UK, US, Canada and Australia collaborate on an automated platform to share intelligence on malware attacks @Jisc
A new cyber security threat intelligence sharing system has been launched to help research and education organisations across the globe prevent and mitigate cyber attacks.
In response to the rise in cyber crime against the sector, particularly ransomware attacks, a global threat intelligence sharing partnership has been set up by five tertiary education and research sector security and technology bodies in the UK, US, Canada and Australia.
The partnership uses MISP, the open-source threat intelligence platform used world-wide by more than 6,000 organisations.
Cyber crime does not respect international borders, and there are often strong similarities in the method of attacks seen in different countries. Using the MISP’s automated warning system, the partner organisations can inform each other of attacks in real time, increasing the likelihood that they can either put in effective preventative measures, or reduce the impact of attacks.
Instigated by Jisc’s executive director of e-infrastructure, Steve Kennett, and delivered by his team, the formal partnership has just been launched following the signing of a memorandum of understanding in April.
Other founding partners in this collaboration include:
- AARNet, Australia’s NREN.
- The Canadian Shared Security Operations Centre (CanSSOC), a partnership between higher education institutions in Canada that is working with Canada’s NREN to deliver a sector specific curated threat feed service to eligible NREN-connected institutions.
- The US higher education shared cyber security operations centre, OmniSOC and the US Research and Education Networks Information Sharing and Analysis Center (REN-ISAC).
“The threat from cyber criminals is growing and constantly evolving and, if we are to stay ahead of the curve, we must continually update our knowledge and adopt agile response mechanisms.
“As an automated platform, with real-time data sharing capability, MISP will help us to do that.
“Jisc already works closely with other UK security agencies and its members to gather and share intelligence, which is crucial to maintaining robust cyber defences. I’m delighted that we can now help extend that benefit internationally.”
Isaac Straley, chief information security officer at CanSSOC and the University of Toronto, says:
“CanSSOC’s motto is ‘Better than what we can do on our own, always in partnership’ because we recognise the value and strength built through coordinated and community-focused approaches to security threats.
“This international partnership aligns closely with our ongoing efforts in Canada to bring together and provide services that can be consumed by a diverse set of institutions for broad benefit and protection against cyber threats.
“We’re eager to build on our existing relationships with Canadian sector partners and Canada’s NREN to tap into the services, expertise, and leadership of the international community, for the benefit of our sector as a whole.”
Charles Sterner, chief information security officer at AARNet, says:
“AARNet has been an active driver of security uplift initiatives for the research and education sector in recent years, spearheaded by the development of our security operations centre for Australian universities.
“We see AARNet playing a key role in creating opportunities for people and groups with common challenges, both in Australia and globally, to achieve far better outcomes by collaborating than they would alone.
“This threat sharing agreement goes to the core of that vision and creates a base for building much larger collaborations focused on securing the sector. We are very grateful for the support of the Australian government for this initiative through the AustCyber Projects Fund.”
Von Welch, executive director of the OmniSOC says:
“This platform will enhance OmniSOC’s ability to apply threat intelligence for the benefit of our members. Combined with other threat intelligence sources, such as REN-ISAC and that shared by our partners, this global threat intelligence gives OmniSOC analysts a unique perspective. This is a great example of global collaboration in the face of a global threat.”
Jisc’s vision is for the UK to be a world leader in technology for education and research. It owns and operates the super-fast national research and education network, Janet, with built-in cyber security protection. Jisc also provides technology solutions for members (colleges, universities and research centres) and customers (public sector bodies), helps members save time and money by negotiating sector-wide deals and provides advice and practical assistance on digital technology. Jisc is funded by the UK higher and further education and research funding bodies and member institutions.