There are 1.7 million students along with more than $13B in research and development invested in higher education to protect (2017 figures), according to Universities Canada. As a result, the associated scope and costs of successful early prevention, detection and mitigation are unsustainable by one single institution.
The goal of the Canadian Shared Security Operations Centre (CanSSOC) project is to investigate the creation of a specialized cyber security incident and threat detection centre focused on the higher education sector. The members, partners and other stakeholders involved in CanSSOC are energized and eager to learn how the power of the collective can be harnessed to provide a stronger and more efficient defence against cyber security threats. There is strength in numbers!
There are similar efforts going on with our colleagues in the United States through OmniSOC.
Protecting hundreds of thousands of devices, critical data and the people affected by potential cyber security breaches.
The offering of an increased number of services as a result of combined resources, enabling a greater breadth and depth of incident detection and response options for participating institutions.
Rapid response time
The time between identifying an incident and responding to it will be reduced through the use of improved technologies, shared intelligence data and highly skilled employees.
Shared intelligence and tools
Developing best practices, incident detection and response tools and artificial intelligence, such as machine learning.
Enhanced security overall
By securing more trusted partners, smaller institutions can afford to participate, reducing the points of exposure for all institutions on the network.
Staff attraction and retention
The innovative nature of this project will attract highly-qualified specialists, including leading researchers and developers, who will want to be part of a team culture working with an exceptionally large set of security data.
Easier compliance with security standards, regulations and frameworks by leveraging a greater wealth of specialized expertise across multiple institutions.
Working as a collective will uncover more potential cyber security threats and attacks than any one institution can locate independently.
Once launched, CanSSOC will be the first-of-its-kind cyber security operations centre in Canada and pioneering leadership/institutions will be recognized for their collective efforts and successes.
Open to other Canadian educational institutions that would like to receive regular updates on how the project is moving forward and be interested in potentially participating in phase two. The advisory committee will meet regularly and receive updates from the project team.
Other Canadian institutions, other Canadian national research and education network (NREN) organizations, including Canadian Internet Registration Authority (CIRA).
List of services necessary to enable an CanSSOC for institutions in Canada.
2. Data, resources and staff
Understanding of the data, resources and staff required from participating institutions.
3. Cost model
An outline and cost model for the recommended operational technical architecture.
A process for interaction between the institutions and a CanSSOC.
5. Operational budget
A detailed start-up and on-going operational budget, including necessary staff to manage and operate the CanSSOC.
Metrics for the ongoing evaluation of the effectiveness of the CanSSOC.
7. Delivery mechanism
A recommended delivery mechanism for the CanSSOC.
A recommended governance structure to support an CanSSOC.
Feedback on possible integration with other SSOCs.