Our currently decentralized campus network is moving to a unified, centrally-managed network service model to increase cybersecurity measures and provice a consistent user experience across campus.
We are performing an assessment of existing network equipment, upgrading and standardizing as needed, and improving help desk support. Centralizing the network enables future segmenting capabilities, ensuring only devices that have not been compromised by cyber threats will have visibility to UCSB's most sensitive data. To comply with a new University of California systemwide mandate, this work must be completed by May 2025.
ITS leadership engaged in extensive consultation with executive groups, and the consensus was a unified UCSB network service is the right solution.
Upcoming Unified Network Events
You’re invited to participate in virtual and in-person forums to learn more about Secure UCSB: the university’s initiative to improve cybersecurity and comply with a new University of California systemwide mandate.
Join Shea Lovan, Chief Technology Officer and Jackson Muhirwe, Director of Information Assurance and Chief Information Security Officer as they discuss upcoming changes to UCSB’s network services with Kevin Schmidt, Director of Network and Communications Services and Ben Price, Associate CIO, Administrative Services.
Network Security: Virtual Forum
Tuesday, Oct. 22 @ 11 a.m.
Webinar recording
Network Security: In-person Forum
Wednesday, Oct. 30 @ 10 a.m.
Location: Corwin Pavilion
Light refreshments will be provided
Plan ahead for network outages
Some buildings will experience outages as a result of network equipment updates. Faculty, students and staff should review the schedule below and plan around any short-term outages. Please note that finals week and other critical dates will not be impacted. We are doing our best to minimize impacts to instruction and research.
Review the schedule below displaying any building network outages in the next 14 days.
Frequently Asked Questions
In February 2024, UC Office of the President (UCOP) issued a mandate for all campuses to improve their network infrastructure’s cybersecurity posture. In order to do that, UCSB must standardize and centralize its network operations.
The project is divided into four phases:
- Network Location Discovery: Understanding the current state of network infrastructure.
- Assessment and Planning: Once we have the data from the discovery phase, we can collaborate with network leads to determine the scope of work (e.g. what equipment needs to be procured and remediation efforts). Depending on the scope of work, areas will be categorized as either red, yellow, or green.
- Red areas: require remediation before network upgrades can be done
- Yellow areas: upgrades can be done without remediation, but it may not be ideal, and future work is needed to properly address issues
- Green areas: upgrades can proceed immediately
- Perform Upgrades: Once the plan is finalized, the project team will coordinate with network leads to schedule the work and communicate with impacted populations to minimize disruptions.
- Network Segmentation: This allows us to put traffic on different "lanes" in the network depending on usage and data access. If there is a breach in security, only that particular "lane" is affected.
Network segmentation is a network security technique that divides a network into smaller, more manageable subnetworks. Each subnetwork acts like its own network, allowing for more control over traffic flow and security. Segmentation reduces network congestion, improves cybersecurity by limiting how far an attack can spread, and can stop harmful traffic from reaching devices that are unable to protect themselves from an attack.
Faculty, students, and staff will see a consistent network experience regardless of location across campus, which includes a centralized service support request model. A centrally managed network also allows for more proactive security measures through segmentation capabilities.
In the short term, the network transition work will include updating equipment in buildings across campus. The scope of that work is still being mapped, but we expect outages of varying time frames depending on the extent of remediation needed in each building. The long-term goal is to move away from “unmanaged” network equipment across campus. Students, faculty, and staff wishing to buy equipment that connects to the network will have to coordinate with their local IT groups in order to ensure all network-related equipment is accounted for, has appropriate configurations, and can be supported through a centralized service model.
We're in the process of assessing all buildings and determining the scope of work needed to upgrade the network and communications equipment. We will publish a schedule of network outages once they are determined and communicate this information periodically through multiple channels.
Because of the UCOP mandate’s aggressive deadline (May 2025), we have had to move quickly to find compliant solutions. We recognize the incredible expertise of our colleagues across campus, and want to hear from you on how we can improve the implementation of these solutions within the timeframe provided by the mandate. Please reach out to secure-ucsb@it.ucsb.edu.
Network leads should work with ITS to complete the equipment assessment as soon as possible. Once we know more, we’ll be able to address specific concerns for more complex configurations. Please contact Shea Lovan (salovan@ucsb.edu) if you have any concerns.
No, though there may be a few exceptions (i.e. HPC cluster interconnects).
It's important to include any equipment that has connectivity to the campus network. We may not end up replacing or upgrading certain components, but the more we know about it, the more we can understand the existing infrastructure and plan for the future. We do not want to degrade capabilities. The more we can understand the full picture about what exists currently, the more informed we are as we determine next steps.
No, the management of network equipment will be part of the centralized network service. Requests to enable or reconfigure ports will be facilitated via ServiceNow.
Initially, this will be the case. However, as the campus transitions from departmental networks to policy-based networks, this capability will go away. Instead, requests for UTM changes associated with specific services may be made via ServiceNow.
Don't see your question?
Submit it below, and we can address it at upcoming forums and add to the above.