In February 2018, university leaders from across Canada came together to investigate how they could positively impact the frequency and complexity of cyber security threats facing higher education institutions. The result was the Canadian Shared Security Operations Centre (CanSSOC), a proof of concept (POC) exploring how higher education institutions from across the country can share resources, information, and services to provide greater cyber threat visibility and mitigation than what is possible on their own.
Year one highlights
In its first year, CanSSOC brought together a team of IT security professionals, deployed open source technologies, and received data from the six member institutions. In addition, a technical architecture and operational structure is being developed.
“We’ve made substantial headway over the past year,” says Jill Kowalchuk, CanSSOC director. “After spending time investigating and developing services, we have launched the continuous monitoring service as an extension of the CUCCIO benchmarking project. The next chapter of CanSSOC will see a pilot on threat intelligence tools – these are all services that institutions with limited resources can easily leverage.”
Testing technology solutions
The CanSSOC steering committee has extended the POC until April 1, 2020 to allow for further definition of the model and refinement of the technologies and solutions, ensuring services can scale to support many higher education institutions.
This extension will complete the investigation of the most appropriate threat intelligence feeds to consolidate and share with the larger community. CanSSOC is also working in partnership with CANARIE to engage the global community in a plan to share threat intelligence with international partners.
“Our threat intelligence services will provide sector wide awareness and the ability for institutions to mitigate vulnerabilities and threats based on collective intelligence,” says Marc Denoncourt, chief information officer at McGill University. “This will give us the ability to identify threats faster and subsequently mitigate risks more quickly.”
CanSSOC deliverables in 2020
Institutions can expect key services to be deployed in 2020:
- CanSSOC has extended the CUCCIO benchmarking project to deploy a continuous monitoring service to more than 80 institutions.
- CanSSOC will be building out the threat intelligence service and piloting with schools
- The definition of additional services is currently underway and will be published on the CanSSOC website. Institutions will be surveyed to gather information about level of interest in various services, and the possibility to participate in a pilot of additional services.
The future of CanSSOC
The CanSSOC project team is working with member institutions to develop a framework for how this service could operate beyond the POC. The CanSSOC team will provide more details on the website as they become available.
The success of the project to date has been propelled by the feedback from institutions and hundreds of IT professionals across Canada through the CanSSOC webinar series and continued community engagement will be part of the next phase of the project.