Q3 2020 01 July – 30 Septemeber 2020 Key Achievements
· The AARNet Security Operations Centre (SOC) is now platform production ready. The service is now available to on-board new universities in Australia and CSIRO beyond the current pilot universities. Through support from REANNZ, there are preliminary discussions with NZ institutions to understand their requirements and if the AARNet SOC would be able to address these.
· AusCERT Conference held for the first time online in September 2020 comprising five streams, 80+ hours of content, nearly 80 remote presenters, 30+ sponsor exhibitors, and close to 1000 delegates from around the globe.
· CAUDIT, through a working group of CAUDIT Member institutions, provided a submission on Protecting Critical Infrastructure and Systems of National Significance.
· CAUDIT, in partnership with Alyne, launched the inaugural CAUDIT Cybersecurity Maturity survey as part of its AHECS cyber analysis work stream. The survey will provide the 44 participating institutions full maturity assessment for ASD8 and lightweight surveys for NIST and IS027001 to assist in informing ICT leaders on cybersecurity maturity in the Australasian higher education and research sector.
· CAUDIT released the AHECS Cybersecurity Summit agenda and registrations opened. Microsoft are the inaugural platinum sponsors. Speakers include keynotes from Michelle Price, CEO AustCyber and Marie Johnson, CEO Centre for Business and AFR Top 100 Influential Women with presentations by sector leaders including Suthagar Seevaratnam, Dr Lizzie Valentine and Kate Carruthers. The Summit is a key engagement activity for AHECS.
· CAUDIT, in partnership with Threat Intelligence, are completing a penetration testing pilot with six Australian and two New Zealand Institutions reviewing the capabilities and benefits of automated on-demand penetration testing.
· CAUDIT is co-leading a Four-Nation Cyber Security Virtual Study Tour in collaboration with our fellow associations in the United Kingdom (ucisa) and South Africa (ASAUDIT). Showcasing the best practices of six host universities from the United Kingdom, Australia, New Zealand and South Africa, this virtual study tour will facilitate networking with peers from across the northern and southern hemisphere as delegates come together to consider the security challenges currently facing institutions everywhere. Participation is limited to seven senior staff from each Association membership.
· AHECS Governance – AHECS Advisory Council and Forum terms of reference and draft members are being reviewed by the AHECS Executive Steering Committee.
· CAUDIT launched the inaugural CAUDIT Cybersecurity Benchmarking data collection. Designed with the CISO group, when linked with data gathered in the annual CAUDIT benchmarking, participating members will have available the first definitive picture of cybersecurity strategy, governance and operations across the higher education and research sector in the region AHECS Services Prioritisation. Finalisation of the survey has been paused, pending input from UFIT.
· Seven cybersecurity-related webinars were held by the AHECS Cybersecurity CoP.
· Twelve (12) workstreams covering 59 cybersecurity-related services were prioritised by CAUDIT Member Representatives for scoping and delivery. Two workstreams were combined to provide eleven (11) workstreams to enable AHECS partners to focus their efforts on the delivery of high-value services which meet the needs of members. Workstreams W1 Cyber analysis, W6 Threat Model, W7 Joint Incident Management protocol, W10 Penetration Testing and W11 AHECS Cybersecurity events are reported in more detail in the report.
H1 2020 01 January – 30 June 2020 Key Achievements
· A Director Cybersecurity Program role was created by CAUDIT and Greg Sawyer appointed in February 2020.
· AHECS Services Prioritisation Survey completed – Twelve (12) workstreams covering 59 cybersecurity-related services were prioritised by CAUDIT Member Representatives for scoping and delivery. These priorities enable AHECS partners to focus their efforts on the delivery of high-value services which meet the needs of members.
· AHECS Governance – AHECS Executive Steering Committee and AHECS Operations Group Terms of Reference and Committee members confirmed. Monthly meeting commenced.
· CAUDIT CISO group formed in March 2020 – the most senior cybersecurity leader from each member institution is a member of this group. This group is now meeting monthly and leading initiatives to improve cybersecurity maturity across the sector.
· AHECS website created – https://ahecs.edu.au/
· 11 Good practice guides created as members transitioned staff to working from home.
· 11 cybersecurity-related webinars held