<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#ffffff">
<b>Cyber Event Discussion: CEBAF Center Auditorium, 12:00 noon,
Friday, 7/8; seating as available.</b><br>
<br>
<b>By 5:00 today, Thursday, 7/7: Save your work and log off; leave
you computer powered up. </b><br>
<br>
All Staff and Users, <br>
<br>
<div>For the cyber event we are working through, following is status
information, changes and updates for this afternoon , 7/7 ~4:00
pm:<br>
</div>
<ul>
<li>IT Division Staff are rebuilding the Windows Domain and
compromised servers.</li>
<ul>
<li>The new Windows domain will be re-architected with
additional security enhancements.</li>
<li>All new servers are being rebuilt using the latest versions
of operating systems.</li>
<li>Desktop administration privileges will be removed for all
users.</li>
</ul>
<li>A new network architecture is also being implemented</li>
<ul>
<li>Key aspects will be deployed immediately with other changes
being deployed during the 6 month down. </li>
<li>The Accelerator, Experimental Halls and FEL will be more
isolated from the rest of the site and from each other.</li>
<li>Two-Factor authentication gateways will be deployed between
these networks and the rest of the Laboratory.</li>
<li>Web and Email access will be via Terminal Servers or Central
Linux systems.</li>
</ul>
<li>After the cut-over to the new Windows domain, we will move
forward bringing additional elements back on line. <br>
</li>
<ul>
<li>Identify, rebuild compromised desktops and user systems</li>
<li>Restore Internet connectivity.</li>
<li>Bring offsite web servers back online.</li>
<li>Bring remote access (ssh) back online after compromised
systems have been identified and contained, and passwords have
been changed.<br>
</li>
</ul>
<li>Changes impacting staff and Users<br>
</li>
<ul>
<li>Staff and Users will be required to change their passwords.
Instructions will be provided.<br>
</li>
<li>Internet access from onsite will be made available via
central Terminal Servers (Windows) and Linux systems.</li>
</ul>
<li>Questions?</li>
<ul>
<li>There will be an informal presentation on the cyber attack
at 12pm (noon) on Friday in the auditorium, which will include
time for a question and answer session. Remember any questions
from the media are to be referred to Public Affairs. <br>
</li>
</ul>
</ul>
<div>Additional information:<br>
<ul>
<li>Currently available services and connectivity will remain as
they are until 5:00 pm today, Thursday, 7/7.</li>
<ul>
<li>Shortly after 5:00 pm Thursday, 7/7, Windows central
services will be offline briefly. <br>
</li>
<li>IMPORTANT: save all work prior to 5:00 pm.</li>
<li>Windows users: log off but keep your systems booted up and
connected to the network for the evening.<br>
</li>
</ul>
<li>Smartcard users: either come to the helpdesk anytime after
7:15 am Friday, 7/8 or come to the VARC lobby any time after
7:15 am 7/8. <br>
</li>
<li>All users: anticipate needing to reboot the morning of
Friday, 7/8 and changing passwords. </li>
</ul>
<ul>
<li>Web applications such as Insight, reqs, staff search, etc.
are expected to be up mid day, Friday 7/8. <br>
</li>
<li>Web application such as DocuShare for off-site available
files, publications, LQCD, etc. will then be brought back up.
</li>
</ul>
Additional information will be made available as updates occur
using to the following link (on site only): <br>
</div>
<br>
<a href="http://www.jlab.org/status/">http://www.jlab.org/status/</a><br>
<br>
Contact the helpdesk for any issues: <a
href="mailto:helpdesk@jlab.org">helpdesk@jlab.org</a>, 7155<br>
<br>
Roy Whitney <br>
Chief Information Officer <br>
</body>
</html>