The Canadian Shared Security Operations Centre (CanSSOC) is part of a new cyber security threat intelligence sharing partnership launched to help education organizations across the globe prevent and mitigate cyber attacks.
Cyber crime does not respect international borders, and there are often strong similarities in the method of attacks seen in different countries. With that in mind, CanSSOC and its counterparts in the US, UK and Australia signed a Memorandum of Understanding (MOU) to better coordinate and automate the sharing of sensitive intelligence.
It reflects the growing need for integrated approaches across jurisdictions to address cyber threats, particularly when a risk at one institution can easily create destructive ripple effects for the broader research and education community.
“CanSSOC was created on the principle that we cannot tackle cyber security problems alone, so this international partnership aligns closely with our ongoing efforts in Canada to bring together expertise and provide services that can be consumed by a diverse set of institutions for broad benefit,” says Jill Kowalchuk, CanSSOC Director.
Other founders of the global partnership include:
- Jisc, the UK’s technology body for tertiary education and the organization responsible for running Janet, the UK’s national research and education network (NREN)
- OmniSOC, the US higher education shared cyber security operations centre, and the US Research and Education Networks Information Sharing and Analysis Center (REN-ISAC)
- AARNet, Australia’s NREN
“The threat from cyber criminals is growing and constantly evolving and, if we are to stay ahead of the curve, we must continually update our knowledge and adopt agile response mechanisms,” says Jisc’s Executive Director of e-infrastructure, Steve Kennett.
Against a background of rising cyber crime against the sector, particularly ransomware attacks, this global partnership will deliver an automated platform, with real-time data sharing capability, across the international security landscape.
It’s a collaborative approach that CanSSOC and its community know well. CanSSOC works with institutional and sector partners in Canada to develop services that provide a more integrated stream of intelligence that is efficient, actionable, and leverages capabilities across local, provincial, and national levels.
Coordinated through the University of Toronto, CanSSOC’s technology platform for sharing threat intelligence is led by McGill University, and CanSSOC develops its cyber security initiatives by drawing on expertise from member institutions and members of the Canadian National Research and Education Network (NREN).
“Our motto at CanSSOC is ‘Better than what we can do on our own, always in partnership’, because we recognize the value and strength built through coordinated and community-focused approaches to security threats,” says Kowalchuk. “We want to be able to more quickly and efficiently identify threats directly targeting the higher education community.”
CanSSOC’s Threat Feed service is a foundational part of that approach. Designed as a sector-specific threat intelligence repository and platform, it provides curated streams of educational-specific and other current threats, pulling intelligence from multiple sources and using contextual analysis to provide actionable alerts. Threat Feed is also one of three initiatives funded through CANARIE’s Cybersecurity Initiatives Program (CIP), a national program to align the community to a common approach, coordinate, and fund cyber security initiatives for Canada’s research and education sector.
An essential building block for many of CanSSOC’s essential services, Threat Feed was developed by McGill University as part of CanSSOC’s federated appraoch. Hugo Dominguez, Director of Network and Communications Services, and his team at McGill recognised the value the Threat Feed service could deliver to meet a challenge internally and for the wider sector.
“The McGill team would spent a substantial amount of time consolidating and curating intelligence internally and saw the opportunity for a broader collaboration that would improve how the feed was being developed, accessed and shared, particularly with trusted partners contributing intelligence,” says Dominguez. “By working together, we’re leveraging the power of the community to achieve visibility and mitigation of cyber threats at a level more streamlined, cost-efficient, and effective than what any one institution could deliver on its own.”
Almost 30 institutions were onboarded as part of CanSSOC Threat Feed’s pre-pilot launch in June 2020, and CANARIE’s CIP program funding is expanding that reach to more than 200 institutions across Canada.
The Southern Alberta Institute of Technology (SAIT) was among the early adopter institutions, integrating the Threat Feed service into its cyber security capabilities in September 2020. “CanSSOC’s Threat Feed service has become a core component of our detection and response strategy,” says Rob Milman, Associate Director of Information Security at SAIT. “We’ve been able to identify, evaluate, and block incoming threats more quickly, improving our ability to respond with preventative measures or to reduce the impact of attacks. It’s given us another layer of defence in an ever-changing cyber security threat landscape. Working together, we truly are stronger.”
The SolarWinds event is a prime example of how well this partnership works. The news broke on a Saturday, CanSSOC’s Threat Feed was updated within minutes, and SAIT’s firewalls were blocking the attack automatically.
“Our institution was protected almost immediately, after hours, without our team having to lift a finger,” says Milman. “I can’t say enough about how our partnership with CanSSOC makes it easier to sleep, knowing we are protected at a national scale.”
The international MOU partnership extends that defence layer even further, integrating global threat intelligence into CanSSOC services and strengthening Canada’s cyber security posture through a federated approach.
“Collaboration is our best defence against cyber threats,” says Kowalchuk. “CanSSOC is eager to build on our existing relationships with partners and Canada’s NREN to tap into the services, expertise, and leadership of the international community, for the benefit of our sector as a whole.”
For more information about CanSSOC’s Threat Feed service and how to sign up, click here.
To read other stories about this MOU announcement from our partners, click here.