Defending as One: UK Research Cybersecurity Strategy

iris security strategy defending as one david n.w
1 / 33
Embed
Share

The UK faces acute cybersecurity threats in the research and education sector. Collaboration is key to protecting against well-resourced attackers. Learn about the DRI cybersecurity framework and IRIS security strategy to safeguard research communities against evolving threats.

  • Cybersecurity
  • Research
  • Collaboration
  • UKRI
  • Defense
rayaanacharya
madi_543 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. IRIS Security Strategy: Defending as one David Crooks david.crooks@stfc.ac.uk

  2. Who am I? GridPP/IRIS Security Officer Incident response team supporting LHC computing grid (EGI CSIRT) Acting Head of Cybersecurity for UKRI STFC Scientific Computing Project leader for DRI Cybersecurity My driver is collaboration between the cybersecurity community and our (inter)national research communities as primary stakeholders

  3. Agenda 1. Motivation and context 2. DRI Cybersecurity 3. Cybersecurity frameworks NCSC Cyber Assessment Framework 4. IRIS Security Strategy

  4. Motivation and context

  5. Motivation The threat from cybersecurity attacks to the UK research and education sector is acute having grown over recent years We must work together to protect and defend our community in the face of determined and well-resourced attackers We must share information about ongoing incidents between our organisations Defend as one This message was very clear at the recent Jisc Security Conference

  6. Context DRI programme International partners, infrastructures and organisations IRIS ++ DiRAC GridPP SCD

  7. DRI Cybersecurity

  8. DRI vision The vision of the UKRI DRI programme is a coherent state-of-the-art national digital research infrastructure that will seamlessly connect researchers, policymakers and innovators to the computers, data, tools, techniques and skills that underpin the most ambitious and creative research. Achieving this vision through Data infrastructure Large-scale computing Secure services and tools for sensitive data Skills and career pathways Foundational tools, techniques and practices

  9. DRI Risk Environments Computing + Storage High Throughput Computing (HTC) High Performance Computing (HPC) Cloud Computing Variety of storage technology suited to research needs Research Environments Open Research (eg High Energy Physics/Astronomy) IRIS Trusted Research Environments Shared User Communities Key feature of DRI but introduces risk from credential theft

  10. DRI Cybersecurity DRI Cybersecurity is a cross-cutting activity focused on developing an effective approach to cybersecurity across the DRI community Focus initially on community workshops and early adopter testbed work Build long-term strategy and short-term goals Technology demonstrators and building community First workshop this summer focused on input from UKRI (STFC), DRI, Jisc and research infrastructures Planning next workshop most likely for April 2024 Important to have strong IRIS participation

  11. DRI Cybersecurity Pillars 1. Development of cybersecurity capabilities as a DRI community Focus on the distributed, federated layer 2. Development of cybersecurity culture across our constituent organisations Both at operational and leadership layers 3. Reinforcement of strong links with our (inter)national cybersecurity partners Important to develop partnership with Jisc and NCSC Maintain and build on existing international collaborations 4. Development and maintenance of core cybersecurity skills within DRI community

  12. Cybersecurity frameworks: NCSC Cyber Assessment Framework

  13. NCSC Cyber Assessment Framework An outcomes-based risk management framework Meeting a need identified several years ago to improve the security of network and information systems across the UK Originally focused on organisations that play a vital role in the day-to-day life of the UK are designated as forming part of the Critical National Infrastructure (CNI) are subject to certain types of cyber regulation Networks & Information Systems (NIS) cyber aspects of safety regulation such as Control Of Major Accident Hazards (COMAH) https://www.ncsc.gov.uk/collection/caf

  14. Government Cyber Security Strategy In early 2022, Government Cyber Security Strategy 2022-2030 published https://www.gov.uk/government/publications/government-cyber-security- strategy-2022-to-2030 to ensure that core government functions - from the delivery of public services to the operation of National Security apparatus - are resilient to cyber attack Government will adopt the Cyber Assessment Framework (CAF) as the assurance framework for government.

  15. GovAssure, CAF and DRI Earlier this year the GovAssure approach was launched https://www.security.gov.uk/guidance/govassure/ https://www.gov.uk/government/news/government-launches-new-cyber- security-measures-to-tackle-ever-growing-threats--2 Using the NCSC s Cyber Assessment Framework (CAF) to review the cyber security of government departments and selected arm s length bodies essential functions and services Including UK Research and Innovation CAF could provide a useful tool in building cybersecurity baseline across DRI organisations

  16. The CAF is based on the NIST Cyber Security Framework (CSF): CAF Objectives: Principles: NIST CSF function: A1 Governance A2 Risk management A3 Asset management A4 Supply chain A. Managing security risk IDENTIFY B1 Service protection policies and processes B2 Identity and access control B3 Data Security B4 System security B5 Resilient networks and systems B6 Staff awareness and training B. Defending systems against cyber attack PROTECT C1 Security monitoring C2 Proactive security event discovery C. Detecting cyber security events DETECT RESPOND D1 Response and recovery planning D2 Improvements D. Minimising the impact of cyber security incidents RECOVER Mappings exist between the CAF and other standards Including ISO27k/NIST Cybersecurity Framework/CIS https://www.security.gov.uk/guidance/govassure/templates-and-downloads

  17. Cybersecurity Objectives Objective/Function Managing security risk / IDENTIFY Key areas Governance Risk management Policies Identity and Access Management System and data security Skills and Training Security monitoring Proactive event discovery Response and recovery planning (Continuous) Improvements Defending systems / PROTECT Detecting cyber security events / DETECT Minimising the impact of cyber security incidents / RESPOND+RECOVER

  18. Research computing + frameworks Research computing has a different risk environment to corporate computing Historical tension with cybersecurity frameworks Proceed by highlighting treatment of exceptions Particularly relevant in IRIS/DRI context where different compute and research types may well co-exist HTC/HPC/Cloud Open research and Trusted Research Environments Instead, consider Research profile for frameworks What is the appropriate treatment of risk while maintaining the innovation required Potential benefit in the context of a common language

  19. IRIS Security Strategy

  20. IRIS Security Strategy Policy & Governance Resources & Hardware Community & Communications Services & Operations Skills & Training To create an incident monitoring and management plan that is aimed at securing the infrastructure against security risks. To create a risk management plan that mitigates security risks and enhances infrastructure security. To educate IRIS community about the security threats, mitigation plan and reporting procedure within IRIS. To build resilience in the IRIS project by training the support team, development teams and all users on security skills. To secure IRIS resources with the adequate security systems and risk management plan to prevent risks Security Theme Priorities

  21. Policy & Governance Community & Communications Governance, risk and assurance Need to ensure that infrastructure security management is empowered at board/management level With appropriate roles, delegated responsibilities and decision making Clear channels for escalation of risk We must take a risk-based approach to securing our infrastructure Treat appropriately through risk management processes Have carried out risk assessment for IRIS IAM service Must consider parameters of IRIS risk assessment Ultimately, want assurance of the effectiveness of the security of the infrastructure

  22. Policy & Governance Policy We need a framework of policies to articulate our governance and to set expectations across the infrastructure Current policy set includes Infrastructure Policy Acceptable Use Policy Service Operations Security Policy Community Security Policy Need to review periodically and work with IRIS providers and communities to understand the expectations in the policies These augment local policies https://www.iris.ac.uk/security/

  23. Resources & Hardware Services & Operations Defending systems from attack Policies are in fact a control that helps us defend our services through setting expectations Need to consider security at the foundation of implementing new services Security architecture System hardening Service Security Policy includes implementation references Over time may wish to link more concretely to, for example, CIS guidelines

  24. Resources & Hardware Services & Operations Vulnerability Risk Assessment We must understand the risks posed by vulnerabilities in the software stacks we use Appropriate to our environments (eg running user payloads on batch farms) GridPP has leadership and strong participation in EGI Software Vulnerability Group Vulnerability risk assessments in the LHC computing environment Bringing advisories both to STFC and IRIS Skill set for effective assessment is rare Strong case for establishing DRI level activity in this area, communicating with all constituent infrastructures

  25. Skills & Training Training Skills and training are an essential component of defending our environment Both in DRI and IRIS context, consider three broad groups User training (secure use of services) Infrastructure operator training (secure deployment of services) Cybersecurity professional training Many activities in this area (inter)nationally that we re involved in Make sure the requirements of IRIS are met

  26. Community & Communications Resources & Hardware Services & Operations Security monitoring (intelligence) Clear message from our own work and Jisc Security Conference is that threat intelligence is the key operational development we need to focus on Both strategic, landscape intelligence and operational intelligence based on incident Sharing incident information with trusted partners requires Technology platform Trust and willingness to share Clear that building trust here is the primary challenge Building the culture

  27. Community & Communications Resources & Hardware Services & Operations Security monitoring (capabilities) Across IRIS, need the monitoring capabilities to make best use of intelligence provide appropriate visibility of our environment Facility/organisation capabilities Liaison with central security groups to build effective monitoring Providing reference designs Focus both on network and host monitoring essential Funding available through DRI Cybersecurity to build IRIS early adopter, testbed cybersecurity network 700k split between resource and capital now profiled into FY24

  28. Resources & Hardware Services & Operations Network and host monitoring Significant focus on network monitoring Deep packet inspection at key network choke points including site perimeters Work in progress for system to monitor Harwell Campus Increasingly clear that this must be coupled to host-based monitoring Endpoint Detection and Response (EDR) May also see variants MDR and XDR Managed and eXtended Propose part of the early adopter testbed work to benchmark these tools on performance systems to understand impact Inform monitoring architecture and building business cases

  29. Community & Communications Services & Operations Response + Recovery Need to be able to coordinate incident response across IRIS Shared user communities and credentials introduces specific risk in distributed infrastructure Working IRIS Incident Response Procedure IRIS Security Team has successfully built from origins with GridPP to support DiRAC and cloud providers Build towards full IRIS CSIRT (Computer Security Incident Response Team) Incident response + forensics capabilities Infrastructure monitoring Drills and training What does this look like for IRIS?

  30. Community & Communications Services & Operations Continuous Improvement Security is by nature a continuous improvement activity Never complete Important lesson from incidents and near misses should be lessons learned Where the lessons are implemented! Must build into our processes This is a key culture development area

  31. Conclusion Increasing need to focus on cybersecurity frameworks But this is an opportunity in building comprehensive programs of work Building into the future, we can focus on IRIS requirements while helping to inform overall DRI cybersecurity development Need to ensure that we have the people and resource to maintain effort across the areas discussed here Use frameworks to help quantify this A community driven approach, based on understanding our risk environment, is critical to success

  32. Science and Technology Facilities Council @STFC_Matters Science and Technology Facilities Council

Related


Industrial Cybersecurity Market Worth $49.53 Billion by 2030

Industrial Cybersecurity Market Worth $49.53 Billion by 2030

RAJUL
Adversarial Machine Learning in Cybersecurity

Adversarial Machine Learning in Cybersecurity

bartholomew
Cybersecurity Career Path Overview

Cybersecurity Career Path Overview

rusty
Defending the Right to Information: The Sri Lankan Experience

Defending the Right to Information: The Sri Lankan Experience

beryl
Comprehensive Airport Cybersecurity Quick Guide and Assessment Tool

Comprehensive Airport Cybersecurity Quick Guide and Assessment Tool

emmitt
Ensuring Business Security: Cybersecurity Webinar Insights

Ensuring Business Security: Cybersecurity Webinar Insights

amelia
Workshop on Cybersecurity Professionalism & Ethics

Workshop on Cybersecurity Professionalism & Ethics

acke_ddy
Cybersecurity Workforce Management: Engage, Empower, Elevate

Cybersecurity Workforce Management: Engage, Empower, Elevate

dena835
Cybersecurity and Computer Science Education Projects at UH Maui College

Cybersecurity and Computer Science Education Projects at UH Maui College

karm_14
Shovel-Ready Projects Initiative for Cybersecurity Innovation in Canada

Shovel-Ready Projects Initiative for Cybersecurity Innovation in Canada

aberm
Automated Signature Extraction for High Volume Attacks in Cybersecurity

Automated Signature Extraction for High Volume Attacks in Cybersecurity

klos_k
Enhancing Cybersecurity for Improved Insurability and Risk Management

Enhancing Cybersecurity for Improved Insurability and Risk Management

trac_745
Ethics in Cybersecurity: Evolution, Challenges, and Solutions

Ethics in Cybersecurity: Evolution, Challenges, and Solutions

kdett
IRIS H2020 Project - Enhancing Cybersecurity for SMART CITIES

IRIS H2020 Project - Enhancing Cybersecurity for SMART CITIES

airt550
Defense Industrial Base (DIB) Cybersecurity Training Overview

Defense Industrial Base (DIB) Cybersecurity Training Overview

xayl_3
Cybersecurity Strategy in Japan - Roles of NISC and Basic Act Overview

Cybersecurity Strategy in Japan - Roles of NISC and Basic Act Overview

athie
CYBEX - Cybersecurity Information Exchange Techniques

CYBEX - Cybersecurity Information Exchange Techniques

mkas
Shadow: Scalable and Deterministic Network Experimentation in Cybersecurity

Shadow: Scalable and Deterministic Network Experimentation in Cybersecurity

haer447
Framework Roadmap Overview - July 2018

Framework Roadmap Overview - July 2018

inia775
Defending the Bible

Defending the Bible

avri_530
Cybersecurity Resources for Public Utility Commissions

Cybersecurity Resources for Public Utility Commissions

veral
The National Initiative for Cybersecurity Education (NICE)

The National Initiative for Cybersecurity Education (NICE)

kbatm

More Related Content