2. Contents
• Cyber security strategy
• Incident response team
• Distributed denial of service attacks
• Professional services
• Cyber threat intelligence
• Security portal
• Roadmap
3. Cyber security strategy
First published in 2015:
• Set up a cyber security division Jan 2017 – focussing all security related activity into one
organisational structure
• Established Jisc’s Security Operations Centre – bringing together CSIRT and DDoS mitigation
functions into a single team
• Established an in-house professional services team to provide a range of penetration testing
and security assessment services
• Implemented a vulnerability assessment and information service and a phishing awareness
and associated training service
• Invested in a market-leading DDoS mitigation solution to reduce the time taken to mitigate
attacks, increased our capability to defend against attacks and developed enhanced services
that allow tailored bespoke solutions that directly meet member needs
4. Cyber security strategy
2015 - continued:
• Undertaken an annual cyber security posture survey to ensure we continue to provide services
and products that our members value
• Launched the cyber security portal to provide better visibility for our members of their network
traffic and DDoS mitigations and alerts
• Instigated the annual Jisc security conference
• Launched the security x-ray service to help institutions identify their spending on security
controls and provide targeted advice and guidance
• We have even launched our first cyber security documentary featuring some of our staff,
members and partners highlighting how we help protect the Janet network and institutions
5. Cyber security strategy
2018 – 2022 responding to an evolving threat landscape
• Defend – The CSIRT function within the SOC will continue to detect, report and investigate
incidents that pose a threat to the security of our customers’ information systems. We will
increase our coordination role nationally and internationally, particularly with regards to multi-
agency coordination, bring organisations and people together to best protect our community.
• Deter – We will continue to work with NCA, NCSC and other law enforcement agencies to
detect and investigate cyber incidents, and where possible will see these through to
prosecution. We will continue to work with members to develop their defences and test their
exposure to cyber risk.
• Develop – We will continue to develop the Jisc Security Operations Centre by recruiting and
training skilled individuals. By 2019 we have developed our digital forensics capability to enable
us to undertake more investigative work as part of ongoing incidents.
6. Incident Response Team – Janet CSIRT
Established 1994
• CSIRT for the Janet network
• Coordination of incident response for members connected to the network
• Investigate other forms of network abuse such as spam and copyright
infringement
• First port of call for when a Jisc member is experiencing a security issue
• Work with organisations within the UK and internationally to assist in
crime investigations
• Gather intelligence on potential security issues
• Minimise risk, prevent incidents, contain cyber damage
7. Janet CSIRT – Contact Points
CSIRT team available 8am-midnight Monday-Friday, and 9-5pm weekends
Telephone: 0300 999 2340
Email: irt@csirt.ja.net
Visit the Janet NetworkCSIRT blog (https://community.ja.net/blogs/csirt)
JiscMail Security list (UK-SECURITY@JISCMAIL.AC.UK)
"Academia" group on Cyber Security Information Sharing Partnership (CiSP)
https://share.cisp.org.uk/
10. Top 10 source countries involved in DDoS attacks
0
10
20
30
40
50
60
70
80
90
100
USA China Russia Brazil UK Germany France Ukraine Republic of
Korea
Taiwan
Percentageoftotalattacks
Country
11. Professional services
Penetration testing
• A method for evaluating the security of an information system,
network, application or programme by simulating the types of
attack that are known to occur in the real world.
• Our service is now entirely flexible and carried out by our own
experienced, trained and certified cyber-security experts.
• Our penetration testing team have over 25 years’ experience of
penetration testing across education, research, finance,
broadcast, critical healthcare infrastructure and civil service
projects.
• Can help with improving the overall security of a institution as
part of an audit, assessment, for Cyber Essentials+, GDPR or
for best practice and as a proactive step to safeguard against
threats.
12. Cyber Threat Intelligence
Established Jan 2018
•Seeking to identify the groups behinds the threats – helps us be better prepared
for attacks;
•Regular reporting on threat landscape – existing and emergent threats and
potential counter measures;
•Central scanning against top threats seen in use on Janet – externally accessible
address space only – explicit opt in will be required;
•Formal information sharing structures – contractual and infrastructure;
•Visible through the security portal.
13.
14. Roadmap
2019 and beyond:
•DNS resolver service enhancements
•Refreshed NTP infrastructure
•Secondary DNS services
•Managed security services including firewall and end point assessment
•Digital forensics
•Security assessment – BSI 31111
•Web filtering
•SIEM services
15. Get in
touch…
Except where otherwise noted,
this work is licensed under CC-BY
Henry Hughes
deputy security director
henry.hughes@jisc.ac.uk
Notas do Editor
It is likely that when this strategy is updated in 3 years’ time we will have undergone even more change, as although the types of threats are evolving, they are not going away, and as funding changes within the education and research sector we will need to be more agile and innovative about how we all work together to address cyber security threats.
It is likely that when this strategy is updated in 3 years’ time we will have undergone even more change, as although the types of threats are evolving, they are not going away, and as funding changes within the education and research sector we will need to be more agile and innovative about how we all work together to address cyber security threats.
It is likely that when this strategy is updated in 3 years’ time we will have undergone even more change, as although the types of threats are evolving, they are not going away, and as funding changes within the education and research sector we will need to be more agile and innovative about how we all work together to address cyber security threats.
It is likely that when this strategy is updated in 3 years’ time we will have undergone even more change, as although the types of threats are evolving, they are not going away, and as funding changes within the education and research sector we will need to be more agile and innovative about how we all work together to address cyber security threats.
It is likely that when this strategy is updated in 3 years’ time we will have undergone even more change, as although the types of threats are evolving, they are not going away, and as funding changes within the education and research sector we will need to be more agile and innovative about how we all work together to address cyber security threats.
First year of in-house Jisc Penetration testing service – Oct 2017-Oct 2018
What is it?
Evaluates and improves the security of your system or network by simulating real-world attacks
Why do we do it?
Membership asked us for it.
Needed for audits, certain standards / membership / Cyber Essentials +, following a breach, proactive security management, change in infrastructure or applications, mergers, new security staff, GDPR…..
Benefits of testing?
Discover the unknown, help with information security across the entire institution, mitigate risk, knowledge sharing, can highlight gaps in security process ownership and departmental risk ownership, systems segmentation analysis
Current team
1 pen tester > 5 now (8 incl support staff)
64 engagements first year, mean average is 7 days, mode is 5 days (a typical pentest)
Stuff we have found
Blackbox (unauthenticated) Infrastructure testing: discovered a unique vulnerability in RSA securID integration with a software repository at a major UK research institution: impact was a perimeter breach with potential for international supply chain attack
Spearphishing: the promise of free cake has proven 100% effective across engagements as an enticement to gain credentials and gain a foothold on the internal network.
Effective bypass techniques explored and proven to mitigate Google's GSuite phishing protection to harvest credentials.
Discoveries across commercial applications: data-exposing vulnerabilities identified in products used across the sector for HR, finance and student records have been reported and fixed by vendors including Tribal, EveryonePrint and TechnologyOne.
The future
Enhanced pen tests including more assessment work, roadmap guidance, digital forensics
Labs to regularly test the apps our sector is using (ongoing remediation work for the sector)
Training courses for members