Chancellor Griffin: Over the weekend I conferred with USDN scientists and engineers. We have just wrapped up our discussions. The issue on my mind was USDN’s statement that there was more than one transmission point in our network. We have turned off, and USDN has analyzed, one of the 200 systems of interest on the network. With the new semester starting I wanted to be able to assure our students and employees that their information is safe and secure going forward. We have developed a technical solution to ensure that no additional unauthorized data transmissions will be allowed to leave the District’s network. This plan will do four things:

1. Immediately secure the network from any further loss of information 2. Contain the current threat and allow us time to eradicate the viruses within the network 3. Allow us time to re-design the network and eliminate the points of vulnerability 4. Give comfort and assurance to the student and employee population that steps have

been taken to ensure the security of their data

The plan will also strengthen our existing defenses against external cyber attack The plan is as follows. We will install a trap at the network’s egress point. This trap consists of purchasing equipment that will allow active 24/7/365 monitoring of our network. Once any anomalous data transmission is detected, it will be quarantined, the source identified and the virus neutralized. Given the size of the District’s network, this initial part of the remediation plan is considered to be the most practical option for an immediate effective solution that will provide for the safety and security of our students’ and employees’ information. This means that student financial transactions, such as paying fees, will remain secure. USDN will provide the detection, identification, and neutralization recommendation services, CCSF staff will locate the anomalous source and assist in the neutralization. CCSF staff will also clean any system identified and will restore the system to its initial image state. Data files will be preserved by CCSF staff and will be scanned to ensure the files are virus free. Under my direction the design of this technical solution was architected over the weekend and we are prepared to proceed. Logistics of the plan.

1. Equipment. A total of four servers are required. The estimated cost of this is $10,000 not including taxes and overnight delivery.

2. Software. USDN will provide the software. 3. Remediation Services. For the short term, remediation to any transmission or penetration

event will be provided by USDN staff. Understanding the importance of getting this plan in place quickly, Mr. Castillo has agreed to waive their 24/7/365 service fee until March 1, 2012. After that, their service fee will be at a rate to be negotiated. Of course, we could always go out to bid. We also agreed, however, that this level of service does not necessarily need to be for a prolonged time. Once the viruses have been tackled on the network, the services can be cut-back since we will then have good control of the situation. This will also reduce costs. It is estimated that services at this level would take 6 - 9 months.

During this time, a mini-security operations center (SOC) will be established in the CCSF technology administrative office for greater visibility into District network security operations.

Page 1 of 2

1/26/2012https://bat-gw3.ccsf.edu/gw/webacc/7b97fda5df8f8fccf033533ecbf98a387d86f153/GWAP...

We are currently waiting to get equipment quotes for the servers we need. Once obtained, and this plan is approved, we will order the equipment on Tuesday. Using overnight shipping the equipment can be on site by Wednesday. It will then be installed and operational with two hours of receipt. Please review and approve this plan and authorize the equipment purchases. Please call me with questions. David

Page 2 of 2

1/26/2012https://bat-gw3.ccsf.edu/gw/webacc/7b97fda5df8f8fccf033533ecbf98a387d86f153/GWAP...