Let’s talk about Security!

Security Day 2021 took place online on Monday 14 June, launching the series of TNC21 side meetings!

Around 85 attendees joined a full day of discussions, workshops and briefings on the latest security developments for Research & Education. The main objective of the one-day event was to share progress and achievements, look at new ways for the GÉANT community to collaborate in the future and resource-sharing.

A productive day

All participants agreed that the day was stimulating and content-rich. The subjects covered ranged from DDoS, business continuity planning and security research to vulnerability assessment and its new technologies, and platforms and web applications scanning. The discussions and presentations touched also on the status of the “Vulnerability Assessment as a Service” project and API development plus general updates from the GN4-3 Work Package 8 on security projects with a reminder about the training sessions on web security organised by WP8 Task1.

The crisis management theme was introduced with a very interesting case study on the mitigation of a 5-hour and a half DDoS attack and its impact. It confirmed the importance for NRENs and their connected institutions of having crisis management plans in place, allowing time for preparation, being equipped with the knowledge of “dos and don’ts” and how to deal with such attacks.

Participants also learnt about the execution and the results of Ozon2021 – a large-scale national cyber crisis exercise that, every two years, takes place in The Netherlands involving more than 1000 participants.

In this context we would like to take the opportunity to remind the community of the availability of one of CLAW2020 outcomes, a “ready to use” crisis management exercise package, and also to save the date for CLAW 2021.

Some useful links shared during the Security Day:

Best starting point to explore NeMo: https://gitlab.geant.org/NeMo/nemo-docker
Direct Link to the NeMo User manual: https://gitlab.geant.org/NeMo/NeMo-core/nemo-core/-/wikis/uploads/08f0d37051a6759ffed3cfd4788d923f/NeMo-User_Manual-20200513.pdf
GÉANT Scrubbing Centre: https://www.geant.org/Services/Trust_identity_and_security/Pages/DDoS.aspx (to request the service it is recommended to use the Partner Portal)
Business Continuity Planning: https://www.geant.org/Resources/Documents/D8-12_GÉANT-Community-Requirements-for-Business-Continuity-Planning.pdf
Cyber Security Month 2021: https://connect.geant.org/2021/03/03/cyber-security-month-2021-campaign-planning-kick-off
Community requirements for crisis management: https://www.geant.org/Projects/GEANT_Project_GN4-3/GN43_deliverables/D8-13_GE%CC%81ANT-Community-Requirements-for-Crisis-Management.pdf

Security Day 2021 can be considered as one of the main achievements of the GÉANT security community activities. Throughout the year the communities meet in regular SIG-ISM, WISE and TF-CSIRT meetings.

In late May SIG-ISM and WISE held a joint online meeting where they gave participants updates on the international security communities and projects, data-sharing and on current and upcoming security subjects and trends.

The morning sessions targeted security officers from NRENs and universities (SIG-ISM). Over 40 attendees had the opportunity to provide updates on information security issues, especially on new legislation in the EU and UK and Emergency Cyber Surveillance Threats.

The afternoon sessions were dedicated to security in international e-infrastructures (WISE). The various working groups shared insightful recent developments, and towards the end of the meeting, a very impactful and poignant presentation on the fight against online distribution of Child Sexual Abuse Material captivated the entire audience.

Presentations from the SIG-ISM WISE latest meeting are available on the event’s Indico page: https://events.geant.org/e/SIG-ISM-WISE-21.

Security Day 2021 took place online on Monday 14 June, launching the series of TNC21 side meetings!

A productive day

You may also like