Security has been sitting in the background of the Research and Education show for too long – it is now coming out to take a leading role and is becoming ‘the new black’ of the community.
It is equally present at small regional special interest groups and big international conferences – for example, the number of security related topics at TNC, the main European Networking Conference, is growing significantly every year. In Porto in 2015, there were three track presentations with a focus on security; fast forward to Linz in 2017 and we hosted nine track presentations and saw security as a dominating theme in the popular lightning talks.
As a result of growing interest in this area, several new international initiatives were launched for working together in addressing security challenges faced by NRENs and e-infrastructures, in addition to groups that have already been working together for years.
It can be understandably confusing: what are those international communities? What do they do and for whom? To get a sense on what is out there, let’s look at these 4: TF-CSIRT, SIG-ISM, WISE & the Global Security Group.
TF-CSIRT started in 2000 to provide a forum for NREN Computer Security Incident Response Teams (CSIRTs). The Task Force has evolved in its 17 years and now welcomes CSIRT teams for industry, government, national and military teams as well as continuing to provide a home for organisations from the research and education sector.
TF-CSIRT currently has over 200 member teams that meet three times year, demonstrating the importance of building trust through face-to-face engagement. One of the yearly meetings is combined with the FIRST Regional Symposium.
The main service of TF-CSIRT is Trusted Introducer – a registry of CSIRT/CERT teams combined with a maturity model for these teams: teams can be listed, accredited or certified, demonstrating different levels of maturity as they advance through the stages. Another TF-CSIRT initiative is TRANSITS: a set of trainings for incident response teams, created and run by the security experts from the community. SURFcert frequently organises TRANSIT-trainings.
More information: https://tf-csirt.org/
The GÉANT Special Interest Group on Information Security Management is a community for security officers of mainly European NRENs, focused on security management, implementation of security, and risk management. SIG-ISM has at least two workshops a year with a mix of information sharing and policy development. Since the group got together in 2014, its main purpose has been community building and providing a platform for sharing experiences and expertise in security management. It has produced white papers on security management and risk management. Currently SIG-ISM workgroups are working on a baseline for security for NRENs, an inventory and an NREN risk register. SIG-ISM has recognized that sharing detailed information on security management of a NREN can only be done in a trusted setting. In 2017, a new initiative is started to promote regional detailed exchanges between neighboring countries. SIG-ISM currently has 3 regional exchanges: The Nordic countries
(Norway, Finland, Sweden, Denmark, Iceland), UK-Ireland and Benelux.
More information: https://www.geant.org/Innovation/SIG_TF/Pages/SIG-ISM.aspx
WISE started in autumn 2015, initiated by the members of SIG-ISM and SCI, the ‘Security for Collaboration among Infrastructures’ – a group of staff from several large-scale distributed computing infrastructures. Participating e-infrastructures in WISE are EGI, EUDAT, GÉANT (and NRENs), PRACE, XSEDE and organizations like CERN, Human Brain Project, LIGO, OSG and others. The subjects that WISE focusses on are related to security management for the large e-infrastructures. Currently WISE is working on 4 subjects: Updating the SCI framework, security awareness and training, risk assessment and security in big and open data.
WISE organizes both separate workshops and sessions adjacent to conferences globally.. SURFsara, SURFnet and NIKHEF participate actively within WISE.
More information: https://wise-community.org/
Global Security Group
The Global NREN Security Group is an international forum for senior NREN security professionals, sponsored by the Global NREN CEO Forum. Established in 2017, it aims to coordinate security resources globally, including people and knowledge, and promote collaboration around addressing security requirements and challenges across our Research and Science communities.
Members of the group will work together to help NRENs manage security risk in several ways, including promoting confidentiality, availability and integrity of information to meet operational, legal and evidential requirements; aiding with identifying and managing information needs, risks and responsibilities; assisting with reviews of IT security policies and procedures and making recommendations to strengthen information controls; and coordinating the sharing of security resources and research between NRENs around the globe.
The Security Group is currently working on four initiatives to support NRENs, including establishing a security baseline for NRENs, developing advanced tools for Filtering and DDOS scrubbing; developing an automated threat information system, and developing and rehearsing global cyber crisis exercises.
Participation is open to all NRENs and currently includes representation from AARNet (Australia), CANARIE (Canada), CERNET (China), DFN (Germany), ESnet (USA), GÉANT (Europe), Internet2 (USA), JISC (UK), NORDUnet (Nordics), REANNZ (New Zealand), RNP (Brazil), SANREN (South Africa) and SURFnet (The Netherlands).
FIRST Academic Security SIG
A brand new community activity is the FIRST Academic Security SIG, a new initiative started in july 2017. FIRST is the global forum for incident respons teams. This new SIG aims add improving information security in academic environments. As the above mentioned groups focus on NRENs, the Academic Security SIG will specially focus on universities and research institutes and their needs for getting security under control. Aim and target groups are comparable with the Dutch SCIPR, the SURF Community for Information security and PRivacy.
More information on the FIRST Academic Security SIG: https://first.org/global/sigs/academicsec/
This blog is based on a previously publised blog on the WISE-website: “Security is the New Black” (https://wise-community.org/2017/07/31/security-is-the-new-black-of-the-re-community/ ).