Cyber security has long been an area of activity for those responsible for providing, protecting and supporting digital services in research and education, but recent events have focused public and media attention on the scale of the threat.
For example, April’s Heartbleed vulnerability was arguably one of the biggest security threats the internet has ever seen, affecting some of the world’s most popular websites and tens of millions of users indirectly.
The fast response and guidance of organisations’ incident and response teams helped to minimise the potential damage, but Heartbleed’s headline-grabbing nature has thrust cyber security firmly in the spotlight and got people thinking about protecting their networks. And that’s just one of the countless security threats and risks that are coming up every single day.
So what does this mean for education and research organisations, who are reliant on e-infrastructure for their work and at the same time need to safeguard their assets against security risks online? That’s the question we at Jisc are now posing, and would like your input.
An evolving offer
While our computer security and incident response team (CSIRT) has been providing security products and services to support customers’ innovative online activities for many years, our offer has had to evolve as the incidents we encounter have grown in scale and become more sophisticated.
For example, whereas most issues used to be reported to us in the form of an email sent by an individual, we now receive the majority of information from automated systems run by third parties. We also receive considerably more information today, with 10 times as many incidents reported compared to eight years ago, so that in a typical 24-hour period we can see anything up to 900 items of security intelligence being received, concerning over 200 separate customers. This means our approach has to change to enable us to better help protect the community against cybercrime.
As part of this evolution we are now consulting on a strategy for Jisc security products and services, which focuses on how we can help the research and education sector address the technical aspects of cyber security, including protecting systems, networks and information. Our aim is to do this through a range of proactive and reactive security services:
Any response that is triggered by an event or request, such as a report of a compromised host, widespread malicious code, software vulnerability or something that was identified by an intrusion direction or logging system, is classified as ‘reactive’.
In these circumstances we will act to disseminate information to any and all relevant parties – be it about specific attacks, vulnerabilities, intrusion alerts, viruses, or hoaxes – and provide appropriate recommendations to address the specific issue, first-and-foremost through short-term action to minimise the initial threat, and longer term actions to prevent similar issues arising. This also includes providing guidance on how to recover and protect any systems that were affected.
These services provide assistance and information to help education and research organisations prepare, protect, and secure their systems in anticipation of attacks or events in order to reduce the number of incidents in the future. Essentially, it should allow customers to improve their infrastructure and information security processes before an incident occurs or is detected so that the impact is reduced if and when they do arise.
A key part of our strategy is to ensure all education and research organisations start to consider cyber security as part of their business continuity planning and build in appropriate information security governance mechanisms. We will provide them with alerts, vulnerability warnings and security advisories that will help them to protect their systems and networks.
We need your help
We want to make sure that the products and services we provide continue to support customers’ capabilities to respond to online security concerns and reduce the risk of cybercrime – from the smallest further education colleges to long-established universities and research institutions.
To do this we need to have a deep understanding of your requirements and what would help you better respond to security incidents. That’s why we’re inviting users of Janet’s network to join the conversation and have their say on the development of the strategy. Sign up to the security products and services community group, contact your customer representative or you can email me at email@example.com if you have any questions.
You’ve got until Tuesday 30 September to send your feedback - please let us know if these services meet your needs or if there is anything else you think we should be doing.