Educational institutions are increasingly getting vulnerable to the ongoing cyberattacks ranging from ransomware to espionage. This compelled University of Toronto to partner with schools across Canada as well as internationally in order to prevent cyberattacks by exchanging data in real-time.
For over a year, the Canadian Shared Security Operations Centre, wherein U of T is the administrative head, has progressively been testing a threat feed thereby sending timely information on suspicious activity and potential breaches while retraining the anonymity of the institutions that are impacted.
CanSSOC will now collaborate with organizations in the US, Australia, and the UK to increase intelligence sharing beyond Canadian borders.
“This is unprecedented,” says Isaac Straley, CanSSOC’s and U of T’s top information security officer.“Through this alliance, we are truly forming relationships and working together to address this global issue.”
CanSSOC works with colleges, universities, polytechnics, and the CÉGEPs across Canada. U of T is one of the 6 founding institutions, along with the University of British Columbia, University of Alberta, McGill University, Ryerson University and, McMaster University. Although the consortium aspires to serve over 200 educational institutions of all sizes.
The group was created, according to Jill Kowalchuk, out of a desire to pool critical resources in the fight against cybercrime.
“At CanSSOC, our slogan is ‘Better than what we can achieve alone, always in partnership,’” she explains. “We understand the value and power that can be gained through a coordinated and community-focused response to security threats.”
In the new cross-border collaboration, CanSSOC intends to work with Jisc in the UK, OmniSOC in the US, and AARNet in Australia, all of which coordinate collective initiatives similar to CanSSOC in their respective nations.
In a statement, OmniSOC executive director Von Welch said, “This global threat intelligence provides OmniSOC analysts a unique viewpoint.” “In the face of a global threat, this is an excellent illustration of global collaboration.”
Universities, according to experts, are attractive targets for cyberattacks as they manage enormous amounts of essential infrastructure, personal data and, research data. The Canadian Centre for Cybersecurity warned in May that cyber threat actors were actively exploiting the pandemic to carry out malicious and fraudulent activities against academic institutions involved in COVID-19 research and development, with attackers posing as legitimate businesses attempting to spread misinformation, and obtain sensitive information or funding.
The information is obtained from multiple sources including commercial and public sources, and most importantly the member institutions themselves. CanSSOC will now be able to accept the contributions from their international partners to the knowledge base, which is planned to be curated and shared. The identity of the stricken institution is kept undisclosed throughout.
Thanks to financing from CANARIE’s Cybersecurity Efforts Program, which promotes initiatives that promote the cybersecurity of Canada’s higher education sector, the threat stream will be made available to all institutions linked to the NREN.
“The rich data gathered from threat feed, along with our worldwide partnership, will help U of T to better protect our community’s privacy and the cutting-edge research that our researchers are conducting,” Mabury said.