Today’s cyber security services protect both the networks and services from malicious attacks, but also help secure individual users on the networks. Because of the events that have been affecting our world in 2020 we have all become more digitally dependent. There has never been a more challenging time for security professionals than during the COVID-19 pandemic. Overnight, many organisations have had to adapt to remote-working, creating a range of additional security challenges and cybercrime has been capitalising also on increased homeworking.
The 2022 EaPConnect Cyber Security Workshop for security professionals took place online on 9-10 February. It was jointly organised by GRENA and the EaPConnect project team, with contributions from GÉANT and the CyberEdu project. Over 140 participants from 32 countries in Europe and Africa took part in the two-day event. The 19 speakers, including experts from academia, international research projects, the NREN community, and the Eastern Partnership countries, shared their experiences and best practices in a variety of cyber security areas.
The workshop kicked off with a presentation from the University of Toulouse on the EC-funded project CyberSec4Europe, a research innovation pilot for a future European cyber security centre of competence, followed by a presentation on CONCORDIA, an EC-funded lighthouse project which highlighted the need of information sharing and intelligence of the available cyber security data. Jacek Gajewski from the National Centre for Nuclear Research in Poland talked about the CyberEDU project, a partnership between the Baltic region and the EaPConnect countries to improve education of cyber security professionals, stressing the importance of international cooperation in this field: “Increased collaboration and knowledge exchange are fundamental to close the digital gap”.
Melanie Rieback from Radically Open Security gave a stimulating talk on social enterprises and the need to demystify cyber security:
Cyber security is not black magic, it’s a fundamental human right which we should not entrust to private organisations; it is too important to be delegated to commercial companies”.
Justin Novak from Carnegie Mellon University in the US also highlighted the importance of sharing and communicating to reduce attack factors and exploits as the acquired knowledge can help prepare against similar malicious events. But when and with whom share the information?
On day 2, Alf Moens, Senior Security Officer from GÉANT, presented the organisation’s security strategy and roadmap.
GÉANT’s main objective is to continue to support NRENs providing a safe and secure infrastructure and services for research and education starting form the following 6 pillars: Standards and Best Practices, Security Operations Support, Services and Tools, Incident Response and Crisis Management, Training and Awareness, Securing High Speed Networks”.
Alf’s presentation was followed by expert talks from SURF, the Dutch NREN, on CLAW, a very successful Crisis Management workshop and training offered by GÉANT, and from DFN-CERT on NeMo, a DDoS software developed by DFN-CERT and now adopted by GÉANT. Next, members of the GÉANT project’s security team gave presentations on various Security Operations Centre (SOC) tools that are available to the community.
The workshop closed with a series of presentations from representatives from the NREN CSIRTs (Computer Security Incident Response Teams) from RENAM (Moldova), CYNET (Cyprus), ASNET (Armenia) and GRENA (Georgia).