The purpose of this document is to define NCSA security policies and
processes. This document will also provide the methods for their
definition and implementation, assign responsible management, and
establish mechanisms for their review and resolution of any conflicts or
incidents. It is intended both as an internal policy statement and
definition of responsibility, as well as a description of security level
definitions and mechanisms of interaction with the policy and procedure
generation process for Industrial partners and academic users. In
general, detailed procedures to implement and assure security compliance
are not distributed with this document. However, those procedures which
impact users and collaborators' day-to-day operation and interaction
with NCSA are included here.
INTRODUCTION
NCSA supports a variety of computing systems, services, and development
projects for a set of national academic and industrial users. It is the
responsibility of any organization to protect its assets and those of
its staff and clients or collaborators from injury, theft, or
unauthorized use. For the NCSA environment, this can be broken down
into a number of areas:
* Personal Security of Staff and Possessions
This involves the personal safety of people (including staff,
partners, collaborators, and visitors) while working at any of the
NCSA sites, including their movements to and from transportation.
Also included are considerations for the protection of their personal
possessions at all times.
* Physical Security of Property
The buildings, equipment, and records of the organization require
protection from fire, theft, and unauthorized use. This area
overlaps several of the others listed here.
* Intellectual Property
This encompasses ideas, methods and scientific results which may be
said to belong, either formally or informally, to an individual or
organization. This applies to staff as well as to academic and
corporate researchers and organizations. It may be as simple or
informal as the acknowledgement of publication rights to an original
idea, or as formal as the handling of licenses or patents for
equipment, software, or methods.
* Non-Disclosure Material
This is a special class of intellectual property, that requires a
more formal treatment by NCSA's Industrial and Strategic Partners.
It includes information or objects which are given to individuals for
the purpose of better carrying out their tasks, but for which the
"owner" explicitly does not want any further distribution to other
individuals or for other purposes than that originally granted.
* Computing System Security
This includes the management of the computing systems and networks in
such a way as to protect against use by unauthorized individuals, as
well as to protect intellectual property (text, software, and data)
that may be stored or processed by those systems.
Due to both the nature of these activities and the needs of its clients
and collaborators, it is necessary to provide a level of security to
protect the capital investment in equipment, the personal possessions of
staff and users, and the intellectual property, data and presentation
materials associated with the supported research projects.
One component of the NCSA mission is to further the state of
computational science and engineering and its application to a variety
of academic and industrial applications. This brings to NCSA a number
of academic and industrial clients which require system solutions and
services in order to solve problems of a highly proprietary and
confidential nature. However, a very successful strategy in achieving
this mission is to create teams of application scientists, computer
scientists, programmers, and vendors which are able to quickly achieve
hardware and software systems capable of solving new problems. This can
be likened to the creation of a network of people in parallel with a
network of computing systems. This environment can function most
effectively with an open interchange of problems, ideas, and scientific
results, which in general, implies an easy access to people, data, and
those ideas and results. Such a strategy does not easily adapt to
formal security mechanisms, and it is this tension between open and
secure environments that NCSA and this document attempt to address and
balance.
POLICY
The basic policy and approach to security issues is that a set of
mechanisms are provided to the users and staff to protect personal and
proprietary materials, data, and ideas, and that those mechanisms and
their implied levels of security are documented and understood by NCSA
staff. NCSA policies will not require or mandate the sharing or
distribution of any material, but will provide mechanisms by which an
individual or group may define appropriate protection of that material.
It is left to the individual's discretion to employ available mechanisms
to protect sensitive information. It is the further intent not to
provide an arbitrarily high level of security because to do so would
remove all or much of that personal discretion in security mechanism
use, to the detriment of many of the collaborative programs which have
proven successful. Finally, in cases in which NCSA, other University
personnel or visitors are intentionally exposed to sensitive or
proprietary material, it is the responsibility of the owner of that
material to make it clearly known, in writing and before the exposure,
of the nature of the material and the limitations on its distribution.
This guideline is applied to various administrative and technical
procedures across Center activities, including physical security,
computing systems and operations, networking, visualization,
applications software, contracts, financial and system usage records,
etc. The following sections define how these procedures and policies
specific to particular working areas and groups are defined and
implemented.
OVERALL POLICY DECISION
The NCSA Executive Council, made up of the Director, Deputy Director and
Associate Directors, will have the responsibility of setting policies
associated with security. Providing security never comes without a
certain cost, whether in dollars, equipment, or human resources. The
implementation of security mechanisms in one area usually has
consequences for another area or group. The Executive Council is made
up of representatives of all the operational areas of NCSA, and its
members are charged with implementing the security levels defined.
Mechanisms exist to request changes in procedures based on these
policies. These will be discussed later in the document.
DOCUMENTATION
This document outlines the policies and procedures for security at NCSA.
The intent is to provide necessary information in this document to allow
individual users and groups to make decisions related to types of work
performed using NCSA resources. Some specific procedures and security
monitoring details will not be documented here, since in some cases,
distribution of this type of information can reduce the effectiveness of
those procedures and reduce the overall level of security. The Security
Officer may provide additional information on procedures and security
levels on an individual need to know basis.
MONITORING AND REPORTING
As part of the security assurance program (discussed in more detail in
later sections and appendixes of this document) NCSA will, under the
direction of the Security Officer, routinely monitor system and
administrative activity related to security and the overall compliance
of NCSA staff with the established policies and procedures. Regular
reports regarding issues of security at NCSA will be provided to the
Executive Council.
PROCEDURES
The Associate Director for a given area requiring security policy and
procedure definition will be responsible for the definition of specific
policies and procedures to address that area. These will, in general,
be assembled as a document which may be reviewed by the Security Officer
(described in Assurance Section below), Executive Council, as well as by
the staff responsible for carrying out the specific procedures. In
cases in which a working area may span multiple working groups and
Associate Directors, the AD's will work together or specify a single
person responsible for carrying out this definition.
Documentation of these implemented procedures may be made part of this
document at the discretion of the Security Officer. Associate Directors
will also participate in internal and external security reviews or
audits in order to analyze, justify and revise current policies and
operating procedures as they apply to those groups. Associate Directors
are also responsible for establishing a reporting line within the groups
that ensures that security violations or potential violations are
brought to the attention of the Associate Director as quickly as
possible.
A security incident is any action which violates documented procedures
or that compromises or has the potential to compromise proprietary or
otherwise sensitive information. It is the responsibility of any staff
member aware of such a situation, to report it within 24 hours to the
appropriate Associate Director and the Security Officer. The Associate
Director will then investigate the incident, and prepare written
descriptions and corrective actions which will, even if in preliminary
form, be distributed to the affected parties by the next working day
following the reporting of the incident. Any overall policy issues
brought into question by an incident, as well as recommendations for
significant changes to existing procedures will be brought to the
attention of the Security Officer and Executive Council.
TECHNICAL STATEMENTS
Policy and procedure details are inserted in this section covering the
major operational areas of NCSA. These areas include Computing and
Communications, Software Tools, Applications, Academic and Industrial
Relations, Finance and Contract Administration, Human Resources &
Administrative Services, Scientific Communications & Media Services,
Logistical Infrastructure, and the Industrial Program.
MODIFICATIONS
The Security Officer (defined in Assurance Section below) will be
responsible for coordinating changes to established procedures.
Requests for changes in procedures will be passed through the Security
Officer, and that person will respond to feasibility and costs of
changing the procedure. All internal changes in procedures will be
signed off by the Security Officer. Modifications to overall policy and
the impact of particular procedures on such policy, is the domain of the
Executive Council. Changes to the policy may be requested through the
Security Officer and will be addressed to the Executive Council.
AWARENESS
NCSA recognizes that the security policies and procedures are of value
only when the staff are made aware of both the procedures themselves as
well as the reasons that make them necessary. Reaching the appropriate
state of staff awareness is a continual process of education and review
and spans the organization at all levels.
First, each staff member will be provided with a copy of the NCSA
Security Policy and Procedures document. Its basic features and detailed
procedures for the person's particular area will be reviewed by his or
her manager during the first week of employment. A staff training
program will be developed internally, in conjunction with the Security
Officer, Industrial Program Security Liaison, System Security
Specialist, and Associate Directors, that will at least bi-annually,
present a review of security policies and considerations. All new
hires, including management, technical and clerical personnel, will be
expected to attend the first available training session following their
first day of employment. This training will include presentations and
discussions of the reason for implementing security, the policies and
procedures document, review processes, and guidelines for daily
activities for dealing with proprietary or confidential information.
Second, each working group will engage in a review of policies and
procedures pertaining to that group's activities, at least twice per
year in conjunction with the Center wide internal review of those
procedures. Care will be taken to perform this review in an environment
and manner that promotes contributions from the staff and makes them
part of the effort of defining the procedures and proper levels of
security. The Associate Director (see below) will insure that these
reviews are completed, generate recommendations if needed, and file a
report with the Security Officer.
Many individual procedures established will have the capacity to carry
outward, visible signs. Such outward, visible signs are useful in
providing regular feedback to staff on the importance of security in
general. Staff will be encouraged to make use of this mechanism to
maintain a level of security awareness.
Managers will consider security procedure compliance as part of regular
staff performance evaluations. In addition, the manager will conduct an
exit interview with a departing staff member prior to the staff member's
final working day at NCSA. This interview will cover, among other
things, a review of the non-disclosure agreements in effect for that
person. A discussion of the personal effects of the staff member will
be made to attempt to identify any proprietary materials that may be
among them and guard against such material leaving NCSA with the person.
Finally, staff will be encouraged to treat with respect the personal and
intellectual property of others, as well as the people assigned the
responsibility of maintaining that property, including Industrial
Partner representatives, University guards, etc. Such respect is
reflected in action by such things as knocking on doors before entering,
using someone else's personal computer or workstation only with
permission, responding willingly to a guard's challenge, etc.
ASSURANCE
The program of defining and implementing appropriate security levels
requires a continual process of confirming that both the defined
policies and procedures are adequate for the ongoing work of the center,
and that those policies and procedures are being properly carried out
and communicated to the staff and users. NCSA provides such assurances
through a number of organizational and operational facets.
SECURITY OFFICER
First, NCSA will maintain a position of Security Officer, who shall
report to the Deputy Director. The individual filling this position
will have responsibility for overseeing and coordinating the security
program. This person will review all Associate Director defined policy
and procedures documents with the intent of ensuring that all conform to
NCSA-wide standards and policy. This office will maintain all operative
documents including this document and all area definitions of
procedures, and will distribute them as appropriate. All external
reviews of center wide policies and procedures will be coordinated
through this office. Internal reviews and responses to these external
reviews will be coordinated and archived. This individual will be
authorized to make spot checks of group or individual activities to
check on compliance of the established procedures. Regular reports of
staff compliance and problem areas will be generated, on at least a
quarterly basis, and relayed to the Deputy Director. This office will
be the first point of contact for any request for clarification of NCSA
policy and procedures. Finally, the Security Officer will be
responsible for coordinating any resolution of incidents related to
violations of standing procedures and/or individual incidents resulting
in the exposure or potential exposure of proprietary or sensitive
information, and will coordinate all correspondence between affected
staff and users related to such incidents.
INDUSTRIAL PROGRAM SECURITY LIAISON
NCSA will designate an individual as Security Liaison for the Industrial
Partners who will report to the Associate Director of the Academic and
Industrial Relations Program. This person will work with the Security
Officer in both establishing procedures and resolving incidents related
to Industrial Partner activities and interests. The Security Liaison
will represent partner security interests during policy evaluation and
represent NCSA policy and procedures to the partners.
SYSTEM SECURITY SPECIALIST
The NCSA System Security Specialist will be responsibility for
coordinating security implementation on the various computers and
networks that NCSA supports. This person will, in consultation with
users and partners, define system security requirements, participate in
the determination of policies and procedures, and produce appropriate
documentation. The Specialist will perform periodic reviews of NCSA
system security journals and records, and take a lead role in external
system security audits and reviews. This person will be notified in the
event of any system security related incident, and will work with the
NCSA Security Officer and appropriate system administration personnel to
resolve and report the incident. The System Security Specialist will
also be responsible for identifying future system requirements for
distributed computing and data security, and assist in the planning and
implementation of software and hardware solutions.
STAFF RESPONSIBILITY
Each working area (see Appendices) will have an Associate Director (AD)
as well as an individual staff member or members responsible for
carrying out certain details of the policies and procedures for that
area. For each area, it is the Associate Director's responsibility to
see that the detailed procedures section is maintained and followed in
the daily activities of the staff in that area. It is that AD's further
responsibility to respond to requests for information from his or her
staff on specific procedures and interpretation of security policy.
It is the responsibility of each staff member to follow the procedures
defined for an area in which he or she is engaged. It is also their
responsibility to understand the underlying policies which drive those
detailed procedures, so that the individual is able to make rational
decisions in certain situations not specifically covered by the detailed
procedures. However, in the latter case, a further responsibility
exists to report the situation and have procedures clarified for future
reference by other staff. Each staff member is expected to report any
known or suspected violations of security procedures, or any exposure of
known sensitive or proprietary material to unauthorized personnel. This
report may be to the Associate Director representing that staff member
or to the Security Officer. In all cases, the Security Officer and
relevant Associate Director must be informed within 24 hours of the
incident in order to provide a timely analysis of and coordinated
response to the situation. Finally, owners of sensitive material who
wish, in the course of a collaborative project, to impose limits on the
distribution of that material, must provide to those collaborators a
written description of the material and the limits on distribution
imposed. NCSA provides, in association with University legal counsel, a
non-disclosure agreement for such cases.
REVIEWS
The Security Officer will coordinate both internal and external reviews
of NCSA security policies and procedures. Internal reviews will be
conducted with the Associate Directors and Executive Council
participation at least twice yearly. One of these biannual reviews will
be in conjunction with an external review conducted by individuals not
in the employ of NCSA. The Security Officer, in consultation with the
Executive Council, will be responsible for selecting an appropriate
review panel for conducting the external review. Such external review
will be charged with an assessment of the levels of security provided by
NCSA policy and procedures, the success of the defined detailed
procedures in meeting the broader policy objectives, and a
recommendation on any security holes or procedures that require
implementation to maintain the stated policy objectives.
Following the annual external review, the Security Officer will initiate
an internal review of the findings and recommendations of such review,
and allow for changes in the established procedures. A summary of the
external review findings and actions taken will then be made available
to all users and partners.
---Appendix 1. Logistical Infrastructure---
NCSA Facilities Physical Security
The integrity and protection of proprietary material and ideas must be
treated accordingly by staff members independent of time, situation and
location. However, the implementation of physical and system security
may be dependent upon physical location. These differences are
documented below. NCSA will treat its various facilities via a
hierarchical approach.
The most secure NCSA systems and network connections will be housed in
the Advanced Computation Building (ACB). This building contains the
large scale supercomputers, the mass storage system and data, along with
the systems and other communications handling hardware and network
connections to the industrial partners. The ACB has the highest degree
of physical security, with some office space for support personnel, but
no unescorted access or general accessibility by other staff or users.
The outside doors of the building remain locked at all times. Access to
the computer rooms is limited, and to gain access to the computer rooms
one must pass through at least two locked set of doors. NCSA Computing
and Communications staff use closed circuit TV to observe visitors, as
well as an intercom to speak with them prior to the opening of the
outside ACB door.
NCSA is the only inhabitant of this building and access to the building
is controlled by NCSA staff and other types of direct access to the
building is limited to trusted University of Illinois staff.
The ACB was constructed in 1970 to house the then expected ILLIAC IV
supercomputer. The building which consists of three floors of
approximately 8000 gsf per floor is a steel and reinforced concrete
structure with poured concrete floors and solid exterior masonry walls.
The building's structural system extends through to the roof which in
turn provides the platform for extensive mechanical equipment. The
second and third floor construction is capable of supporting the present
and all future proposed computer systems. The interior floor to ceiling
height at all levels is adequate to provide for the installation of both
raised floors and above ceiling mechanical ductwork.
The next most secure area is the Computing Applications Building (CAB).
The CAB is managed by and houses NCSA personnel and most Industrial
Partner personnel. Access to the facility is controlled through the
locking of all doors except the north, front entrance by the
receptionist area during normal hours. All outside doors of the
building are locked at all other times. The CAB is equipped with
combination locks on some of the outside doors to facilitate the handing
of visitors and minimize the distribution of physical outside door keys.
The combinations are changed periodically and distributed on a need to
know basis. The CAB has many areas designated for the handling of
sensitive material, including the industrial partner offices,
visualization and media services development areas. Access to the
facility is controlled by NCSA staff and other types of direct access to
the building is limited to only trusted University of Illinois staff.
The next most secure area is the Beckman Institute for Advanced Science
and Technology (BI), of which NCSA is one of many research group
occupants. This building and its associated programs were designed to
support a variety of interdisciplinary projects, and to foster an open,
academic environment. The BI houses many NCSA staff involved in
administration, research, applications, and software development
activities, as well as NCSA's Numerical Laboratory (NL) and Renaissance
Experimental Laboratory (REL) which supports those activities. The
building is patrolled by campus security forces, and they are stationed
directly in the facility to respond to any given situation. The
facility utilizes an ingress electronic security system to monitor and
control after hours access to the building. Security forces also use
closed circuit television cameras to monitor the building's
ingress/egress pathways.
Although NCSA has taken extra precautions with some areas (e.g. the NL
and the REL key access and home run ethernet networks and limited key
distribution for partner offices), it is necessary to integrate computer
and network systems, as well as physical access with the BI's support
and administrative staff.
NCSA workstations and peripheral devices installed in public areas
within the BI are secured through the use of fiber optic security
systems. These systems enunciate security transgressions via audible
and visual alarms monitored by campus security forces.
NCSA has also installed an ingress/egress electronic security system
throughout the NL and the REL which is compatible with the security
system used by the BI. This system enables NCSA to closely monitor and
control access to these facilities, as well as immediately detect and
respond to any type of physical security transgression within those
areas. This system also enunciates security transgressions via audible
and visual alarms monitored by NCSA staff and/or campus security forces.
NCSA's assigned space within the BI is controlled by NCSA staff, and
other types of direct access to NCSA facilities within the BI is limited
to only trusted University of Illinois staff.
Finally, NCSA staff occupy all of the Oil Chemistry Building (OCB).
Generally, no client and/or user activities are scheduled in either the
OCB without prior special consideration.
---Appendix 2. Computing and Communications---
Network Security
There are basically two main categories of concern for the network
connection between an Industrial Partner and NCSA. They are:
1) types of network traffic or services to be allowed, and in what
direction these will be allowed, and
2) physical security of the network media (e.g. ethernet coax
cable, fiber optics, etc.).
Furthermore there are three main types of networks that data may
traverse while using NCSA:
1) The wide area network (WAN) connection which includes any
telecommunications circuits (e.g. T1) terminating in NCSA and
at the remote partner site and the subnets within the Advanced
Computation Building (ACB) which connect the T1 to the
Supercomputera and the Mass Storage System. In some cases, the
partner uses the Internet, a public research data network, for
NCSA access.
2) The NCSA inter-building fiber optic backbone network between
the ACB, the Computing Applications Building (CAB), and the
Beckman Institute (BI). Partner offices are located in both
CAB and BI.
3) The "homerun" ethernet or FDDI local area network in an
industrial partner's office in the CAB and/or the BI.
WAN Connection at the Advanced Computation Building
Network Traffic Type/Access Security:
The types of traffic or network services that most Industrial Partners
are concerned with from a security standpoint, are file transfers (ftp)
and interactive sessions (telnet); in particular those that are
initiated from NCSA, or any other site, back to the Industrial Partner's
remote site. Because of these very valid concerns the remote
connections to NCSA are usually set up to allow these services ONLY if
they are initiated at the industrial partner's remote site. In cases
where the Internet is used for partner connectivity, all security
arrangements are done at the partner site and are handled by the partner
and the Internet service provider. In these cases, NCSA is only
involved in security issues relating to NCSA's inter-building network
and the partner's office LAN. Decisions regarding how the security is
defined is a partner decision made prior to the time of connectivity.
If these services are initiated at NCSA, or any site other than the
Partner's own remote site, the traffic is not allowed to pass over the
network, depending upon the partner's decision. This is called
filtering and is implemented in the routers that control the link (T1)
from NCSA to the Industrial Partner's remote site. Filtering can be
employed by partners at their sites if the Internet is used for
connectivity to NCSA, but cannot be implemented at the NCSA connection
to the Internet.
For specific example, if an Industrial Partner researcher attempts to
connect to NCSA via the network between the Industrial Partner's remote
site and NCSA, the connection would be allowed to pass through the
routers along the way because the routers which make up the network are
set up to trust these services if initiated from the Industrial
Partner's network to NCSA. On the other hand if an individual at the
University of Illinois had knowledge of the network address of a machine
at an Industrial Partner's remote site, and attempted to connect to that
machine, the connection request and any subsequent requests or data
packets would not be forwarded to the WAN circuit between NCSA and the
Industrial Partner's remote site. The packets would be filtered out by
the router at this end of the circuit. To provide redundancy, the
router at the Industrial Partner end of the T1 can be set to do the same
type of filtering. The network(s) that should be allowed or denied
access to the remote site must be specified by that respective partner
prior to the time of connectivity.
Network Media Physical Security:
All partner WAN circuits terminate in secure machine rooms in the ACB
except those that use the Internet for connectivity. These rooms house
the supercomputer systems and the Mass Storage System. The ACB is
staffed 24 hours a day, 365 days a year. The doors to the machine rooms
and the outside doors to the ACB remains locked at all times.
Critical areas outside the machine rooms are monitored via closed
circuit TV. Once each shift the NCSA Central Facility staff checks the
integrity of the motor generator rooms, penthouse, and stairwell areas.
University police patrol the area around the ACB on a regular basis.
Lastly, staff patrol the machine rooms at least once per eight hour
shift.
Security of the circuits and access to those circuits (T1, etc) between
the NCSA terminal block and the remote partner site terminal block is an
issue to be discussed between the long distance telecommunications
carrier and the Industrial Partner. NCSA has no access or control over
the circuit beyond the physical terminal block in the NCSA machine
rooms. It is the Industrial Partner's responsibility to initiate any
security concerns with the telecommunications carrier(s).
The purchase of any type of communications encryption equipment for use
in the partner's circuit(s), if desired, is the sole responsibility of
the partner.
NCSA Inter-building Backbone Network
Network Traffic Type/Access Security:
The NCSA network that connects the CAB, the BI, and the ACB is the
production FDDI ring. Only routers are allowed on the FDDI backbone,
and access to these routers is both physically restricted to NCSA staff
and restricted from a network software access standpoint. Separate FDDI
rings are provided for personal workstations that require FDDI access in
each NCSA facility. Network traffic type and access are not an issue on
the backbone; all network traffic must be allowed access to the
backbone. The type of network traffic that is carried over the backbone
is not a security threat. The main security concerns are protection of
the backbone traffic from obtrusive and/or non obtrusive tapping. This
issue is discussed below.
Network Media Physical Security:
The FDDI ring that runs between the ACB, the BI, and the CAB is a dual
counter rotating fiber ring made up of 4 separate strands of multi-mode
fiber. The fiber for the FDDI ring runs underground between buildings
and is in conduit or locked machine/router rooms within those buildings.
Besides the physical security of the network media itself there are
inherent characteristics of the fiber that make tapping of the
production FDDI ring difficult. Fiber does not radiate electrical
signals as does copper. This prevents non-intrusive tapping. Intrusive
tapping would require accessing the fiber, correctly identifying the
matching transmit and receive fiber strands, completely severing the
fiber and installing the special fiber connectors; a complex and time
consuming process. As the networks are monitored continuously, any
outage would be immediately detected and investigated. Furthermore, if
an intrusive tap were installed, the FDDI nodes on either side of the
"new" node would indicate a new upstream and down stream neighbor making
the new node easy to detect and locate.
Industrial Partner's Office(s) Homerun Ethernet in the CAB
and/or the BI
Network Traffic Type/Access Security:
The same types of access controls for network traffic type and direction
that are applied to the WAN connection can be applied to the secure LAN
(Ethernet or FDDI, for example) between the inter-building backbone and
the local partner office(s). There is one router in the CAB and one
router in the BI marked as a point at which access controls can be
implemented. These routers are the beginning of the secure LAN(s), the
other end is in the partner's office(s). Within the access router,
network traffic/type and direction access controls (filtering) are
implemented. The Industrial Partner must decide what type of access is
required to and from this subnet. The only machines on this subnet are
the ones in the Industrial Partner's office. The term "attempt to
connect" is used to indicate that filtering will determine whether or
not a specific type of traffic will be allowed on to the subnet. A
person obviously would still require a valid account and password to
actually sign onto a machine, if their traffic was allowed onto the
subnet by the router.
Some of the questions that need to be answered are:
* Should a machine in the Industrial partner's office(s) at NCSA be
able to attempt to connect to a machine back at their remote site?
* Should a machine in the Industrial partner's office(s) at NCSA be
able to attempt to connect to a machine on the campus or on the
Internet?
* Should a machine on the Internet be able to attempt to connect to a
machine in the Industrial partner's office(s) at NCSA?
These access controls can be implemented on a host by host basis (the
particular host can connect to this particular host and initiate these
services), or on a network to network basis (the machines on network A
can connect to the machines on network B and initiate these services),
or they can be mixed, a particular host to network. As indicated
earlier, all Industrial Partner filtering is set up at the time of
installation based upon the specifications of the Industrial Partner.
Partners can request changes to the filtering as desired.
Network Media Physical Security:
The coax cable for the secure ethernets run directly from the network
equipment rooms in the BI and the CAB to the Industrial Partner offices.
The coax is run above a false ceiling, in conduit/raceways, or in locked
rooms between the office and equipment rooms. The only machines
connected to this coax are the ones in the Industrial Partner's
office(s) and the NCSA backbone network router.
The network equipment rooms are locked at all times and access is
limited to authorized NCSA personnel. (A limited number of the BI
network operation personnel do have access to the router rooms in the
BI).
All the exterior doors to the CAB are locked at 5:00 pm. Please see
Appendix 1 for details regarding NCSA facilities physical security.
All of the exterior doors to the BI are equipped with key card access
controls that record who entered the building, where they entered, and
when. The system is activated after normal business hours. There is
also a 24 hour guard service in the BI.
NCSA personnel are not allowed into the Industrial Partner's offices in
the CAB, unless given permission and/or escorted or unless specifically
requested by a partner. NCSA personnel do not have keys to these
offices. Key access for the offices in the BI is limited to the partner
and to the BI administrative staff.
Additional Physical Security Information Concerning the BI:
The ethernet coax is in conduit where the homerun ethernets run down the
hallway under the floor to the Industrial Partner's offices.
Staff and partners should also be aware that the BI was built with
common floors and ceilings throughout (with the exception of load
bearing walls). Above the suspended ceiling tiles, there is
approximately 6 feet of space from the top of the walls to the ceiling.
Under the raised floor, there is approximately 6 inches of space between
the floor and the raised floor.
Operating System Security
NCSA users have access to over 450 computers, which range from the
supercomputing Crays which are accessed by over 4000 users from all over
the world to MACs and PCs which are located in individual NCSA offices.
There are two levels of computing security on which NCSA has focused.
These are 1) operating system security and 2) user data security. While
these two levels may be seen as having distinct boundaries between the
users' and NCSA staff's responsibilities, both NCSA and its user
communities must work together to ensure a secure environment for all.
The security of NCSA computing systems has been designed to enhance the
collaborative effort of those scientists who chose to work in the NCSA
intellectual environment. NCSA policy is that the user should make the
decisions regarding data sharing and has provided tools and instruction
to its users to enable them to do so. Users are encouraged to make an
effort to secure the integrity of their own data. To assist, common
sense rules with low user impact are those which are proposed to the
user community so that the compliance will be high and the efforts not
wasted. NCSA administration staff run security checks on items which
are strictly under control of the user.
The security for the operating system environment is shared by the
vendors of NCSA operating systems and the system administration staff of
NCSA for those systems managed by the Computing and Communications (C&C)
staff. Individuals may choose to maintain and provide security on their
own systems at their discretion. In order to better understand
operating system security activities and procedures, the types of
computers this encompasses are listed below:
*Cray-2, Cray Y-MP supercomputers
*TMC CM-5, CM-2, and Convex 3840 supercomputers
*Mass storage system linked to Crays via high speed networks
*Tape i/o system
*Local Area Network File Servers (general purpose)
*Group File Servers (specific to groups)**
*Numerical Lab computers
-Individual UNIX computers in public rooms
-Renaissance Experimental Laboratory (REL) computers
*Individual Unix workstations**
*Individual Apple workstations**
** Indicates systems which may be managed by individuals besides C&C.
System administration on these systems is determined by the primary user
of the system. NCSA staff systems may be managed by the C&C system
administration staff, by C&C system administration staff and the NCSA
staff member jointly, or by the NCSA staff member alone. Systems having
industrial users are explicitly managed by C&C system administration
staff, unless specifically managed by an Industrial Partner's designee.
For example, an Industrial Consultant for an Industrial Partner may
manage that partner's system(s) within that partner's office(s) if
requested by that Industrial Partner.
The operating system security goals are threefold: to prevent access to
the systems by unauthorized users, to prevent users with valid logins
from unauthorized data access, and to prevent errors by those authorized
to make system level changes.
The rest of this section focuses on the security function rather than on
specific machines since in most cases the tasks are similar for all NCSA
computers. Exceptions to these are noted in the following discussion.
Production machines refer to computers that are used by both NCSA
academic and industrial users and are administered by C&C.
Physical security
The Cray Y-MP, Cray-2, TMC CM-5, CM-2, Convex 3840 tape i/o system, and
the mass storage system are located in secure machine rooms. Unescorted
access to the machine rooms is limited to only vital system
administration, operation, facilities management, and authorized vendor
support personnel and access to the outer rooms is also limited in this
fashion. These rooms are staffed 24 hours a day. All doors on these
floors are locked at all times. The access door is also monitored via
closed circuit television.
The Local Area Network File Servers are located in designated computer
rooms. These rooms are locked with controlled access. Access lists are
kept for these rooms.
The Numerical Lab computers are located in rooms in the Beckman
Institute. These rooms are locked with controlled access limited to
authorized staff. Access lists are also kept for these rooms.
Individual workstations are subject to the physical security of the
user's offices. This is an area in which the users control physical
access to their machine.
Account security
User accounts are created with limited access permissions.
New accounts are issued with secure passwords (minimum of six characters
and possesses at least one non-alphabetic character, and contains no
common words found in the English language). Users are encouraged to set
a new password during the initial login. Password security after this
point is totally under the user's control.
System administrative accounts are maintained with strict permissions.
Passwords to these accounts are changed frequently. Access to system
accounts is monitored on an ongoing basis.
Accounts that are no longer authorized are deactivated when notification
from NCSA Client Administration is received.
File system security
All system files are protected from user modification and are checked
periodically for modifications.
All privileged programs are monitored for use or for unauthorized
changes.
Common operator activities requiring privileges are performed via menus
to log activity, to prevent user errors, and to limit access to
privileged system accounts.
Network Issues
C&C managed file systems are exported only to systems located on NCSA
managed networks, except under rare circumstances where extensive
investigations have proved that security transgression(s) should not
occur. NCSA continues to study the enhanced disk capability available
with NFS mounted file systems in light of system security needs.
Data integrity (backups)
Backups are performed periodically on all production systems. These
backups are done to ensure data integrity in the event of hardware
failures. General scratch and tmp areas on the disks are not backed up
since these data areas are very large and are considered as temporary
storage space only. Users are responsible for migrating their data
files to the mass storage system, from which regular system backups
provide media protection. Backups are tested for readability once a
month.
Backup tapes are stored in alternate secure areas in other NCSA
facilities.
System Administration Security Monitoring
Security is a very complex issue. While certain tasks can be automated,
the basic level of security must come from those administrators who, as
part of their training and job responsibilities understand their
respective systems. The number of administrators and the time spent on
system security varies with each machine. NCSA's approach when possible
security problems arise is to gather as much data as possible regarding
a possible security problem without compromising system or data
security.
---Appendix 3. Software Development Group---
SDG Project Security Procedures
This appendix describes the Software Development Group (SDG)
procedures and policies, first as they specifically relate to
projects involving confidential information and participation by
NCSA industrial partner representatives and then as they relate to
more general security concerns.
In working with NCSA industrial partners, the following security
procedures are followed in SDG activities.
General description of SDG activities with industrial
partners
SDG activities with industrial partners involve various meetings
where partner research might be discussed, projects in which
partner research data may be transferred to the NCSA computing
environment to be processed, projects in which partner proprietary
software may be transferred to the NCSA computing environment to be
enhanced or ported to an optimal architecture and/or used in the
development of software for the partner. SDG activities can be
broken down into two main categories.
1) Strategic SDG Planning
2) SDG Project Work
There are two principal areas of activity with industrial partners.
The first is strategic planning. The second is the project. The
process involved in these two areas is summarized to indicate where
security issues are present, and what is done to preserve security
in the process.
Strategic SDG planning meetings
When industrial partners are working with SDG, meetings are held
where key members of the SDG staff meet with industrial partner
representatives to discuss strategies for SDG development.
Occasionally, meetings can involve matters which are sensitive or
proprietary. In such cases it shall be the responsibility of the
industrial partner representative to clearly identify all material,
written or verbal, that is considered proprietary and subject to
non-disclosure. At the request of the partner representative, the
project leader for the SDG project will ensure that all NCSA
personnel involved have signed appropriate non-disclosure
agreements provided by the partner representative if notified by
the industrial partner that proprietary information will be
discussed.
Security action for Strategic SDG planning meetings:
1. The partner representative will notify the project
leader, before any meeting of this type, whether it
will involve security issues.
2. If security issues are involved, the partner
representative will provide a written statement to the
project leader which describes the security issue and
indicates what action is necessary to preserve
security; non-disclosure to be signed, participation
to be restricted, precautions to be taken with printed
materials, etc.
3. If requested by the industrial partner representative,
an SDG Group representative (the project leader unless
otherwise stated) will be designated to carry out the
security action. This person will execute the
security action and report in writing the completion
of the action to the partner representative and the
Associate Director of the Software Development group.
SDG projects
SDG projects are activities in which the SDG works with industrial
partner representatives to develop and deliver SDG software
projects on NCSA systems. Projects will sometimes include the
transfer of some amount of software and/or data from the industrial
partner to the SDG computing environment. The data may be
transferred to various storage areas in SDG group computing work
space. SDG projects include the following phases:
1) planning
2) multipart operation phase which includes:
a) development
b) review
c) execution
d) delivery
Security action for SDG projects:
Planning phase - two or more meetings held. During the first
meeting:
1. If the partner representative requests it, the project
will be given a code number which will include at
least the Partner name and a number. This code number
will be used throughout the project in internal and
external communications and planning tools and
documents to identify and track activities associated
it. Again, if requested by the partner
representative, no NCSA planning or archive
documentation will include a textual name associated
with the project that might reflect the specific or
general field of study.
2. The partner representative will notify the project
leader, before any meeting of this type, whether it
will involve proprietary data, concepts or printed
materials. Any special security arrangements or
precautions beyond those laid out in this document
will be addressed at the beginning of the first
meeting.
3. If security issues are involved, the partner
representative will provide a written statement which
describes the security issue and indicates what action
is necessary to preserve security; non disclosure to
be signed, participation to be restricted, etc.
4. An SDG group representative (the project leader unless
otherwise stated) will be designated to carry out the
security action. This person will execute the
security action, and report in writing the completion
of the action to the partner representative and to the
designated NCSA management person before any
subsequent meetings or planning occur.
5. A list of participants for the project is drawn up by
the project leader and the partner representative.
This validation list includes both NCSA and partner
personnel. It is to include all individuals who will
have access to any of the information through the
planning and execution of the project. It may only be
amended by signed common agreement between the partner
on-site representative and the SDG project leader. A
review of the participant list is done at the final
planning meeting, with individuals added or removed as
necessary.
Multipart operation phase (development, review,
execution, and delivery).
This phase involves obtaining access to partner research
problems, and the development of approaches to the
solutions to these problems, which may include development
of software, enhancement of existing software, or the
porting of software to optimal architectures. This phase
may also include obtaining access to partner proprietary
software, or to third party software licensed to the
partner. This software development and enhancement is
performed on NCSA computer systems (computers and disk
file systems) located in the Advanced Computation
Building, Computing Applications Building, Oil Chemistry
Building and the Beckman Institute.
Security issues in this phase involve access to data, as
well as exposure to concept/information. In this phase,
both ascii and visual display of data (visualization) as
well as text/graphic annotation may exist with video
terminal/monitor display or in printed materials.
Proprietary documentation on partner software or third
party software may be made available to SDG staff.
1. General
a. Determine from the partner representative, before
this phase, whether it will involve security
issues.
b. If security issues are involved, the partner
representative will provide a written statement
which describes the security issue and indicates
what action is necessary to preserve security;
non disclosure to be signed, participation to be
restricted, etc.
c. An SDG Group representative (the project leader
unless otherwise stated) will be designated to
carry out the security action. This person will
execute the security action, and report in
writing the completion of the action to the
partner representative and to the designated NCSA
management person. This will include a list of
personnel with need for access to data and
information.
2. Project operation; data, software or information
access and handling. The SDG group responsibility for
data, software or proprietary information begins when
data, software or proprietary information is transferred
from partner disk space, to SDG group disk space or when
printed proprietary information is handed by an industrial
partner representative to a member of the SDG group. All
systems on which SDG development is performed are
administered by either a designated member of the SDG
group or by the Computing and Communications staff.
a. As requested by the partner representative,
appropriate access permissions to SDG group disk
space is assigned to the industrial partner (as a
group). Only designated partner personnel and
SDG group personnel with need for access to this
data (validation list discussed above) will have
permission to this group.
b. If requested by the partner, partner personnel
will perform all required data transfers from
partner data space to the SDG group file areas.
At the discretion of the partner representative,
NCSA personnel will be given any access
permissions to Partner data, file systems,
directories or files.
c. SDG Group personnel with need for access to this
data are listed (as under 1c above), and will
have been cleared through the appropriate
security action.
d. During the production phase, some data will be
stored on SDG group file systems.
e. At the end of the project operation, all data
will be moved to partner designated space. This
can again be performed from the partner side,
with no access to other partner data, directories
or files given to NCSA personnel in order to
carry out these moves. Following this step, no
data from the project will remain in disk space
or file areas under SDG Group control. The
project leader will provide a final written
report stating that this has been done which will
be transmitted to the partner representative and
to the designated NCSA management person.
f. SDG staff working on industrial projects will
safeguard their work by making back-up copies of
SDG software in development. A partner may
specify particular back-up procedures to be
taken. If special equipment is needed to
accomplish these, it will be provided at partner
expense. The same precautions taken with
proprietary data, software and information will
be taken with back-up copies of this data,
software, and information. At the end of the
project operation, all back-up data and back-up
copies of software will be moved to partner
designated space. Any back-up data or software
existing on tape or another medium will be
delivered to the Partner. Following this step,
no data from the project will remain in disk
space or file areas under SDG control. The
project leader will provide a final written
report stating that this has been done which will
be transmitted to the partner representative and
to the designated NCSA management person.
3. Project operation (display and media recording of data
and research information). Security issues in this area
arise from the visual display and media recording of data
and research information and from the availability of print
media containing proprietary data or information.
a. Display on video workstations. At the request of
the partner representative all display of visual
material which must be secure will occur on video
workstations in a secure, locked workspace. If
workstations must be purchased to put in a secure
area, the cost will be paid by the partner requesting
this level of security.
b. Availability of printed material. At the request
of the partner representative all availability of
printed material which must be secure will occur in a
secure, locked workspace. This material will be
stored in a locked file cabinet or desk drawer in a
locked office when not in use. The partner will
specify the printed material to be treated as
proprietary, and the precautionary measures to be
taken when the initial written statements of security
actions required and non-disclosures are being
composed for a particular project. If special
equipment is required, e.g. a locked, fireproof safe,
it will be provided at partner expense.
c. If, during the development of the project,
additional consulting work is required by individuals
not on the initial project list, either the
information passed to them will not involve any
technical details of the project and they will not be
exposed to any proprietary data, visual
representations of that data, or proprietary printed
materials, or they will be added to the project list
by consent of the partner on-site representative.
d. The SDG project leader will manage the "need to
know" of SDG staff and other NCSA staff with respect
to partner projects in the SDG, in consultation with
the industrial partner representative overseeing the
project.
Other SDG Security Procedures
The SDG will work to maintain an environment where security concerns are
taken seriously, with the Associate Director and the project leaders
setting an example for the rest of the staff. SDG will respect the
security of personal information, as well as information of strategic
importance to NCSA and NCSA's industrial partners.
* Security will be raised for discussion on an 'as needed' basis at SDG
staff meetings
* Security issues will be discussed with new hires, both academic and
non-academic
* Signing of non-disclosure agreements will be accompanied by a review
of the associated responsibilities
* Security concerns will be discussed at exit interviews with staff
* Security of proprietary software and data will be assured by proper
use of permission shells and file protection
* SDG staff will be alerted to correct use of permission shells and file
protection
* SDG staff are housed in the Beckman Institute, the Computing
Applications Building, and the Oil Chemistry Building and will follow
recommended security procedures. Please note that these include locking
office doors when leaving the office, and carrying one's keys at all
times, particularly in the evenings and on weekends.
* Security issues will be discussed with visitors hosted by members of
the SDG on an as needed basis
* Keys and keycards which are distributed to visitors will be collected
upon their exit.
---Appendix 4. Applications---
This appendix describes the Applications procedures and policies,
first as they specifically relate to projects involving
confidential information and participation by NCSA Industrial
Partner representatives and then as they relate to more general
security concerns.
In working with NCSA industrial partners, the following security
procedures are followed in Applications activities.
General description of Applications activities with
industrial partners
Applications activities with industrial partners involve various
meetings where partner research might be discussed, projects in
which partner research data may be transferred to the NCSA
computing environment to be processed, and projects in which
partner proprietary software may be transferred to the NCSA
computing environment to be enhanced or ported to an optimal
architecture. Applications activities can be broken down into two
main categories.
1) Strategic Applications Planning
2) Applications Project Work
There are two principal areas of activity with industrial partners.
The first is strategic planning. The second is the project. The
process involved in these two areas is summarized to indicate where
security issues are present, and what is done to preserve security
in the process.
Strategic applications planning meetings
When industrial partners are working with the Applications Group,
meetings are held where key members of the Applications staff meet
with industrial partner representatives to discuss strategies for
applications development. Generally, these meetings do not involve
any matters which are sensitive or proprietary. Occasionally,
meetings can involve matters which are sensitive or proprietary.
In such cases it shall be the responsibility of the Industrial
Partner representative to clearly identify all material, written or
verbal, that is considered proprietary and subject to non-
disclosure. It is the responsibility of the Associate Director of
Applications to ensure that all NCSA personnel involved have signed
appropriate non-disclosure agreements.
Security action for Strategic applications planning
meetings:
1. Determine from the partner representative, before any
meeting of this type, whether it will involve security
issues.
2. If security issues are involved, obtain from partner
representative a written statement which describes the
security issue and indicates what action is necessary
to preserve security; non-disclosure to be signed,
participation to be restricted, precautions to be
taken with printed materials, etc.
3. An Applications Group representative will be
designated to carry out the security action. This
person will execute the security action and report in
writing the completion of the action to the partner
representative and the designated NCSA management
person.
Applications projects
Applications projects are activities in which the Applications
Group works with industrial partner representatives to develop and
deliver applications software or the results of computations on
NCSA systems. Projects will sometimes include the transfer of
some amount of software and/or data from the industrial partner to
the Applications Group computing environment. This transfer occurs
from an industrial partner CFS storage area to an applications
group CFS storage area. The data is then transferred to various
storage areas in applications group computing work space.
Applications projects include the following phases:
1) planning
2) multipart operation phase which includes:
a) development
b) review
c) execution
d) delivery
Security action for applications projects:
Planning phase - two or more meetings held. During the first
meeting:
1. The project will be given a code number which will
include at least the Partner name and a number. This
code number will be used throughout the project in
internal and external communications and planning
tools and documents to identify and track activities
associated it. No NCSA planning or archive
documentation will include a textual name associated
with the project that might reflect the specific or
general field of study.
2. Determine from the partner representative, before any
meeting of this type, whether it will involve
proprietary data, concepts or printed materials. Any
special security arrangements or precautions beyond
those laid out in this document will be addressed at
the beginning of the first meeting.
3. If security issues are involved, obtain from partner
representative a written statement which describes the
security issue and indicates what action is necessary
to preserve security; non disclosure to be signed,
participation to be restricted, etc.
4. An applications group representative will be
designated to carry out the security action. This
person will execute the security action, and report in
writing the completion of the action to the partner
representative and to the designated NCSA management
person before any subsequent meetings or planning
occur.
5. A list of participants for the project is drawn up.
This validation list includes both NCSA and Partner
personnel. It is to include all individuals who will
have access to any of the information through the
planning and execution of the project. It may only be
amended by signed common agreement between the Partner
on-site representative and the VG manager. A review
of the participant list is done at the final planning
meeting, with individuals added or removed as
necessary.
Multipart operation phase (development, review,
execution, and delivery).
This phase involves obtaining access to Partner research
problems, and the development of approaches to the
solutions to these problems, which may include development
of software, enhancement of existing software, or the
porting of software to optimal architectures. This phase
may also include obtaining access to Partner proprietary
software, or to third party software licensed to the
Partner. This software development and enhancement is
performed on NCSA computer systems (computers and disk
file systems) located in the Advanced Computation Building
or on Numerical Lab machines located in the Beckman
Institute.
Security issues in this phase involve access to data, as
well as exposure to concept/information. In this phase,
both ascii and visual display of data (visualization) as
well as text/graphic annotation may exist with video
terminal/monitor display or in printed materials.
Proprietary documentation on Partner software or third
party software may be made available to Applications
staff.
1. General
a. Determine from the partner representative, before
this phase, whether it will involve security
issues.
b. If security issues are involved, obtain from
partner representative a written statement which
describes the security issue and indicates what
action is necessary to preserve security; non
disclosure to be signed, participation to be
restricted, etc.
c. An Applications Group representative will be
designated to carry out the security action.
This person will execute the security action, and
report in writing the completion of the action to
the partner representative and to the designated
NCSA management person. This will include a list
of personnel with need for access to data and
information.
2. Project operation; data, software or information
access and handling. The applications group
responsibility for data, software or proprietary
information begins when data, software or proprietary
information is transferred from CFS (under responsibility
of NCSA Central Facilities group), to applications group
disk space or when printed proprietary information is
handed by an industrial Partner representative to a member
of the Applications group. All systems on which
applications development is performed are administered by
either a designated member of the Applications group or by
NCSA Computing and Communication (C&C) staff.
a. Appropriate access permissions to applications
group disk space is assigned to the industrial
partner (as a group). Only designated partner
personnel and applications group personnel with
need for access to this data (validation list
discussed above) have permission to this group.
No one else has access to this space.
b. Partner personnel perform all required data
transfers from Partner data spaces (on
supercomputer disk or CFS) to the Applications
Group file areas. At no time are NCSA personnel
given any access permissions to Partner data,
file systems, directories or files.
c. Applications Group personnel with need for access
to this data are listed (as under c above), and
will have been cleared through the appropriate
security action.
d. During the production phase, some data will be
temporarily stored on Applications group CFS
space. Such CFS space will be accessible only to
those individuals on the Project Validation List.
Likewise, because the CFS access requires staging
on Cray disk, the scratch file areas used for
this staging will be accessible only by those
same individuals (or fewer).
e. At the end of the project operation, all data
will be moved to partner designated space on CFS.
This can again be performed from the Partner
side, with no access to other Partner data,
directories or files given to NCSA personnel in
order to carry out these moves. Following this
step, no data from the project will remain in
disk space or file areas under Applications Group
control. A final written report stating that
this has been done will be transmitted to the
partner representative and to the designated NCSA
management person.
f. Applications staff working on industrial projects
will safeguard their work by making back-up
copies of applications software in development.
These will typically be stored to cfs. A Partner
may specify particular back-up procedures to be
taken. If special equipment is needed to
accomplish these, it will be provided at Partner
expense. The same precautions taken with
proprietary data, software and information will
be taken with back-up copies of this data,
software, and information. At the end of the
project operation, all back-up data and back-up
copies of software will be moved to partner
designated space on CFS. Any back-up data or
software existing on tape or another medium will
be delivered to the Partner. Following this
step, no data from the project will remain in
disk space or file areas under Applications Group
control. A final written report stating that
this has been done will be transmitted to the
partner representative and to the designated NCSA
management person.
3. Project operation (display and media recording of data
and research information). Security issues in this
area arise from the visual display and media recording
of data and research information and from the
availability of print media containing proprietary data
or information.
a. Display on video workstations. All display of
visual material which must be secure will occur on
video workstations in a secure, locked workspace.
Only those on the Project Validation List will be
permitted entry.
b. Availability of printed material. All
availability of printed material which must be secure
will occur in a secure, locked workspace. This
material will be stored in a locked file cabinet or
desk drawer in a locked office when not in use. The
Partner will specify the printed material to be
treated as proprietary, and the precautionary measures
to be taken when the initial written statements of
security actions required and non-disclosures are
being composed for a particular project. If special
equipment is required, e.g. a locked, fireproof safe,
it will be provided at partner expense.
c. If, during the development of the project,
additional consulting work is required by individuals
not on the Project Validation List, either the
information passed to them will not involve any
technical details of the project and they will not be
exposed to any proprietary data, visual
representations of that data, or proprietary printed
materials, or they will be added to the List by
consent of the Partner on-site representative.
d. The Associate Director of Applications will
manage the "need to know" of Applications staff and
other NCSA staff with respect to Partner projects in
the Applications Group, in consultation with the
Industrial Partner representative overseeing the
project.
Other Applications Security Procedures
The NCSA Applications Group will work to maintain an environment where
security concerns are taken seriously, with the Associate Director and
the Senior Staff setting an example for the rest of the staff. The
Applications Group will respect the security of personal information, as
well as information of strategic importance to NCSA and NCSA's
industrial partners.
* Security will be raised for discussion on a regular basis at meetings
of the Research Council and the Applications Staff
* Security issues will be discussed with new hires, both academic and
non-academic
* Security issues will be discussed with visitors hosted by members of
the Applications Group
* Signing of non-disclosure agreements will be accompanied by a review
of the associated responsibilities
* Security concerns will be discussed at exit interviews with staff
* Security of proprietary software and data will be assured by proper
use of permission shells and file protection
* Applications staff will be trained in correct use of permission
shells and file protection
* Applications staff are housed in the Beckman Institute, and will
follow recommended Beckman Institute security procedures. Please
note that these include locking office doors when leaving the office,
and carrying one's keys at all times, particularly in the evenings
and on weekends.
Appendix 5. Academic and Industrial Relations
Security Policy and Procedures Implementation Plan
The Associate Director has conducted security discussions with the
managers of the group to exchange information on NCSA's policy and
procedures and the steps taken by each manager within their own area.
The Associate Director and managers will continue to review the current
policies and procedures and raise concerns and issues for further change
and improvement to be taken to the Executive Council and the Security
Officer. All security violations and non-compliance situations will be
made known to the Associate Director and the Security Officer.
The following are specific actions and responsibilities.
* The Associate Director will raise security for discussion on a
regular basis at meetings with managers and staff
* Each manager will keep their staff aware and informed of policies and
procedures, and be responsible for security within their own area
* Managers will discuss security with each new employee
* Managers will conduct exit interviews and discuss security aspects
* The Associate Director will work with all NCSA staff to clarify the
nature and purpose of non-disclosure agreements and keep a file of
such agreements. Associate Directors of any staff signing non-
disclosure agreements will receive copies of the agreements.
* The Manager of Training will work with the Security Officer to
conduct staff awareness training sessions on a regular basis.
* The Client Administration group has implemented and continues to
monitor their security procedures related to the handling of signons
and accounts to maintain secure data and to maintain confidentiality
of password information.
* Each staff member will make visitors to the center aware of NCSA's
security policy and procedures. Keys and keycards which are
distributed to visitors will be collected upon their exit.
NCSA Publications Group
The Publications Group is concerned with security of:
* Centerwide presentation materials (electronic or hard copy)
* Source materials for public information and technical documentation
Centerwide Presentation Materials
The Publications Group is responsible for producing major centerwide
presentations, such as the Program Plan Review Panel presentation, Site
Visit presentation, and the Annual Industrial Partners Meeting
presentations.
For presentations that have already been completed, we have assured their
security by reviewing all the existing materials. Materials of proprietary
or confidential nature were deleted from staff hard drives and put on
floppy disks which are locked in a cabinet in room 270 CAB.
For future centerwide presentations, the following steps will be taken:
* All security requests must be specified in writing by the user/client and
signed by the user/client, the Publications Manager and the AD for
Academic and Industrial Relations Program. Unless such a request is
made, work will be done in a non-secure fashion, ie., the work may be
distributed throughout the division and done on several different
workstations at non-secure locations.
* If special security is requested, the following precautions will be
available. The user/client must specify.
� The work in question will be done in the Publications Group staff
offices only. During the project, access to these rooms will be
restricted to Publications group personnel.
� During the project all hard copy and work disks will be locked away
after being worked on.
� Upon completion of such a project, all electronic and hard copy
will either be filed securely by the Publications Manager, deleted
and/or returned in whole or part with appropriate signed
statements that all known versions of the project and related
materials have been disposed of as specified.
Newsletters and Public Information and Technical Materials
The Publications Group will assume that written material submitted for
inclusion in the newsletters and other materials is nonproprietary. If
interviewees or contributors have confidential or proprietary information,
it is up to them to specify in writing to the project editor or note during
the material's review process.
In general, the Publications Group will follow these procedures:
* Illustrative material obtained from NCSA Media Services or the
Visualization Group�It is assumed that copyright issues have been
resolved and the Publications Group is free to include such material in
its publications.
* Background or illustrative material not owned by NCSA�The project editor
will confirm copyright information with the contributor before inclusion
in any publication. The contributor will be required to sign a standard
release form, which has been drawn up with the aid of the University of
Illinois Office of Legal Counsel. If any materials are to be restricted
from dissemination, these must be specified by the contributor to the
editor on the release form. A copy of a form showing restrictions will be
provided by the project editor to the Manager of Publications.
* Technical review�Established review procedures already provide an
opportunity to omit sensitive information from drafts.
* Permission to copy�The Publications Group will continue to ensure that we
have permission to duplicate vendor documents.
INDUSTRIAL PROGRAM CONSIDERATIONS
The Industrial Partners have specific security requirements due to the
nature of their work and our interaction with them. Much of the
research conducted by our partners is highly sensitive and could cause
significant harm to the corporation's competitive position if it were to
fall into the wrong hands. Additionally, much of the work done here by
our partners represents a major investment, and loss of the data or
alteration of the data could cause a major financial loss.
Although it is the responsibility of each partner to identify
proprietary data, it is prudent for everyone to regard all data and
information held by a partner to be proprietary until or unless access
is freely given. Our dealings with partners reflect our sensitivity to
the security of their data.
INDUSTRIAL RELATIONS PROCEDURES
A. REPRESENTATION WITH NCSA STAFF AND WITH PARTNERS
It is the responsibility of the Assistant Director, Industrial Relations
to act as a liaison between the partners and the NCSA Security Officer
in regard to security matters. This includes representing partner needs
and concerns to NCSA and representing NCSA policies and procedures to
the partners. The Assistant Director of Industrial Relations will work
with all NCSA staff to clarify the nature and purpose of non-disclosure
agreements with the corporations and keep a file of such agreements.
Associate Directors of any staff signing non-disclosure agreements will
receive copies of the agreements.
B. IP STAFF TRAINING AND EXIT INTERVIEWS
Each new Industrial Program staff member will be briefed on the NCSA and
IP security policies and procedures within one week of starting work.
This briefing will be documented. These interviews/briefings will
include the legal commitment to safeguard proprietary information after
an employee leaves NCSA. Additional topics include:
Integrity and protection of proprietary material, such as:
-contracts
-non-disclosure forms
-software usage
-planning documents
-correspondence
-project descriptions
etc.
The NCSA IP staff will be trained on handling telephone, correspondence,
and face to face information requests.
C. PARTNER INTERACTIONS
The Assistant Director is responsible for coordinating interactions
between the Industrial Partners and NCSA in regard to security matters.
He is the principal point of contact for the partners when a security
question or issue arises. This does not restrict partner access to the
NCSA Security Officer or to other staff, particularly when timeliness is
important and the Assistant Director is unavailable. Coordination
includes, but is not limited to, the following:
* Coordinate visits by partner security departments.
* Oversight of security provisions in legal agreements and legal
interface.
* Provide briefing for new partner on-site representative on
specific NCSA/Industrial Program security policies and
procedures. Make similar presentations at corporate
headquarters, when requested.
* Support Security Officer investigations of any incidents.
D. PARTNER OFFICE SPACE
Each Industrial Partner is assigned an office space at NCSA, normally in
the Computing Applications Building. Some partners also have an office
in the Beckman Institute. The legal agreement with each partner clearly
establishes that the partner controls access to their assigned office.
Each member of the staff must respect the office as if it were an
extension of the particular corporation's headquarters.
E. SPECIFIC PARTNER REQUIREMENTS
Eli Lilly has specifically requested that anyone representing the
corporation be challenged to produce a corporate identification card
assuring their employment by the corporation or that they be with
someone from the corporation that can attest to their right to have
access to Eli Lilly facilities. Any irregularities should be reported
to the NCSA Security Office, the Industrial Liaison and the primary Eli
Lilly liaison to NCSA.
Anyone using the on-site Eli Lilly office must have such identification
or be cleared by another Eli Lilly employee. Anyone that is within the
Eli Lilly office(s) that is unable to identify themselves in such
manner, shall immediately be asked to leave the office. Such incidents
shall be reported to the NCSA Security Officer, the Industrial Liaison
and the primary Eli Lilly liaison to NCSA.
Visualization Project Security Procedures
This section describes the procedures and policies to be followed
on visualization projects involving proprietary or sensitive data.
The most common type of project of this nature is one with an
Industrial Partner involving confidential information, but any
collaboration may need this degree of protection and it should be
offered to any researcher.
Background
Scientific Visualization is an area in which NCSA has
traditionally excelled and technology transfer in this area to and
from Industrial Partners and other researchers is an ongoing
process. In many cases this transfer is done as a Visualization
Project and most are with an Industrial Partner. The project may
involve people from different groups within NCSA, such as the
Software Development Group, Media Services and the AIRP group.
The Associate Director of AIRP has overall coordination
responsibility for these projects and the Assistant Director of
Industrial Relations or his designee will have day-to-day
coordination responsibility for Industrial Partner visualization
projects.
General description of visualization project activities
with industrial partners or involving sensitive
information.
Visualization activities of this sort involve various meetings
where the research might be discussed, and projects in which
research data is transferred to the visualization computing
environment to be processed into visualization software and
video/film media. Visualization activities will normally occur in
two phases:
1) Strategic Visualization Planning
2) Visualization Project Work
The processes involved in these two phases are summarized below to
indicate where security issues are present, and what is done to
preserve security in the process. The processes are described for
use with an Industrial Partner but are equally applicable to a
project with any researcher if sensitive material is involved.
Strategic visualization planning meetings
In the planning phase meetings are held where the key NCSA staff
members meet with the researcher(s) and/or industrial partner
representatives to discuss strategies for visualization
development. Generally, these meetings do not involve any matters
which are sensitive or proprietary. Occasionally, sensitive or
proprietary information may be discussed. In such cases it shall
be the responsibility of the Industrial Partner to clearly identify
all material that is considered proprietary and subject to non-
disclosure. It is the responsibility of the assigned AIRP Manager
to ensure that all NCSA personnel involved have signed appropriate
non-disclosure agreements.
Security action for Strategic visualization planning
meetings:
1. Determine from the partner or researcher, before any
meeting of this type, whether it will involve security
issues.
2. If security issues are involved, obtain from the
partner or researcher a written statement which
describes the security issue and indicates what action
is necessary to preserve security; non disclosure to
be signed, participation to be restricted, etc.
3. A NCSA staff member will be designated to carry out
the security action. This person will execute the
security action and report in writing the completion
of the action to the Partner and the designated NCSA
management person.
Visualization projects
Visualization projects are activities in which NCSA staff works
with the Industrial Partner to develop and deliver visualization
materials. These visualization materials might be visualization
software and/or film/video media. Projects will always include the
transfer of some amount of data from the Industrial Partner to the
NCSA visualization computing environment. This transfer normally
occurs from an Industrial Partner to a designated visualization
computer file or directory. The data is then transferred to
various storage areas in the NCSA visualization computing work
space, and in most cases, transferred to film/video media.
Visualization projects include the following phases:
1) planning
2) multi-part operation phase which includes:
a) development
b) review
c) execution
d) delivery
Security action for visualization projects:
The Planning Phase normally includes two or more meetings.
During the first meeting:
1. The project will be given a code number which will
include at least the Partner name and a number. This
code number will be used throughout the project in
internal and external communications and planning
tools and documents to identify and track activities
associated with it. No NCSA planning or archive
documentation will include a textual name associated
with the project that might reflect the specific or
general field of study. During this meeting the form
of the final deliverable will also be decided, which
could be software, video data in one or more formats,
or both.
2. Determine from the partner representative, before any
meeting of this type, whether it will involve
proprietary data, concepts or documentation. Any
special security arrangements or precautions beyond
those laid out in this document will be addressed at
the beginning of the first meeting.
3. If security issues are involved, obtain from partner
representative a written statement which describes the
security issue and indicates what action is necessary
to preserve security; non disclosure to be signed,
participation to be restricted, etc.
4. A NCSA staff member will be designated to carry out
the security action. This person will execute the
security action, and report in writing the completion
of the action to the partner representative and to the
designated NCSA management person before any
subsequent meetings or planning occur.
5. A list of participants for the project is drawn up.
This validation list includes both NCSA and Partner
personnel. It is to include all individuals who will
have access to any of the information through the
planning and execution of the project. It may only be
amended by signed common agreement between the Partner
and the cognizant NCSA manager. A review of the
participant list is done at the final planning
meeting, with individuals added or removed as
necessary.
6. There may be additional planning meetings before the
operation phase begins. At any of these meetings
additional security issues may be raised as the
project takes on its final form. Any new issues will
be handled as during the first meeting.
Multi-part operation phase (development, review,
execution, and delivery).
This phase involves obtaining access to Partner research
data-sets which are then analyzed and manipulated by a
variety of software and hardware tools to create a visual
representation of the data. The majority of this
development is performed on Silicon Graphics systems
(computers and disk file systems) located in the Computing
Applications Building. In addition, some work may be
performed on Numerical Lab machines in the Beckman
Institute.
In general, the data sets from the researcher are
transferred into visual form by passing them through sets
of filters, operated on by software packages, and
producing three dimensional visualizations consisting of
sets of image frame data files which are combined to form
animations. In some visualization projects, the final
product is a set of filters or some software custom
developed by NCSA to operate on the specific datasets.
Security issues in this phase involve access to data, as
well as exposure to concept/information. In this phase,
visual display of data (visualization) as well as
text/graphic annotation exists with video terminal/monitor
display, and on film/video media.
1. General
a. Determine from the partner representative, before
this phase, whether it will involve security
issues.
b. If security issues are involved, obtain from the
partner a written statement which describes the
security issue and indicates what action is
necessary to preserve security; non disclosure to
be signed, participation to be restricted, etc.
c. A NCSA staff member will be designated to carry
out the security action(s). This person will
execute the security action(s), and report in
writing the completion of the action to the
partner representative and to the designated NCSA
management person. This will include a list of
personnel with need for access to data and
information.
2. Project operation; data access and handling. The
NCSA responsibility for data begins when the data is
transferred from a Partner controlled storage area to a
NCSA visualization disk space. The partner controlled
storage area may be the NCSA Mass Store System or a
storage system at a corporate site. All systems on which
visualization development is performed are administered
by NCSA, including the Visualization SGI systems,and the
BI SGI systems.
a. Appropriate access permissions to visualization
group disk space is assigned to the industrial
partner (as a group). Only designated partner
personnel and visualization group personnel with
need for access to this data (validation list
discussed above) have permission to this group.
No one else has access to this space.
b. Partner personnel perform all required data
transfers from Partner data spaces to the NCSA
visualization file areas. At no time are NCSA
personnel given any access permissions to
Partner data, file systems, directories or
files.
c. NCSA visualization personnel with need for
access to this data are listed (as under c
above), and will have been cleared through the
appropriate security action.
d. During the production phase, some data will be
temporarily stored in directories and files in
the NCSA Mass Store System. Such MSS space will
be accessible only to those individuals on the
Project Validation List. Likewise, because the
MSS access requires staging on Cray disk, the
scratch file areas used for this staging will be
accessible only by those same individuals (or
fewer).
e. At the end of the project operation, all data
will be moved to partner designated space in the
Mass Store System. This can again be performed
from the Partner side, with no access to other
Partner data, directories or files given to NCSA
personnel in order to carry out these moves.
Following this step, no data from the project
will remain in disk space or file areas under
NCSA control. A final written report stating
that this has been done will be transmitted to
the partner representative and to the designated
NCSA management person.
3. Project operation (display and media recording of data
and research information). Security issues in this
area arise from the visual display and media recording
of data and research information.
a. Display on video workstations. All display of
visual material which must be secure will occur on
video workstations in a secure, locked work space.
Only those on the Project Validation List will be
permitted entry.
b. If, during the development of the project,
additional consulting work is required by
individuals not on the Project Validation List,
either the information passed to them will not
involve any technical details of the project and
they will not be exposed to any data or visual
representations of that data, or they will be added
to the List by consent of the Partner
representative.
c. Recording on film and video media. (This occurs
within the media service activity and security
issues are described in the media service security
procedure. Refer to this document.)
4. Project operation (completion and delivery). When the
project is complete and the final products are ready
for delivery to the partner, a memo to this affect
will be prepared and signed by both the NCSA staff
member assigned to the project and a partner
representative. This memo will explicitly state that
all proprietary or sensitive files or data has been
returned to the partner or destroyed. Delivery of
film and video media will be as described in the
Scientific Communications and Media Systems section.
(Appendix 6)
---Appendix 6---
Scientific Communications and Media Systems (SCMS)
SCMS produces scientific communications (comprising of Video Programming and
Communications Graphics) and also processes computer imagery to different
media. Security issues for each apply to the other as projects cross between
these two general areas.
General Policy and Practice
* The SCMS Co-Directors (David Curtis and Donna Cox) will be responsible
for discussing NCSA and group security policy with group staff.
* Guidelines will be drawn up covering the following:
� When to lock rooms.
� What materials to lock up, i.e., sensitive materials when not in
use.
� When to avoid putting materials in mailboxes.
� When to hand-deliver.
* The Co-Directors will be responsible for exit interviews, including the
collection of keys (and keycards and photo IDs).
* The Co-Directors will collect security document acknowledgment.
* The Co-Directors will report to the Security Officer and/or the EC any
non-compliance.
* Staff will participate in appropriate training as offered or required.
Copyright will be confirmed with groups providing material for all
illustrative materials (still pictures, transparencies, video) obtained
from them before such materials are included in any NCSA press releases or
other printed or electronic publicity material or video programming. If
necessary (i.e., if such materials are not owned by NCSA or do not reside
within the public domain), written permission to reproduce any such
materials will be first secured from the copyright holder. In most cases,
a standard release form will be provided for this purpose.
Three standard release forms have been drawn up with the aid of the
University of Illinois Office of Legal Counsel to formalize permissions to
use illustrative materials or footage shot on location:
� Participant release for location taping, including on-camera
interviews
� Release for use of videotape or film
� Release for use of illustrative materials (prints, slides, etc.)
Apart from securing necessary clearances by using these releases, or by
obtaining other written permission as appropriate, SCMS will from time to
time review all potentially proprietary materials possessed by the group.
If materials of an actual proprietary or confidential nature are found and
written permission to retain them had not been previously secured from the
source(s), the source(s) will be contacted as to how to dispose of such
materials.
The following options are available to such sources:
For text and graphics:
* Return or delete and/or shred the materials in question.
* Return or delete and/or shred the materials except for a single hard copy
which will be retained and securely stored by the SCMS group.
* Return or delete and/or shred all materials except for a single
electronic copy and a single hard copy version. These are to be retained
and securely stored by the SCMS group.
For videotape:
* Return or erase the material in question.
* Return or erase the material except for a single copy which will be
retained and securely stored by the SCMS Group.
In each of the above cases, the return/deletion/erasure of the materials,
complete or partial, must be acknowledged in writing by the source of the
materials and by one of the Co-Directors (David Curtis or Donna Cox).
As a general guideline, other than periodic review of potentially
proprietary materials and securing clearances, the SCMS group will
take no special security measures unless requested. In
general, it is up to the source of information to request special
measures and to specify appropriate restrictions on the dissemination of
sensitive information. When such a request is made, it must be done so
in writing and appropriate signatures affixed. Special security
measures and options are listed below.
Scientific Communications
a) Video Programming
The Video Programming staff of the SCMS group produces video programming
aimed at the research community as well as NCSA partners and funders and
the public at large. As such, we are responsible for providing accurate
communications to NCSA�s disparate constituencies.
We are concerned with security in two chief areas:
1. Security of primary source materials, both text and images. These
include:
- presentation materials (electronic or hard copy),
- source materials (background data, slides, stills and videotapes
from industrial or strategic partners or from within NCSA, e.g.,
Program Plan materials)
- location footage to which access is restricted.
2. Security of information
Both areas will be reviewed in relation to:
- Use of footage or visualizations
- Distribution of programming that incorporates the above materials
Security in both areas are addressed by three complementary approaches:
* Technical review of draft text, scripts and video programming. Programs
are normally put out for review to key participants. If an industrial or
strategic partner is featured, the program must be reviewed by the AIR
Associate Director and/or the NCSA Corporate Officer and/or the partner
and/or its public relations agency, as requested by and/or negotiated
with the partner concerned.
* Where appropriate, non-disclosure agreements and restricted access to
materials or areas where such materials are being stored and/or worked
on.
Illustrative materials for distribution to the media will be handled as
follows:
� Copyright/ownership of all illustrative materials will be first
confirmed with these sources before public dissemination. Most
video animations and graphics processed for academic researchers by
SCMS have already been cleared for general audiences. If
necessary, though, written permission(s) will be obtained in
advance from the copyright holder(s).
� A standard release form will be provided for such permissions (see
above). Owner signature of the release will constitute permission
to use the materials in question for the purpose(s) stated in the
release.
It is up to the owner of the footage or materials to otherwise
qualify, in the release, the conditions under which the said
footage or materials can or cannot be used for public information
purposes. Alternatively, such restrictions must be specified in
writing on a separate contract that, by mutual agreement, addresses
each restriction. If necessary, SCMS will reserve the right to
first consult with the University of Illinois Office of Legal
Counsel before agreeing to such restrictions.
� If requested, materials (tapes, slides, print data) will be stored
securely in B69 CAB, and for proprietary materials, in the General
Industrial Cabinet in B69. Footage restricted for screening only
will be returned without any prior duplication. Upon being named
in writing, such tapes will not be allowed out of the secure
locations except for essential processing (e.g. on-line editing).
At the end of each on-line edit session, named tapes will be
returned to the secure locations or to the source, according to
his/her written request.
* Appropriate location taping clearances
� If the participant or organization signs an NCSA participant
release form, his/her signature shall indicate permission to use
the footage of him/her and/or his/her organization without any
restrictions whatsoever.
� It will be up to the interviewee or organization being videotaped
to specify (1) what can and cannot be taped or included in a
program and (2) to request any special editorial measures. Each of
these must be requested before or at the time of taping, but no
later. Any such request must be confirmed in writing to the
producer and/or either of the SCMS Co-Directors within five (5)
days of the location taping in question. If necessary, a special
location taping agreement will be negotiated with the help of the
University of Illinois Office of Legal Counsel.
b) Communications Graphics
This area is covered by same procedures as outlined below for Media
Processing.
Media Processing by SCMS
One or two SCMS staff would be involved in pre-planning meetings for
industrial projects. One or more SCMS staff would have main
responsibility for the project�s execution. However, all SCMS staff
would potentially be involved in viewing, displaying, recording or
duplicating images during the lifetime of a project, as well as after
completion of a project. This is to provide maximum efficiency in
handling workload, both the partners� work and other work running
parallel to the partners�.
There are three major activities that occur under the media processing
umbrella. These include:
1) Initial mastering of project development sequences
Sets of files representing short animation sequences are
transferred to videotape. This occurs by loading a Silicon
Graphics frame buffer (with optional enabled monitor) located in
the B71 media lab. Frames are sequentially loaded to the frame
buffer and then read into the Abekas, also located in B71. From
the Abekas, frames and sequences of frames are "played" onto D-1
digital tape in real time. This becomes the "Project Worktape"
referenced below.
2) Edits and/or compilation of sequences into delivered pieces
During the development process, short mastered sequences are
edited and compiled into longer pieces for viewing by project
personnel. At the completion of the project, the final
production program is built in this way. This involves tape-to-
tape copy operations and optional additional use of the Abekas
for editing new sequences of the previously mastered material.
It may also involve electronic text generation. These tapes are
referred to as "Project Edit Master Tapes" and may be copied to a
"Project Compilation Master" at the completion of a project.
3) Video duplication and film
This is, in general, completely separate from the development
process, although it may also occur within a project. The SCMS
group responds to requests from researchers and groups within
NCSA for copies of videotapes and production of slides. People
may send data files or videotapes to SCMS and request film
recording or duplication. If the data or tape does not relate to
a previous project, it will be considered a new project.
For film, SCMS staff will transfer the data to a film recorder,
expose the film, and have the film processed by an independent
lab. One may elect not to send the film to the independent lab.
This should be indicated in the Security Statement described
below.
Security measures with regard to video and film
(The following deals with Industrial Partner work. Any other work will
be considered non-sensitive in nature unless specified as sensitive by
the requesting party.)
A "project" is considered to be any type of job request from an
Industrial Partner or Industrial Program staff person.
A "designated Industrial Partner Representative" is someone to whom the
official Industrial Partner On-site Representative has given authority
to sign the project forms described below. There should be a limited
number of these people, who will be designated in a letter of
understanding between the Partner and SCMS.
* For industrial partner work, a Security Statement form, indicating
security issues involved with a project, will need to be filled out with
SCMS before any display or recording of the related images takes place.
Indication will be made of any code words that should be used when
referring to the project.
The Security Statement may grant other people, including NCSA staff,
authority to view the material or request duplications, etc.
The statement may, of course, say that a project contains no sensitive
material, and is viewable by the general public.
* There will be a Project Validation List indicating who can view the
material during the course of a project.
All SCMS staff should be on this list. If all SCMS staff are not on
this list, along with anyone else who has a key to the General
Industrial Cabinet, then tapes and materials for this project cannot be
stored in this cabinet.
All SCMS staff and a limited number of other NCSA staff users of the
media facility will have keys to the General Industrial Cabinet.
* Any non-disclosure forms required by the Industrial Partner will also
be signed by all people on the Project Validation List and filed before
disclosure of sensitive project information.
* There will also be a Sensitive Tape and Data Location List, listing
sensitive tapes in existence for that project and where they are stored.
This list should be updated when the storage location of a tape changes.
For example, if, at the end of a project, a tape's location changes from
SCMS to the partner, this would be noted.
* Only designated Industrial Partner representatives, or others
indicated in the Security Statement, will be able to authorize
duplications of their company's material. Duplication Request Forms
will be filled out.
* Erasure of material will be authorized by the designated Industrial
Partner representative by completing an Erasure Authorization Form.
Magnetic erasure will be sufficient.
* In summary, the forms which may be needed in any given media job are:
Before start of project:
Summary cover sheet
Security Statement
Non-disclosure forms necessary
Project Validation List
During project:
Changes to the above
Sensitive Tape and Data Location List
After completion:
Duplication request
Erasure authorization
The above forms will be kept in one folder per project.
* Each industrial partner will have one work D-1 videotape and one
master videotape (betacam or D-1) per long-term project. Over the
course of a year, they will also have one or more compilation D-1
videotapes and betacam dubs of these D-1 videotapes, containing only
their own material.
In more detail, the set of tapes and operations on them include:
Partner Project Videotape Archive, located with Industrial Partner,
though some tapes may stay with SCMS during a project.
1) New (blank) "Project Worktape" allocated (D-1)
New (blank) "Project Worktape Protection" allocated (Betacam)
a) Worktape used to collect video material during project.
b) Worktapes stored in secure SCMS area throughout project
process. Industrial Partner may elect to always keep tape with
them. Only persons on Project Validation list will have access to
secure area.
2) "Project Edit Master Tape" created at culmination of project
(Betacam or D-1).
3) At project completion:
a) Dub "Project Edit Master Tape" to "Project Compilation Master"
then from there to "Project Compilation Master Protection tape".
b) Transfer the following tapes to Partner Visualization Project
Archive:
1) "Project Edit Master"
2) "Project Worktape"
3) "Project Worktape Protection tape"
* These tapes will be kept with the on-site industrial representative
and brought to each work session as needed, or the tapes can be locked
in the General Industrial Cabinet within a locked room at SCMS. The
latter can be done only if the Partner puts everyone with a key to that
cabinet on the Project Validation List.
* Text or audio generated electronically will not be left on internal
disks in unsecured rooms. Floppy disks will be locked in the General
Industrial Cabinet within SCMS facilities or kept with the designated
industrial partner representative. The existence and locations of these
disks will be indicated in the Sensitive Tape and Data Location List
mentioned above.
* All industrial partner image display and recording will occur within
locked, marked rooms. Only people on the Project Validation List will
be present. If all displays of sensitive material are disabled, other
people may be present for supervised periods of time. People with keys
to these rooms will be limited to SCMS staff, a limited number of other
NCSA staff, certain Facilities staff and janitorial staff. There will
be signs indicating "Closed session: Do not enter" to notify someone who
is not on the Validation List of the sensitive nature of the work going
on inside.
* Inter-company material of a sensitive nature will be kept on tapes
separate from other material from the same company. It will be up to
the designated industrial partner representative who signs the Security
Statement to notify SCMS of such a project. These tapes will be kept
with the on-site industrial representative or, for in-progress material,
in the optional manner described above.
* Tape cases will not contain sensitive nomenclature. Labels will at
most contain a partner name, project numbers and any code words put
forth in the Security Statement.
* All the above also pertains to film output. Exposed film and
developed film will be locked up until delivered to the processor or
until the industrial representative comes to pick it up. If film
materials cannot be delivered to the independent lab, this should be
stated in the Security Statement.
* The SCMS group responsibility for data begins when data is transferred
from the CFS to Media group disk space. All systems on which SCMS work
is performed are administered by NCSA.
* Appropriate access permission to SCMS group disk space is assigned to
the industrial partner (as a group). Only designated partner personnel
and SCMS personnel with need for access to this data (Project Validation
List discussed above) have permission to this group. No one else has
access to this space.
* During the production phase, some data may be temporarily stored on
SCMS group CFS space. Such CFS space will be accessible only to those
individuals on the Project Validation List. Likewise, because CFS
access requires staging on Cray disk, the scratch file areas used for
this staging will be accessible only by those same individuals.
* Partner personnel perform all required data transfers from Partner
data spaces (on supercomputer disk or CFS) to the SCMS file areas. At
no time are personnel other than authorized system administrators given
any access permissions to Partner data, file systems, directories or
files.
* At the end of the project operation, all data will be moved to partner
designated space on CFS. This can again be performed from the Partner
side, with no access to other Partner data, directories or files given
to NCSA personnel to carry out these moves. Following this step, no
data from the project will remain in disk space or file areas under SCMS
control. A final note on the Sensitive Tape and Data Location List
stating that this has been done will be made.
Appendix 7 Administration
SECURITY PLAN IMPLEMENTATION
*Distributed Decision Environment - Dissemination of Responsibility to
Managers
*Managers to be responsible for discussing policy with employee
*Managers to be responsible for exit interviews, including
collection of keys, keycards, and photo id cards
*Administration Involvement
*Collection of security document acknowledgement, reports to
Security Officer of any noncompliance
*Administration, maintenance, and security of keys and keycard
records
*Administration of combination changes for the Computing
Applications Building
*Administration of changing locks, and reordering and
disseminating keys, in conjunction with Facilities and the Security
Officer
*Administration of locking/unlocking basement corridor doors to
the Computing Applications Building, and unlocking OS CAB doors when
needed
*Administration of ids for staff and visitors
*Participation in training in conjunction with Security Officer
*Close involvement with Security Officer and reporting of any non-
compliance to Security Officer
*Administration Implementation
*Additional tracking mechanisms and reporting systems to be set up
