Updates from the AHECS Cybersecurity Community
AHECS website now live!
The AHECS Website is now live and serves as you and your team’s first point of call for cybersecurity insights. Providing curated content, latest news and links to services provided by the AHECS partners, the AHECS site helps safeguard the intellectual property and reputation of CAUDIT member institutions. The site will evolve as additional services come online. Many thanks to all who contributed to the site build led by Greg Sawyer (CADUIT Director, Cybersecurity) and Chelsea Cannedy (Manager, Events).
The CAUDIT Cybersecurity Community of Practice adopted a new communication channel, Slack. The introduction of a dedicated AHECS Cybersecurity Slack channel (#ahecs_cybercop) assists with bringing the higher education and research cybersecurity community even closer together and facilitates more accessible communication. In making the move to Slack, the channel will include all members and partners of AHECS, including the CAUDIT Cybersecurity CoP, AusCERT, AARNet, AAF and REANNZ.
The Slack channel is open to members of the CAUDIT Cybersecurity Community of Practice. To join the CAUDIT Cybersecurity Community of Practice: https://www.surveymonkey.com/r/IT-Security-Signup
To join Slack download the Cybersecurity Slack channel guide: https://ahecs.edu.au/good-practice-guides/
AHECS Engagement: CISO Group
The CAUDIT CISO’s group was formed in April 2020 representing the Senior Cybersecurity leader in all Higher Education institutions in Australia and New Zealand. The CISO’s meet monthly discussing topical issues, latest threats and developing responses to raise the maturity of institutions and the sector. The current initiatives include a sector CISO Survey reviewing roles, structure, funding, service delivery, COVID-19 impacts, digital identity and cybersecurity futures. In partnership with ASAUDIT and UCISA the CISO’s and CAUDIT are investigating expanding the survey to include UK and South African institutions backed with a Tri-nation Virtual Study tour. The CISO’s have formed a working party to review Third party/ cloud assessments and develop a scope to improve and delivery efficiencies across the sector.
The CAUDIT Cybersecurity Community of Practice (CoP) continue discussion with the new AusCERT Slack service and AHECS Slack channel especially busy during the Prime Ministers recent announcement on the Copy Paste compromises. Supporting the cybersecurity community have been a series of webinars, bringing in International speakers supporting the University Foreign Interference Taskforce (UFIT) guidelines. The webinars in June included:
- The timely, topical webinar by Threat Intelligence which shared updates on an institution affected by the Copy Paste Compromise (ACSC Advisory 2020-008) which was well received with nearly 100 attendees,
- Zscaler sharing details of the Copy Paste Compromise with solutions to address the risk,
- An update on the issue posed by Sci-hub to the sector, and
- An International update by EDUCAUSE and REN-ISAC providing valuable information and connections into the Cybersecurity community.
AHECS and AHECS Partners service continue to proactively help safeguard the intellectual property and reputation of Australasia’s universities.
AARNet’s SOC, funded in part through a partnership with AustCyber to assist in on-boarding activities and global threat intelligence sharing capabilities, will help institutions to monitor, detect and respond to cyber threats. The SOC is in Pilot phase with four (4) institutions currently being on-boarded. Production will commence from September 1 2020 where further institutions will be on-boarded.
The CAUDIT Information Sharing and Analysis Centre (ISAC) is a dedicated threat intelligence sharing group for universities delivered by AusCERT. The production service delivers benefit through experienced AusCERT analysts helping institutions utilising indicators of compromise to mitigate threats in your environment, saving you time and resources. Members will be given access to our MISP platform, where AusCERT share a curated feed of threat intelligence gathered from multiple sources, and AusCERT’s own malware and threat analysis
CAUDIT is leading the AHECS Cyber Analysis workstream, working with AHECS Partners, CISO and the Community of Practice to scope services including maturity assessments, benchmarking and reporting. The CISO Sector Survey forms part of the scope of these deliverables.
AARNet is leading the AHECS Threat Intelligence workstream with AusCERT, incorporating UFIT guidelines on Cyber Threat Intel (CTI) sharing strategy and roadmap, Cyber threat models, Threat model training and Threat model practioner training. Capitalising on the AustCyber investment AARNet as Australia’s National Research and Education Networks (NREN) is working with other national NREN’s to develop intelligence sharing framework to leverage the wealth of information, work with Government and industry.
Read Minister Tehan's press statement released on 26 June, announcing $1.6 million to enhance the cyber security of Australia’s universities by funding a threat intelligence-sharing network, sector-wide threat modelling and a national cybersecurity forum that will meet three times a year. AHECS, while it has much more to do, already has much of this underway.