Skip to content

ProtectUs: System-Wide Cybersecurity Initiative

Overview

In February of 2024, the University of California Office of the President (UCOP) sent a letter to each campus Chancellor calling on them to review and respond to a request for several cybersecurity enhancements by May 2025. At UC Merced, the Office of Information Technology (OIT) has elected to call this effort ProtectUs: System-Wide Cybersecurity Initiative. For the convenience of our community members, we will be collecting and sharing information and updates about this effort here.

OIT is committed to demystifying as much as we can about this effort, and we hope ProtectUs and the rest of the materials provided here help lay a foundation on which we can build a safer and more secure university. If you have any questions, comments, or concerns, IT seeks to gather campus feedback at every stage. Don't hesitate to contact us using our feedback form.

Background

In Februrary of 2024, UCOP sent a letter to the Chancellors of each UC campus location that outlined 6 information security requirements the entire system would have to meet no later than May 28th, 2025. These requirements are as follows:

  1. Ensure 100% cybersecurity training compliance for all staff, student staff, and faculty.

  2. Ensure timely escalation of cyber security incidents

  3. Ensure identification, management, and vulnerability assessment of all computing devices connected to university networks

  4. Deploy and manage Endpoint Detection & Response (EDR) software on 100% of University owned computing assets defined by UC EDR deployment standards

  5. Deploy, enable, and configure multi-factor authentication (MFA) (better known as Duo at UCM) on 100% of campus email accounts with established UC MFA configuration standards

  6. Deploy and configure a robust data loss prevention (DLP) solution for all health email systems to mitigate unauthorized data exfiltration. (Not applicable to UC Merced at this time.)

In response, UC Merced's Chancellor has tasked the Vice Chancellor, Chief Information Officer (VCCIO) and Chief Information Security Officer (CISO) with ensuring UC Merced meets these requirements by the deadline.

Under CISO's direction, OIT has created three project streams that will take on one or more of the five requirements listed above. These teams are as follows

Asset Management (ASM) - Requirements 3 & 4 - This team, comprising IT network engineers, cybersecurity experts, user experience analysts, service desk technicians, and procurement members, is well-equipped to handle the task at hand. They are charged with developing the processes by which UC Merced procures and instantiates computing devices purchased and/or owned by UC Merced. Their goal is to map out and reimagine the existing process to make it more straightforward, consistent, secure, and automated. The NAC team will use outcomes from this group to support Requirement 4.

Network Access Control (NAC) - Requirements 3 & 4 - This team is comprised of IT network engineers, cybersecurity experts, user experience analysts, and service desk technicians. They are charged with identifying the technology that will become UC Merced's EDR solution, developing the criteria and technology solutions for authenticating devices to the campus network (wired & wireless), and ensuring that devices with security vulnerabilities are swiftly quarantined and remediated.

Identity Management (IDM) - Requirements 1 & 5 - This team is comprised of IT identity management developers, user experience analysts, service desk technicians, and members of human resources. This team's first goal will be to explore the necessary steps to coordinate with campus community members using accounts that utilize email and do not have Duo already enabled. The second goal is to investigate and develop tools to help UC Merced reach 100% cybersecurity training compliance, including alerts and potential account lockouts for those outside compliance.

What You Need To Know Today

Watch the First ProtectUs Townhall

Like many of the other UC campuses, UC Merced is deep within the exploration phase. Many ideas are being floated, and there is much movement around developing solutions to share with the community. OIT asks that you keep your eyes peeled for our next updates on this project. We look forward to providing more information as it is made available. 

For now, there are a few ways to be prepared:

  • First, let us know your thoughts. We will attempt to incorporate campus feedback as we know many of these initiatives will be a first for UC Merced. Feel free to send us any comments, questions, or concerns via our feedback form.
  • The second is checking out our glossary page. OIT will be discussing a lot of technically driven information, and we want the campus community to be prepared when we do so. There, you will find definitions for pieces of this project and general IT terms you might have or will run into when engaging with us.
  • Lastly, check out the ProtectUs webpage. ProtectUs is the culmination of all of the services, resources, and efforts that protect UC Merced, including the efforts you just read above. Once this project is over, the outcomes from this initiative will be collected and document there.

Last Updated: 11/8/2024