An overview of Research and Education International Security Communities
Alf Moens (SURFnet) & Sigita Jurkynaitė (GÉANT)
Security has been sitting in the background of the Research and Education show for too long – it is now coming out to take a leading role and is becoming ‘the new black’ of the community. It is equally present at small regional special interest groups and big international conferences – for example, the number of security related topics at TNC, the main European Networking Conference, is growing significantly every year. In Porto in 2015, there were three track presentations with a focus on security; fast forward to Linz in 2017 and we hosted nine track presentations and saw security as a dominating theme in the popular lightning talks.
As a result of growing interest in this area, several new international initiatives were launched for working together in addressing security challenges faced by NRENs and e-infrastructures, in addition to groups that have already been working together for years.
It can be understandably confusing: what are those international communities? What do they do and for whom? To get a sense on what is out there, let’s look at these 4: TF-CSIRT, SIG-ISM, WISE & the Global Security Group.
TF-CSIRT started in 2000 to provide a forum for NREN Computer Security Incident Response Teams (CSIRTs). The Task Force has evolved in its 17 years and now welcomes CSIRT teams for industry, government, national and military teams as well as continuing to provide a home for organisations from the research and education sector.
TF-CSIRT currently has over 200 member teams that meet three times year, demonstrating the importance of building trust through face-to-face engagement. One of the yearly meetings is combined with the FIRST Regional Symposium.
The main service of TF-CSIRT is Trusted Introducer – a registry of CSIRT/CERT teams combined with a maturity model for these teams: teams can be listed, accredited or certified, demonstrating different levels of maturity as they advance through the stages. Another TF-CSIRT initiative is TRANSITS: a set of trainings for incident response teams, created and run by the security experts from the community.
More information: https://tf-csirt.org/
The GÉANT Special Interest Group on Information Security Management is a community for security officers of mainly European NRENs, focused on security management, implementation of security, and risk management. SIG-ISM has at least two workshops a year with a mix of information sharing and policy development. Since the group got together in 2014, its main purpose has been community building and providing a platform for sharing experiences and expertise in security management. It has produced white papers on security management and risk management. Currently SIG-ISM workgroups are working on a baseline for security for NRENs, an inventory and an NREN risk register. SIG-ISM has recognized that sharing detailed information on security management of a NREN can only be done in a trusted setting. In 2017, a new initiative is started to promote regional detailed exchanges between neighboring countries. SIG-ISM currently has 3 regional exchanges: The Nordic countries
(Norway, Finland, Sweden, Denmark, Iceland), UK-Ireland and Benelux.
More information: https://www.geant.org/Innovation/SIG_TF/Pages/SIG-ISM.aspx
WISE started in autumn 2015, initiated by the members of SIG-ISM and SCI, the ‘Security for Collaboration among Infrastructures’ – a group of staff from several large-scale distributed computing infrastructures. Participating e-infrastructures in WISE are EGI, EUDAT, GÉANT (and NRENs), PRACE, XSEDE and organizations like CERN, Human Brain Project, LIGO, OSG and others. The subjects that WISE focusses on are related to security management for the large e-infrastructures. Currently WISE is working on 4 subjects: Updating the SCI framework, security awareness and training, risk assessment and security in big and open data.
WISE organizes both separate workshops and sessions adjacent to conferences globally.
More information: https://wise-community.org/
Global Security Group
The Global NREN Security Group is an international forum for senior NREN security professionals, sponsored by the Global NREN CEO Forum. Established in 2017, it aims to coordinate security resources globally, including people and knowledge, and promote collaboration around addressing security requirements and challenges across our Research and Science communities.
Members of the group will work together to help NRENs manage security risk in several ways, including promoting confidentiality, availability and integrity of information to meet operational, legal and evidential requirements; aiding with identifying and managing information needs, risks and responsibilities; assisting with reviews of IT security policies and procedures and making recommendations to strengthen information controls; and coordinating the sharing of security resources and research between NRENs around the globe.
The Security Group is currently working on four initiatives to support NRENs, including establishing a security baseline for NRENs, developing advanced tools for Filtering and DDOS scrubbing; developing an automated threat information system, and developing and rehearsing global cyber crisis exercises.
Participation is open to all NRENs and currently includes representation from AARNet (Australia), CANARIE (Canada), CERNET (China), DFN (Germany), ESnet (USA), GÉANT (Europe), Internet2 (USA), JISC (UK), NORDUnet (Nordics), REANNZ (New Zealand), RNP (Brazil), SANREN (South Africa) and SURFnet (The Netherlands).
If you’d like to know more about or join this group, please contact the chairs Louise Schuster (Director of Cyber Security, AARNet) and Renier Van Heerden (Science and Education Engagement Officer, SANREN).
We can no longer afford to ignore R&E information security as a global issue. An attack is imminent – how ready we will be to face it together?
All of the groups and events mentioned are supported by the CSO team within GÉANT. Through this shared management support and through shared memberships, the communities tune their agenda’s and exchange results. If you would like to get more information or join, please contact Sigita.firstname.lastname@example.org