A fast and reliable internet service is fundamental for almost all organisations - colleges, universities and research centres included.
In the UK, they rely on connections to the Jisc-run national research and education network, Janet. As the network is owned and run by Jisc, the safety of those connections is our responsibility – and we are now looking to strengthen its defences.
This is a timely move, as universities and colleges continue to be seriously impacted by a wave of ransomware attacks that started last August. We are braced for a further period of intense criminal activity around the critical weeks for results, clearing and enrolment.
All types of cyber attack are on the march, however, not just ransomware, and we are now seeking sector agreement on a range of key measures for the good of us all.
As part of a wider review and update of the Janet security policy, we are proposing three new principles that reflect the changing security landscape.
- Automatically blocking in-bound traffic from known, high-risk geographically specific IP addresses
- Insisting that all connected organisations conduct an annual review of cyber security posture against an agreed model
- Jisc undertaking regular proactive network scans in response to critical vulnerability alerts or actionable threat intelligence
The aim is to balance security with operability - enabling the UK to be a world leader in education and research.
Compliance with the Janet security policy is a requirement for all organisations connecting to the network.
This online consultation is open until 30 September and should take no more than 15 minutes to complete.
The overall goals of the Janet security policy remain unchanged. These are to ensure that:
- Connected organisations have appropriate policies in place to protect Janet, the networks connected to it and the computer systems and platforms using it
- Mechanisms exist to prevent and identify abuse of the network
- There is an effective response to complaints and queries about real or perceived abuses of the network
- The network meets legal and ethical requirements regarding its connectivity to the worldwide internet
- The reputation of Jisc is protected
To find out more about the proposed new principles and to provide feedback, visit the consultation pages and register, free, for our online briefing, ‘increasing security posture and threat intelligence sharing,’ on 31 August.
For more advice and insight about cyber security, register now for Jisc’s free-to-attend security conference (9-11 November).