All well at Harwell: visiting Jisc’s cyber security hub

Image: diamond.ac.uk

As the taxi from Didcot Parkway winds through the country roads, the buildup doesn’t prepare the first-time visitor to the Harwell research campus for the sight of the giant silver doughnut that is the Diamond Light Source. Space-age is definitely an apt description for a building which sits next to the European Space Agency replete with its forecourt of the nations’ flags. And opposite the Diamond is RAL Space, part of the Science and Technology Facilities Council’s Rutherford Appleton Laboratory. Aptly, nestled behind there in a somewhat less glamorous building sits Jisc’s Harwell operation, home to a crack team of cyber wonks.

As you’d expect for such a sensitive operation, security is tight. There’s an atmosphere of quiet determination – perhaps only put on when visitors are around – with the tapping of keyboards and hum of fans in the background. On the wall in the service desk zone, there’s a map of the Janet network showing the flows of traffic along its connections. Mostly green nodes today, but with a couple of amber flags. It’s possible to see with a few clicks exactly which institution has lost a connection, and on this occasion it’s a new piece of kit not yet brought online.

Janet is a wonderful thing, especially if you’re not 100% (or maybe even 50%) sure how the marvels of the internet reach your devices. The network which keeps data flowing between universities, colleges, schools and a smattering of other organisations has important work to do, from data transfers from CERN to live streaming Bake Off. There is something simultaneously sublime and ridiculous about the sheer volume of traffic for Facebook, or the fact that Netflix’s entire catalogue is mirrored on Jisc’s servers to smooth the viewer’s experience. Protecting this traffic from external attack is the work of the Security Operations Centre (SOC).

Upstairs in the SOC nerve centre is a team of quiet and dedicated (mostly) men. They’re monitoring traffic across the Janet network and identifying suspicious activity. As I’m there, we see the monitors on the wall flash with new attacks. This time an FE college is at the mercy of five different approaches that include distributed denial of service (DDoS). Things are under control with a suite of countermeasures which can be used prevent this kind of malicious interference. Increasingly, SOC prevents attacks before institutions even know they’ve been targeted.

Cyber attacks from phishing, ransomware and DDoS are big news. And disruption to networks is unacceptable given our reliance on the internet as critical infrastructure. Imagine what a university’s website going down in clearing would do to its ability to recruit students at a critical time. Jisc re-organised its response to cyber attacks following a major incident in December 2015; now the team is better integrated and able to respond faster and with a wider range of tools to keep one step ahead. One step ahead of whom? I ask. Sometimes it’s a disgruntled employee, or former employee. Sometimes it’s a student, or a foreign power, and sometimes it’s just criminals. I’m told that one halls of residence was threatened with DDoS as students were playing an online game and this was an attempt by rivals to gain an advantage.

Through active monitoring and response to incidents, Jisc is defending the Janet network. The Harwell team also does outreach and offers advice and guidance to institutions across the country, and liaises closely with the relevant authorities like the National Crime Agency to ensure that criminal attackers are pursued. There’s also a significant element of working with partners overseas, both in Europe and beyond. By sharing intelligence and monitoring global threats, the Jisc team can be as prepared as possible for anything coming our way. And it can alert peers to threats they might face.

Working with individual institutions and through their partner suppliers, Jisc can run phishing simulations or vulnerability assessment. How universities and colleges are preparing themselves for the threats posed by cyber security varies widely, as you’d expect from a diverse sector. There’s strong awareness of the issues and a need for staff and students to understand that good cyber security isn’t just a technical problem, but one of culture and psychology. Jisc has surveyed members on their approaches to cyber security: compliance is only going to get more important as next year’s general data protection regulations (GDPR) come into force.

It doesn’t need me to tell anyone that cyber security is currently a big issue, and its significance is hardly likely to diminish. It’s great to know that, for the HE sector, there’s a team working on keeping the traffic flowing, even if it is just to keep the latest Netflix series streaming to campuses across the land.

Leave a Reply