: review our FAQ or email

In the News: Top Stories in Cyber Security+

The MoveIT Breach

MOVEit' reported a significant data breach last month affecting over 100,000 individuals. The hacker group CL0p exploited a vulnerability in MOVEit, a widely-used file-transfer software. The breach, recognized as a supply chain attack, affected hundreds of organizations worldwide, including government agencies, private businesses, and major pension funds. Prominent victims include the U.S. Department of Energy, Ernst & Young, British Airways, and pensioners in Tennessee and California. CL0p now threatens to leak the stolen data online unless a ransom is paid. Progress Software has since released a patch to address the MOVEit vulnerability.

This event reflects a trend in the cybersecurity landscape where attackers target supply chain vulnerabilities. It underlines the need for prioritizing vulnerability mitigation. Notably, Fortra uncovered a similar incident involving GoAnywhere MFT, a managed file transfer solution, in a zero-day supply chain attack in January 2023. Additionally, the Accellion data breach in December 2020 targeted secure file-transfer software, which was a supply chain attack but bot a not a zero-day attack.

These events suggest that ransomware operators are refining their strategies, targeting resources with a high probability of containing sensitive data. They are also simultaneously exploiting a single vulnerability against thousands of organizations.

Policy Updates

IS-3 Program - This Year:

The IS-3 Program is continuing on schedule for the 2023-24 fiscal year. Two cohorts of units are scheduled to complete their initial IS-3 onboarding this year, and a third group is beginning its first scheduled review. Please see the IS-3 Onboarding Schedule for timing details, including a projected schedule through Fall 2025. 

This will wrap up the initial IS-3 onboarding activities for campus academic and administrative units, and will begin the project’s transition to an ongoing program of regular reviews. 

IS-3 Program - Looking Forward:

Beginning in July 2024, units can expect to review their information in Socreg annually and to update their IS-3 self-assessment every 2-5 years (depending on the risk level of the unit). ISO will reach out to units with details and program support as the time approaches.

The Information Security Office will also develop an annual toolkit that focuses on a key risk area relating to IS-3. These toolkits will provide information and actual tools, such as services or templates, to help units make progress in the focus area. Over time, we envision having a robust tool chest of tools and services to help units manage their information security risk.

Success Stories from the Field

Facebook Screenshot
Success Stories

In a recent development, bad actors fraudulently offering jobs from purported professors have altered their modus operandi in response to the efforts of the security operations group. 

In an attempt to avoid detection, these malicious actors have branched out to new channels and are now exploiting Facebook groups to propagate their bogus job offer messages. 

Always check an offer from a professor with their number and the campus directory, or use their official email address. Like most good scammers, they can make it look really close, but there are differences, so check the campus directory before responding.