Jisc works with the National Cyber Security Centre to protect UK education

Joe Pitt

Intelligence sharing is key to making the UK the safest place to learn online.

Colleagues discuss cyber issues in an office.

When it comes to education, cyber security's core function is to maintain a safe digital environment for staff, students and users.  

That means protecting a huge amount of data, including student and staff records, financial information and valuable research data – much of it personally identifiable.

It’s clear why the education sector is a prime target for cyber-crime.

It’s a task that’s made ever more difficult by the sheer number of devices accessing the network. Add to that the rise in blended learning and mass migration to the cloud, and it’s clear why the education sector is a prime target for cyber-crime. 

How do we stay ahead of the hackers? 

Our increased reliance on connected devices means a drastic increase in risk for threats like phishing, malware, data theft and distributed denial of service (DDoS) attacks, making cyber-security in education a significant challenge. 

And it’s a challenge that changes daily as new and ever more sophisticated cyber-threats emerge to endanger our data.  

So how do we combat these threats? 

Intelligence sharing is key 

One of the great strengths of the UK’s cyber-security ecosystem is the established collaboration between a wide range of agencies and organisations on sharing intelligence.  

As the digital services provider for academia and operator of the national research and education network, Janet, Jisc has the ability to view threats across all our connected community. This early insight allows us to improve proactive threat mitigation.  

Working with the NCSC 

Jisc works closely with the National Cyber Security Centre (NCSC) to help create and maintain the most secure environment possible for learning online.  

The NCSC provides us with actionable threat intelligence which we use to continuously improve the ability of Jisc’s security services to address the dynamic threat landscape.  

Its analysis, along with data derived from the service it provides as part of the government’s Active Cyber Defence capability, helps keep that protection as current as possible. 

Intelligence sharing is reciprocal: we provide feedback to the NCSC about hits on the intelligence they provide to us, which enables its experts to understand what impact their data is having and, if needed, release further context to us so that we can protect our connected community. We also alert them to any significant or unusual incidents that we detect. 

Prevention is better than cure 

The first of Jisc’s services to benefit from this exchange of intelligence is the Janet Network resolver.  

JNRS protects all colleges, universities and research institutions who have actively registered for the service. It safeguards any devices that connect to their network – including students’ own devices and anyone using the guest wifi – by blocking access to malicious or compromised websites.  

To do this, Jisc’s security analysts and specialists work closely with the NCSC, as well as other security researchers and sources of security reports, to create response policy zone (RPZ) feeds. These feeds are continuously updated, ensuring that JNRS is able to adapt to address emerging threats. 

Reporting, response and remediation 

When either Jisc or the NCSC detects an incident that poses a threat to the security of our members' information systems, Jisc’s computer security incident response team (CSIRT) is alerted. This triggers the team’s standard incident response activities, helping the affected member to investigate, contain and remediate the problem. 

Information security threats are not, however, limited to particular networks or national boundaries, so we work with other CSIRTs across the UK, Europe and the rest of the world to manage and resolve incidents. We also assist national and international law enforcement agencies in their investigations.  

This collaborative approach enables us to provide a fast and effective response to the thousands of attempted attacks every year on the Janet Network. 

What does the future hold?  

We aim to integrate intelligence from the NCSC into more of Jisc’s cyber-security services for members. This includes supporting Jisc CSIRT on incident response activities, using it in the Jisc managed firewall service, and integrating it into the Jisc cyber security threat monitoring service.  

The goal is also to share intelligence with our members and customers wherever possible, enabling them to capitalise on the combined cyber-security expertise of Jisc and the NCSC.

The goal is also to share intelligence with our members and customers wherever possible, enabling them to capitalise on the combined cyber-security expertise of Jisc and the NCSC. 

To join JNRS, talk to your Jisc relationship manager

Find out more at Jisc’s Security Conference on November 8, when Joe Pitt and Martine R, deputy head of threat and emerging capability team at the NCSC, will present on how Jisc and the NCSC are sharing intelligence. 

If attending the conference in person, visit Jisc’s experts at the cyber threat intelligence bar to benefit from personalised advice on next steps to improve organizational cyber-security posture. 

Get involved

Join our defend as one campaign and help us unite higher and further education in a common cause - to build robust defences across the sector. As a member, you can sign up to receive personalised instructions on how to improve your cyber security posture across your organisation.

About the author

Joe Pitt
Principal threat intelligence architect