Joint Security Project Information Webinar | August 19/20, 2019 canarie.ca | @ canarie_inc
Download WebinarSlides >English: canarie.ca/network/security/JSPwebinar >French: canarie.ca/reseau/securite/webinairePCS canarie.ca | @canarie_inc 2
Webinar Recording Policy / Politique concernant l’enregistrement des webinaires This webinar will be recorded and Ce webinaire sera enregistré puis archived, including all audio. The archivé, son compris. La vidéo sera video will be archived on the conservée sur le canal YouTube de CANARIE YouTube channel and may CANARIE et pourra être promue au be promoted through CANARIE moyen des filières de communication de communication channels. CANARIE. Any text questions or comments, Si on y répond, les questions écrites et if responded to, will remain orales demeureront anonymes et ne anonymous and not be part of the feront pas partie de l’enregistrement . recording. Toutefois, si la fonction The recorded video will include « participation audio » a été activée, your voice, if audio participation is le fichier vidéo inclura votre voix. enabled. 3 canarie.ca | @canarie_inc 3
Webinar Information / Questions Questions will be answered at the end of the webinar. Please use the question tool to type your questions. canarie.ca | @canarie_inc 4
Joint Security Project Initially piloted by 39 institutions in 2017, the JSP provides both technical tools and opportunities to develop cybersecurity skills across the research and education community. > Purpose: to continue the development of a community of security specialists to strengthen the overall security of Canada’s universities, colleges, and research institutions. > This phase of the JSP operates from September 2019 through August 2020. > Details of the next phase of the JSP will be announced in 2020. canarie.ca | @canarie_inc 5
Benefits to Participants Institutional security specialists will have access to cybersecurity network traffic analysis tools, cybersecurity training with other JSP participants, and collaboration opportunities with peers and cybersecurity experts. canarie.ca | @canarie_inc 6
Project Elements 1. CANARIE will provide participants an intrusion detection system (IDS) for threat and vulnerability detection. • The IDS uses Zeek (BRO) technology 2. Institutions may request $15,000 in funding to support project participation costs. 3. Participants will benefit from regular sessions with peers and cybersecurity experts, and a 1-day live training event. canarie.ca | @canarie_inc 7
Project Elements 4. Participants will centrally share network data from their IDS, allowing cybersecurity analysis at both the institution- level, and in aggregate (JSP-wide). • Your data is only visible by your security specialists. • Aggregated data provides a national comparison view. 5. Cybersecurity analysis tools from Canadian university cybersecurity centres will aggregate the data and provide individual institution and aggregate cybersecurity analysis. 6. Participants will jointly develop an incident response process to improve the identification of security incidents. canarie.ca | @canarie_inc 8
EngagementTimeline >Submission Deadline: September 9th, 2019 – 4 pm ET >Participation Announcements: September 30th, 2019 >Training Workshop: Late 2019 >Project Completion: August 31, 2020 Let’s get started! canarie.ca | @canarie_inc 9
Who is eligible to participate? >Canadian research and higher education institutions that are connected to the NREN are eligible to participate. • Check if your university, college or research institution is connected: > Is My Institution Connected? > Federal Government research facilities are not eligible at this time. canarie.ca | @canarie_inc 10
Questions you might have… The website states: “The institution will install the CANARIE-provided IDS on their network;”. Do you know what vendor has been selected and the specifications of the device being provided? > The device is a Dell 210-ALZE PowerEdge R440 Rack Server. The IDS solution is Zeek (Bro). (https://www.zeek.org/). > 2 network taps are provided, up to 10Gbps optical, or either 1Gbps or 10Gbps electrical. For institutions that already have IDS, is it possible to participate without installing and maintaining another piece of gear, assuming we conform to the proposed data standards? > Absolutely. We prefer you choose to install the supplied IDS to get the most out of the JSP (and it might be easier than converting data). Ultimately, we prefer you participate rather than opt out because you don’t want to maintain another device. canarie.ca | @canarie_inc 11
Questions you might have… What data will I be asked to share? > Data sharing is one of a number of decisions that the JSP participants will work together to determine. JSP Pilot participants agreed to a minimum set of data, with some participants deciding it would be beneficial for them to provide more data. canarie.ca | @canarie_inc 12
Questions you might have… Can you be more specific about what my institution gets if they participate? > If you look at cybersecurity as a combination of people, technology and process: > People: Your cybersecurity specialists will gain valuable experience by working jointly with colleagues across the country to implement the JSP, receive cybersecurity training, and have access to peers and cybersecurity experts. > Technology: The IDS will provide a sensor for monitoring your institution’s network traffic, which often provides value on its own. Further, data that is forwarded to a central aggregation site will be analyzed and a portal to view that analysis provided. In addition to seeing your own institution’s data analysis, you can also examine the aggregated data analysis, allowing comparisons between what the Canadian view is versus what your institution is seeing. > Process: The analysis tools are self-serve, so there is not a team looking at your data on your behalf. However, each institution will be looking at their own portal, and may wish to notify others of threats. Participants will jointly create an Incident Response Process to support this notification. canarie.ca | @canarie_inc 13
Questions you might have… Can you be more specific about what my institution agrees to do when participating? 1. Collect network data on your IDS 2. Operate the equipment in accordance with collaboratively determined standards. 3. Make a member of your technical staff available to: • Participate in scheduled videoconferences to develop stands • Attend a system configuration and skill-building workshop • Upload collaboratively agreed upon institutional network security data to the aggregation and analysis tools. 4. Allow the sharing of aggregated results and analysis with other JSP participants. 5. Submit a final written report on outcomes and impact at the end of this phase of the project on August 31, 2020. canarie.ca | @canarie_inc 14
Finance Questions canarie.ca | @canarie_inc 15
Questions you might have... How are the funded participants going to receive payment? > CANARIE will make a payment with respect to theParticipation obligations described in the Call for Participation. > CANARIE reserves the right to reduce the payment where the Participation obligations have not been fulfilled. > The payment amount will be a maximum of $15,000. > The payment becomes payable at the end of this phase of the Project (after August 31, 2020). > No expenses need to be tracked. canarie.ca | @canarie_inc 16
Questions you might have… Why would I forego the $15k in funding? > We will add eligible participants to the limit of our funding, anticipated to be up to 160. If the funding will not make a major difference to your institution’s ability to participate, not asking for it will allow other institutions who do need the funding to participate. canarie.ca | @canarie_inc 17
Questions you might have… How does the IDS get provided? > CANARIE will provide a vendor contact. There are a number of configurations available to match your network and how to tap it (electrical, optical, optics types ...). You will select the proper configuration and notify the vendor. > The vendor will ship the IDS directly to you. Once you confirm receipt of the equipment, you will notify CANARIE, and CANARIE will reimburse the vendor. > If there are any issues, you can directly work with the vendor to resolve them. > Your institution will own the equipment and the provided warranty is assigned to your institution. canarie.ca | @canarie_inc 18
Questions? canarie.ca | @canarie_inc 19
canarie.ca | @ canarie_inc
Recommend
More recommend