Joint Security Project Information Webinar | August 19/20, 2019 - - PowerPoint PPT Presentation

canarie.ca | @canarie_inc

Joint Security Project

Information Webinar | August 19/20, 2019

canarie.ca | @canarie_inc

2

Download WebinarSlides

>English: canarie.ca/network/security/JSPwebinar >French: canarie.ca/reseau/securite/webinairePCS

canarie.ca | @canarie_inc

3

Webinar Recording Policy / Politique concernant l’enregistrement des webinaires

3

This webinar will be recorded and archived, including all audio. The video will be archived on the CANARIE YouTube channel and may be promoted through CANARIE communication channels. Any text questions or comments, if responded to, will remain anonymous and not be part of the recording. The recorded video will include your voice, if audio participation is enabled. Ce webinaire sera enregistré puis archivé, son compris. La vidéo sera conservée sur le canal YouTube de CANARIE et pourra être promue au moyen des filières de communication de CANARIE. Si on y répond, les questions écrites et

• rales demeureront anonymes et ne

feront pas partie de l’enregistrement. Toutefois, si la fonction « participation audio » a été activée, le fichier vidéo inclura votre voix.

canarie.ca | @canarie_inc

4

Webinar Information / Questions

Questions will be answered at the end of the webinar. Please use the question tool to type your questions.

canarie.ca | @canarie_inc

5

Joint Security Project

Initially piloted by 39 institutions in 2017, the JSP provides both technical tools and opportunities to develop cybersecurity skills across the research and education community. > Purpose: to continue the development of a community of security specialists to strengthen the overall security of Canada’s universities, colleges, and research institutions. > This phase of the JSP operates from September 2019 through August 2020. > Details of the next phase of the JSP will be announced in 2020.

canarie.ca | @canarie_inc

6

Benefits to Participants

Institutional security specialists will have access to cybersecurity network traffic analysis tools, cybersecurity training with

• ther JSP participants, and collaboration
• pportunities with peers and cybersecurity

experts.

canarie.ca | @canarie_inc

7

Project Elements

• 1. CANARIE will provide participants an intrusion detection

system (IDS) for threat and vulnerability detection.

• The IDS uses Zeek (BRO) technology
• 2. Institutions may request $15,000 in funding to support

project participation costs.

• 3. Participants will benefit from regular sessions with peers

and cybersecurity experts, and a 1-day live training event.

canarie.ca | @canarie_inc

8

Project Elements

• 4. Participants will centrally share network data from their

IDS, allowing cybersecurity analysis at both the institution- level, and in aggregate (JSP-wide).

• Your data is only visible by your security specialists.
• Aggregated data provides a national comparison view.
• 5. Cybersecurity analysis tools from Canadian university

cybersecurity centres will aggregate the data and provide individual institution and aggregate cybersecurity analysis.

• 6. Participants will jointly develop an incident response

process to improve the identification of security incidents.

canarie.ca | @canarie_inc

9

EngagementTimeline

>Submission Deadline: September 9th, 2019 – 4 pm ET >Participation Announcements: September 30th, 2019 >Training Workshop: Late 2019 >Project Completion: August 31, 2020

Let’s get started!

canarie.ca | @canarie_inc

10

Who is eligible to participate?

>Canadian research and higher education institutions that are connected to the NREN are eligible to participate.

• Check if your university, college or research institution is

connected: > Is My Institution Connected? > Federal Government research facilities are not eligible at this time.

canarie.ca | @canarie_inc

11

Questions you might have…

The website states: “The institution will install the CANARIE-provided IDS on their network;”. Do you know what vendor has been selected and the specifications of the device being provided? > The device is a Dell 210-ALZE PowerEdge R440 Rack Server. The IDS solution is Zeek (Bro). (https://www.zeek.org/). > 2 network taps are provided, up to 10Gbps optical, or either 1Gbps or 10Gbps electrical. For institutions that already have IDS, is it possible to participate without installing and maintaining another piece of gear, assuming we conform to the proposed data standards? > Absolutely. We prefer you choose to install the supplied IDS to get the most out

• f the JSP (and it might be easier than converting data). Ultimately, we prefer

you participate rather than opt out because you don’t want to maintain another device.

canarie.ca | @canarie_inc

12

Questions you might have…

What data will I be asked to share? > Data sharing is one of a number of decisions that the JSP participants will work together to determine. JSP Pilot participants agreed to a minimum set of data, with some participants deciding it would be beneficial for them to provide more data.

canarie.ca | @canarie_inc

13

Questions you might have…

Can you be more specific about what my institution gets if they participate? > If you look at cybersecurity as a combination of people, technology and process:

> People: Your cybersecurity specialists will gain valuable experience by working jointly with colleagues across the country to implement the JSP, receive cybersecurity training, and have access to peers and cybersecurity experts. > Technology: The IDS will provide a sensor for monitoring your institution’s network traffic, which often provides value on its own. Further, data that is forwarded to a central aggregation site will be analyzed and a portal to view that analysis provided. In addition to seeing your own institution’s data analysis, you can also examine the aggregated data analysis, allowing comparisons between what the Canadian view is versus what your institution is seeing. > Process: The analysis tools are self-serve, so there is not a team looking at your data on your behalf. However, each institution will be looking at their own portal, and may wish to notify others of

• threats. Participants will jointly create an Incident Response Process to support this notification.

canarie.ca | @canarie_inc

14

Questions you might have…

Can you be more specific about what my institution agrees to do when participating? 1. Collect network data on your IDS 2. Operate the equipment in accordance with collaboratively determined standards. 3. Make a member of your technical staff available to:

• Participate in scheduled videoconferences to develop stands
• Attend a system configuration and skill-building workshop
• Upload collaboratively agreed upon institutional network security data

to the aggregation and analysis tools. 4. Allow the sharing of aggregated results and analysis with other JSP participants. 5. Submit a final written report on outcomes and impact at the end of this phase of the project on August 31, 2020.

canarie.ca | @canarie_inc

15

Finance Questions

canarie.ca | @canarie_inc

16

Questions you might have...

How are the funded participants going to receive payment?

> CANARIE will make a payment with respect to theParticipation

• bligations described in the Call for Participation.

> CANARIE reserves the right to reduce the payment where the Participation obligations have not been fulfilled. > The payment amount will be a maximum of $15,000. > The payment becomes payable at the end of this phase

• f the Project (after August 31, 2020).

> No expenses need to be tracked.

canarie.ca | @canarie_inc

17

Questions you might have…

Why would I forego the $15k in funding?

> We will add eligible participants to the limit of our funding, anticipated to be up to 160. If the funding will not make a major difference to your institution’s ability to participate, not asking for it will allow other institutions who do need the funding to participate.

canarie.ca | @canarie_inc

18

Questions you might have…

How does the IDS get provided?

> CANARIE will provide a vendor contact. There are a number of configurations available to match your network and how to tap it (electrical, optical, optics types ...). You will select the proper configuration and notify the vendor. > The vendor will ship the IDS directly to you. Once you confirm receipt of the equipment, you will notify CANARIE, and CANARIE will reimburse the vendor. > If there are any issues, you can directly work with the vendor to resolve them. > Your institution will own the equipment and the provided warranty is assigned to your institution.

canarie.ca | @canarie_inc

19

Questions?

canarie.ca | @canarie_inc