Tomorrow (Thursday, Jan 16th) and the day after tomorrow (Friday, Jan 17th), respectively, the UCSB Faculty Legislature and the UC Assembly will meet to discuss implementing a cyber security plan President Drake mandated for all campuses last February. In addition to this urgent and important item, the special Assembly meeting will also discuss the differential treatment of faculty and administrators regarding compensation and cost-of-living adjustments and the University of California’s continued decrease in its percent contributions to medical plans.
The SBFA Board urges you to attend either or both meetings:
The UCSB Legislature meeting will take place on Zoom tomorrow (Thursday) 3:30-5:00 PM. To attend the meeting, please RSVP here.
The UC Assembly meeting will take place on Zoom on Friday 3-5 PM. To attend you need to RSVP here by 5 p.m. PST on Wednesday. Here is the Zoom link for the meeting.
You can find the relevant documents and information regarding the Security Investment Plan here. Documentation to assess the issues of faculty COLA and decreased healthcare contributions is available here, here, and here.
Having reviewed the available documentation, the SBFA Board is very concerned about all three issues that will be discussed at Friday’s UC Assembly meeting. We offer some reflections here and the following questions regarding the implementation of the cyber security plan at UCSB, to be presented at the meeting of the UCSB Legislature tomorrow.
PROCESS / IMPLEMENTATION
What prompted this rush (only 14 months for implementation) and the total lack of respect for shared governance? I.e. Despite meeting with ITS officials for years on a regular basis, the University Committee on Academic Computing and Communications (UCACC) was never told of any security concern, and it only heard of President Drakes’s February instructions to Chancellors by chance weeks after the letter was sent.
The UC Academic Council has requested meaningful consultation with faculty and research-IT personnel: has this been done?
The paragraphs in President Drake’s February 26, 2024, letter regarding punitive measures for non-compliance are unusually threatening. They include holding off on “merit increases” for “heads of units” that are found non-compliant, a 15% reduction in insurance premiums for non-compliant campuses, and a $500,000 penalty for “non-compliant units” per “security accident.” What is meant by “heads of units”? In particular, do faculty with extra-mural grants qualify as unit heads? Don’t these measures amount to blackmail to force campuses to implement measures under pressure and the threat of punishment?
What are the plans for hiring more IT personnel to run the new system?
Many science and engineering faculty rely on legacy computer systems to drive older scientific instruments. Will they be exempt from compliance?
GENERAL:
How would this plan increase security if hundreds of thousands of students also connect their personal devices to the UC Network?
How do mandates for Endpoint Detection and Response (EDR) and tracking software not impinge on academic freedom and personal privacy?
What restrictions on email usage will the system entail? Will we be able to forward UC emails outside the system? Will IMAP support still be available? Have alternative, non-email-based plans to reach the community been considered?
DETAILS:
How have issues of computer performance been assessed, addressed, and resolved?
Would these measures exclude personal smartphone access to Wi-Fi?
How would the new protocols affect the sandbox used to develop teaching and research software?
What are the general implications for campus HPC and GPU (high-performance computing and graphic processing units) systems and research-IT infrastructure?