RMIT university is heading up a national effort to improve the cybersecurity posture of Australia’s universities through a unique threat intelligence sharing network.
The project is being developed with $1.6 million in funding outlined in the government’s 2020 Cyber Security Strategy released in August.
Director of RMIT’s new centre for Cyber Security Research and Innovation, Professor Matt Warren, told Information Age it was crucial to defend the intellectual property sitting on university servers.
“Universities are the hub of research in Australia and that data, that information has to be properly secured,” he said.
“A lot of the information in universities has a huge intellectual property value that, if a state actor accessed, could give them a competitive advantage in that field.
“The COVID-19 recovery will be driven by technology and innovation and universities are going to play a big role in that.”
In November last year, the government flagged a need for universities to improve their cybersecurity to limit the effects of foreign interference.
The government’s guidelines focused on five themes: cybersecurity, knowledge sharing, communication and education, due diligence, and governance and risk frameworks.
It was created in the wake of a major breach at the Australian National University which saw which saw 19 years of personal data accessed by bad actors.
More recently, the University of Tasmania (UTAS) sheepishly admitted it had left the sensitive information of 19,000 students accessible for anyone with a UTAS account.
Professor Warren, an ACS fellow who sits on ACS’ cybersecurity technical committee, said RMIT’s threat intelligence sharing network would help the sector respond to live cybersecurity risks.
“We’re working with government and to be able to share information with universities which will be able to use the information in real-time and react to threats,” he said.
“There have been a number of high level incidents in recent years and you only have to look at what is happening to universities around the world with the impact of ransomware to see the importance of hardened cybersecurity.”
Two weeks ago the UK’s National Cyber Security Centre (NCSC) issued an alert warning that there was increase in the number of ransomware attack attempts on the education sector.
In July, the University of Utah was knocked offline by a ransomware attack. The university paid a US$457,000 ransom and said it has “made substantial investments in technology” to mitigate against future vulnerabilities.
Threat sharing capabilities – like the one being developed at RMIT – are designed to help organisations and businesses collaborate for a more whole-of-industry approach to cybersecurity.
Earlier this year, ACT-based company Cybermerc raised $2.44 million to fund its Aushield Defend threat intelligence portal designed to keep Australian businesses updated on current trends.
The platform will collect and share cybersecurity information between users so that when one business is attacked, everyone else will be notified so they can prepare their defense.
“This project is about building a community,” Cybermerc CEO Matthew Nevin said.
“Right now, Australian businesses are defending themselves in isolation. We want them to collaborate."
Half the funding for Cybermerc came through the AustCyber’s $15 million Projects Fund.