Universities cyber attack each other to test defences
Twenty UK universities have signed up to take part in a cyber attack exercise that aims to expose weak spots in their systems that could be exploited by illegal hackers.
Named Exercise Mercury, the competition is aimed at benchmarking a security posture in the higher education sector and providing information that can be shared for the benefit of the whole sector.
It was developed at Tallinn University of Technology in Estonia and Cambridge University and is being supported by Jisc, the not-for-profit provider of technology solutions for higher education and research in the UK.
Universities are paired off and each spends a week ‘attacking’ the other using an internal team of staff and students to uncover vulnerabilities in processes, policies, procedures, technology infrastructure and the digital footprint.
Teams typically spend two days checking out what is most important to the opposition (sensitive research, for example) and the remainder of the week working out how to cause the most damage. Using open source intelligence and social engineering techniques, the hackers perform a controlled simulation of an attack with clear legal boundaries.
The winning team is the one that would have made the most negative impact.
The exercise began late last year, and once all 20 universities have been tested, which will take about six months, the data will be collated and information on common vulnerabilities shared throughout the UK higher education sector by Jisc.
Sharing intelligence
Its director of security, Steve Kennett, said: “Through our relationships with security agencies such as the National Cyber Security Centre, Jisc is doing all it can to collate and share intelligence on cyber attacks for its members and this excellent competition will provide even more valuable information. We hope it will give us a better idea of the actual security landscape in higher education.”
Kieren Lovell, a cyber security specialist at Tallinn University, said: “Although this is a fun exercise, the professional pride at stake adds a competitive element and means the teams are very motivated to get results.
“What we learn will help universities to protect themselves from hostile cyber actors, who are a growing problem for all organisations. It will also give university security staff invaluable experience in ethical hacking.”
Jisc runs the national research and education network Janet, which has in-built cyber security protection. The organisation also monitors the network for security incidents and, through various services and advice and supports its members in protecting their own cyber space.
Latest Jobs
-
- PCI QSA needed. Discreet Opportunity | London | Client facing
- London
- N/A
-
CH08421 PCI QSA needed. Discreet Opportunity | London | Client facing. Payment Card Industry - Qualified Security Assessor - London Seeking someone looking to accelerate their career, into a variety of interesting clients / projects. Must be happy to be onsite with clients- this is not a fully remote role. You must currently hold a valid CISSP or CISM or ISO27001 lead implementer certification AND one of the following; CISA, GSNA, iso27001 lead Auditor, CIA or IRCA ISMS auditor+ Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1
-
- Network / Security Infrastructure Engineer | West London | Permanent
- London
- N/A
-
Network / Security Infrastructure Engineer | West London | Current Config, Install, upgrade experience On prem / Datacetner experience essential. Hands on experience MUST include: Routing, Switching, Network Security (firewall, IDS etc), Microsoft exchange / Exchange 365. Scripting / automation experience wanted. Python, Powershell etc Regular travel to West London is required. Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1
-
- Security Operations / information Security Analyst / Engineer. London
- London
- N/A
-
Security Operations / information Security Analyst / Engineer needed for a London opportunity. A technical hands on role to investigate, escalate and proactively work to protect a globally recognised brand. Someone with SOC Analyst / security engineering background would be well suited. This position will join a small team and would suit someone that has broad experience across the security threat landscape. Experience / knowledge across industry GRC standards such NIST, ISO27001 etc very advantageous and a priority. You will work across multiple teams proactively working to secure the business. Must be able to commute to Central London 3 days a week. Visa sponsorship not available Apply today to find out more.
-
- Security Cleared Penetration Tester: United Kindom
- N/A
- N/A
-
Security Cleared Penetration Tester Deliver technical Penetration tests to the NCSC CHECK standard. Active CHECK Member or Leader status desirable either in Web Application or Infrastructure. Reach out to find out more. Whatsapp directly here https://wa.me/message/6USF5RAQBOZIP1 Or apply today