In response to the rise in cyber crime, particularly ransomware attacks, against the tertiary education and research sector, security and technology bodies in Australia, Canada, the UK and US have joined forces to form a global threat intelligence sharing partnership. The partners will share intelligence on malware attacks to help research and education organisations across the globe prevent and mitigate cyber attacks.
Cyber crime does not respect international borders, and there are often strong similarities in the method of attacks seen in different countries. Using the MISP open-source threat intelligence platform and automated warning system, the partner organisations can inform each other of attacks in real time, increasing the likelihood that they can either put in effective preventative measures, or reduce the impact of attacks.
The founding partners in this collaboration are AARNet, Australia’s NREN, which also provides cyber security services; the Canadian Shared Security Operations Centre (CanSSOC), a partnership between higher education institutions in Canada that is working with Canada’s NREN to deliver a sector specific curated threat feed service to eligible NREN-connected institutions; Jisc, the UK’s technology body for tertiary education and runs the NREN Janet, which has in-built cyber security protection; the US higher education shared cyber security operations centre, OmniSOC and the US Research and Education Networks Information Sharing and Analysis Center (REN-ISAC).
Here’s what the partners say:
Charles Sterner, AARNet Chief Information Security Officer, says:
We see AARNet playing a key role in creating opportunities for people and groups with common challenges, both in Australia and globally, to achieve far better outcomes by collaborating than they would alone. This threat sharing agreement goes to the core of that vision and creates a base for building much larger collaborations focused on securing the sector. We are very grateful for the support of the Australian government for this initiative through the AustCyber Projects Fund.”
Isaac Straley, CanSSOC and the University of TorontoChief Information Security Officer, says:
“CanSSOC’s motto is ‘Better than what we can do on our own, always in partnership’ because we recognise the value and strength built through coordinated and community-focused approaches to security threats. This international partnership aligns closely with our ongoing efforts in Canada to bring together and provide services that can be consumed by a diverse set of institutions for broad benefit and protection against cyber threats. We’re eager to build on our existing relationships with Canadian sector partners and Canada’s NREN to tap into the services, expertise, and leadership of the international community, for the benefit of our sector as a whole.”
Steve Kennett, Jisc Executive Director of E-infrastructure, says:
“The threat from cyber criminals is growing and constantly evolving and, if we are to stay ahead of the curve, we must continually update our knowledge and adopt agile response mechanisms. As an automated platform, with real-time data sharing capability, MISP will help us to do that. Jisc already works closely with other UK security agencies and its members to gather and share intelligence, which is crucial to maintaining robust cyber defences. I’m delighted that we can now help extend that benefit internationally.”
Von Welch, OmniSOC Executive Director says:
“This platform will enhance OmniSOC’s ability to apply threat intelligence for the benefit of our members. Combined with other threat intelligence sources, such as REN-ISAC and that shared by our partners, this global threat intelligence gives OmniSOC analysts a unique perspective. This is a great example of global collaboration in the face of a global threat.