Cyber Security Programme Stepping up to the challenge Working together

Cyber Security Programme Stepping up to the challenge Working together for excellence in education, research and operations through Information Services Working together for excellence in education, 1 research and operations through Information Services

Threat Overview 'Wetware' has been the primary attack vector Globally Universities (60 ) SQLi Attack from 'Rasputin' United Kingdom UoC Bank Fraud Hate Crime Various attacks via Social Media attacks / Reputational Damage Working together for excellence in education, 2 research and operations through Information Services

User Needs – Cyber Security AS a Cambridge academic I NEED a secure IT environment at minimal (zero) inconvenience SO THAT I can get on with my work without interruption or distraction Minimal inconvenience means, trouble free connectivity to things I need to access and software I need to use, no degradation in performance from security software, [ ] Interruptions might be recovering my computer from hostage hacking, attending hearings on data breaches, loss of computer for days while it is inspected and restored, permanent loss of data, [.] Working together for excellence in education, research and operations through Information Services

Wetware Social Engineering attacks have been the main attack vector, focusing on four forms of exploitation: Raven credentials in order to gain Journal Access Bank Fraud Crypto Locker Injections* Hate Mail Campaigns *These are under-reported Working together for excellence in education, 4 research and operations through Information Services

Response To provide a robust response to threats, Threat Intelligence reports will be generated Monthly, and on an ad hoc basis Global National Universities UoC Departmental Level (Cyber Security Exposure/Risk Reports) Working together for excellence in education, 5 research and operations through Information Services

Programme Update Cassie Bradley Working together for excellence in education, research and operations through Information Services Working together for excellence in education, 6 research and operations through Information Services

Cyber Technical Review Recommendations Working together for excellence in education, 7 research and operations through Information Services

Programme design How Engagement Stakeholders (Who) Outcomes (What) Engagement – challenging self learning culture Policy and toolkits Institutional Head’s of institution Security Operations Centre Information Asset owner Computer officers Incident response (CamCERT) Security Engineering Security Assured Services Institutional maturity model Everyone in UIS UIS Service owners & managers Enabled by UIS Resources Policies Services Tools Processes Users Continuous improvement Information asset owners Governance – Board level issue, audit and assurance Audit Committee Working together for excellence in education, 8 research and operations through Information Services

The new and accelerated Cyber Security Programme New SRO, Programme director and programme manager Dedicated workstreams and team leads Policy, Security Operations, Frameworks, Identity & Access management, plus two engagement strands New Steering Committee to help with cultural change across the University Help needed across the Collegiate University Working together for excellence in education, 9 research and operations through Information Services

Other workstreams Workstream Deliverable Policy Publication of approved policies for cybersecurity, Updated online training, High level toolkits for individuals and institutions, IPS Policy – 30 Jun Security Assured Services Approved Identity and Access Management Strategy – 30 Jun. Institutional Engagement All institutions aware of incident reporting and online training and highest risk institutions have agreed a remedial plan or issues escalated – 30 Jun Information Asset Management Engagement Schedule completed for engagement with key service owners and IAOs and asset register project in progress – 30 Jun Working together for excellence in education, 10 research and operations through Information Services

Security Operations Centre workstreams including security engineering and incident response Jon Holgate Working together for excellence in education, research and operations through Information Services Working together for excellence in education, 11 research and operations through Information Services

Security Engineering – Ashley Culver Managed Firewall Service Existing pilot deployments to CCI & Faculty of Law Managed firewall service launched – w/c 6th March Prioritise Firewall deployment to specific sites Institutions consulted and deployed where possible – 30th June Intrusion Prevention System IPS Policy created – 31st March Institutional Consultation – One month after IPS Policy agreed IPS Implemented (BAU) – Two months after Institutional Consultation complete (Summer 2017) Working together for excellence in education, 12 research and operations through Information Services

Incident Management Full handover of responsibilities from existing CERT Team – 31 st March HEAT Incident Response Implemented for team – 31st March Monthly threat assessment reports to be generated– commencing 31st March IDS monitoring and incident management as usual - Ongoing Working together for excellence in education, 13 research and operations through Information Services

UIS Server Infrastructure – Infrastructure & Network Fortigate Systems 3000D Server Firewall Ex-UCS server network routed to behind UIS Server Firewall– 30th April Long term plans for firewall zoning and redesign of the server DDoS (Distributed Denial of Service) network Protection DDoS (Cloudflare) protection for main www.cam.ac.uk site – 31st March Prevention mode implemented for on premise anti-DDoS device, for the former MISD server environment – 30th April Prevention mode implemented for on premise anti-DDoS for former UCS server environment – 31st July Working together for excellence in education, 14 research and operations through Information Services

Security Assured Services workstream Institutional Maturity Model Bob Dowling Working together for excellence in education, research and operations through Information Services Working together for excellence in education, 15 research and operations through Information Services

Maturity Model No. Level Description 1 Basic disjointed operations with unpredictable outcomes 2 Controlled coordinated, manageable, mostly predictable 3 Standardized suitable institutional standard exists and is complied with 4 Optimized reporting back to authority, regular review checking needs being met 5 Innovative new technologies continually reviewed for use Working together for excellence in education, 16 research and operations through Information Services

Levels and Indicators A maturity model is applied to individual indicators. We will be releasing sample/template standards with indicators. Indicators require objective measurement. An institution is as good as its lowest score. Focus on raising the lowest values. Realistic goal: One level per year. Working together for excellence in education, 17 research and operations through Information Services

Example Indicator “Malware protection software is installed on all computers.” No. Example 1 Device owners are left to install their own anti-malware software. 2 A selected anti-malware software is distributed by the institution to all members. 3 The institution uses a managed anti-malware service and the security standard requires its use. There are approved escalation procedures for devices that break the standard. 4 The numbers of devices that triggered a malware alert in the reporting tool or which needed chasing to install the client are tracked and form part of the governing body report. 5 The selection of anti-malware software is reviewed periodically, using the accrued reports and benchmarking against alternatives. Working together for excellence in education, 18 research and operations through Information Services

“Basic” or “controlled” maturity Working together for excellence in education, 19 research and operations through Information Services

“Standardized” maturity Working together for excellence in education, 20 research and operations through Information Services

“Optimized” maturity Working together for excellence in education, 21 research and operations through Information Services

‘Innovative” maturity Working together for excellence in education, 22 research and operations through Information Services

This will take time A maturity model is applied to individual indicators. We will be releasing sample/template standards with indicators. Indicators require objective measurement. An institution is as good as its lowest score. Focus on raising the lowest values. Realistic goal: One level per year. Working together for excellence in education, 23 research and operations through Information Services

Questions? Working together for excellence in education, research and operations through Information Services Working together for excellence in education, 24 research and operations through Information Services