Cyber security is a top priority for the government, for businesses and for Jisc. We want to help all our members build the best possible defences against cyber criminals – and we like to lead from the front in this arena. To that end, we’ve changed and improved our approach to security over the past 12 months.
This evolution started on 3 January 2017, when all the security functions at Jisc were brought together in a single division headed by Steve Kennett, bringing together the staff responsible for providing and developing all the security services and products that we offer with the operational teams into the new cyber security division.
Within the new division we have also established Jisc’s security operations centre, integrating the Janet Network computer security incident response team (CSIRT), the DDoS analysts and a new penetration testing and security assessment team.
In demand as trusted experts
Over the year, the division has expanded considerably, with expert staff joining the team and several new services added to the portfolio – and more to come in 2018.
Meanwhile, Steve has been much in demand as a speaker, presenting at 18 security-themed events during 2017, and attending many more. He has forged new alliances and strengthened existing relationships within the sector, the security industry, the government and with security agencies at home and abroad. We now have a solid intelligence network and our advice and expertise is sought and respected at the highest level.
Faster and better attack mitigation
One of most significant developments now under the security operations centre’s control actually went live in October 2016, but this year we began work to enhance our Distributed Denial of Service (DDoS) mitigation service.
It is delivered in partnership with a global leader in this field, Arbor Networks, and we have been working with their team to develop enhanced services, which cut response time from a few hours to a few minutes. A successful pilot has been running since September at the University of Sheffield, with the faster services due to launch early in 2018.
Development also began on a portal for this service, which, when it’s live in the early part of 2018, will enable members to see in real time any suspicious traffic on their network. Eventually, the portal will serve as a one-stop shop, where members can search for advice and guidance, see our range of security services and share intelligence.
In 2017 the security operations centre has seen more than 1,200 DDoS attacks over the Janet Network, and dealt with more than 6,000 other incidents, such as malware, copyright infringements and law enforcement enquiries. Not only have we seen an increase in the number of attacks, we have also seen an increase in their size and their complexity, with the security operations centre analysts having to respond to changes made by attackers in real time.
Education and risk assessment
In March, we launched simulated phishing and awareness service delivered from Khipu Networks. Phishing, particularly via email, is a major concern for all our members and educating end users in how to spot such threats is high on their list of security priorities. It’s been a popular service, with 20 of our members so far running an anti-phishing campaign.
In May we conducted our first ever cyber security posture survey among members. Giving us valuable insight into the varied defensive landscape in our sector, we now have a greater understanding of our members’ top security concerns, which will help shape our future decisions. We know, for example, that the use of vulnerability scanning to identify weaknesses in security is becoming the main way our members are testing their exposure to cyber risk.
The previously outsourced pen testing service was brought in house from August, with the appointment of two highly-skilled experts in this field. We have been inundated with requests for pen tests and are currently looking for another ethical hacker to join the team.
Building on an inaugural event in 2016, we held a security conference in November, where we welcomed more than 200 staff from member organisations. It was the perfect platform to launch our first cyber security documentary film.
Over two days, we heard from a variety of speakers on subjects including password security, the ethics of phishing campaigns, DDoS mitigation, the government’s Cyber Aware campaign, and using best-practice cyber security as a business driver. Our 2018 conference will be held in London in November.