A presentation from the Jisc security conference 2018 by Henry Hughes

1. Cyber security landscape
Henry Hughes
deputy security director, Jisc.

2. Contents
• Cyber security strategy
• Incident response team
• Distributed denial of service attacks
• Professional services
• Cyber threat intelligence
• Security portal
• Roadmap

3. Cyber security strategy
First published in 2015:
• Set up a cyber security division Jan 2017 – focussing all security related activity into one
organisational structure
• Established Jisc’s Security Operations Centre – bringing together CSIRT and DDoS mitigation
functions into a single team
• Established an in-house professional services team to provide a range of penetration testing
and security assessment services
• Implemented a vulnerability assessment and information service and a phishing awareness
and associated training service
• Invested in a market-leading DDoS mitigation solution to reduce the time taken to mitigate
attacks, increased our capability to defend against attacks and developed enhanced services
that allow tailored bespoke solutions that directly meet member needs

4. Cyber security strategy
2015 - continued:
• Undertaken an annual cyber security posture survey to ensure we continue to provide services
and products that our members value
• Launched the cyber security portal to provide better visibility for our members of their network
traffic and DDoS mitigations and alerts
• Instigated the annual Jisc security conference
• Launched the security x-ray service to help institutions identify their spending on security
controls and provide targeted advice and guidance
• We have even launched our first cyber security documentary featuring some of our staff,
members and partners highlighting how we help protect the Janet network and institutions

5. Cyber security strategy
2018 – 2022 responding to an evolving threat landscape
• Defend – The CSIRT function within the SOC will continue to detect, report and investigate
incidents that pose a threat to the security of our customers’ information systems. We will
increase our coordination role nationally and internationally, particularly with regards to multi-
agency coordination, bring organisations and people together to best protect our community.
• Deter – We will continue to work with NCA, NCSC and other law enforcement agencies to
detect and investigate cyber incidents, and where possible will see these through to
prosecution. We will continue to work with members to develop their defences and test their
exposure to cyber risk.
• Develop – We will continue to develop the Jisc Security Operations Centre by recruiting and
training skilled individuals. By 2019 we have developed our digital forensics capability to enable
us to undertake more investigative work as part of ongoing incidents.

6. Incident Response Team – Janet CSIRT
Established 1994
• CSIRT for the Janet network
• Coordination of incident response for members connected to the network
• Investigate other forms of network abuse such as spam and copyright
infringement
• First port of call for when a Jisc member is experiencing a security issue
• Work with organisations within the UK and internationally to assist in
crime investigations
• Gather intelligence on potential security issues
• Minimise risk, prevent incidents, contain cyber damage

7. Janet CSIRT – Contact Points
CSIRT team available 8am-midnight Monday-Friday, and 9-5pm weekends
Telephone: 0300 999 2340
Email: irt@csirt.ja.net
Visit the Janet NetworkCSIRT blog (https://community.ja.net/blogs/csirt)
JiscMail Security list (UK-SECURITY@JISCMAIL.AC.UK)
"Academia" group on Cyber Security Information Sharing Partnership (CiSP)
https://share.cisp.org.uk/

8. Distributed Denial of Service attacks

10. Top 10 source countries involved in DDoS attacks
0
10
20
30
40
50
60
70
80
90
100
USA China Russia Brazil UK Germany France Ukraine Republic of
Korea
Taiwan
Percentageoftotalattacks
Country

11. Professional services
Penetration testing
• A method for evaluating the security of an information system,
network, application or programme by simulating the types of
attack that are known to occur in the real world.
• Our service is now entirely flexible and carried out by our own
experienced, trained and certified cyber-security experts.
• Our penetration testing team have over 25 years’ experience of
penetration testing across education, research, finance,
broadcast, critical healthcare infrastructure and civil service
projects.
• Can help with improving the overall security of a institution as
part of an audit, assessment, for Cyber Essentials+, GDPR or
for best practice and as a proactive step to safeguard against
threats.

12. Cyber Threat Intelligence
Established Jan 2018
•Seeking to identify the groups behinds the threats – helps us be better prepared
for attacks;
•Regular reporting on threat landscape – existing and emergent threats and
potential counter measures;
•Central scanning against top threats seen in use on Janet – externally accessible
address space only – explicit opt in will be required;
•Formal information sharing structures – contractual and infrastructure;
•Visible through the security portal.

14. Roadmap
2019 and beyond:
•DNS resolver service enhancements
•Refreshed NTP infrastructure
•Secondary DNS services
•Managed security services including firewall and end point assessment
•Digital forensics
•Security assessment – BSI 31111
•Web filtering
•SIEM services

15. Get in
touch…
Except where otherwise noted,
this work is licensed under CC-BY
Henry Hughes
deputy security director
henry.hughes@jisc.ac.uk