The University of Melbourne will deploy endpoint detection and response technology across its IT environment this year and improve its access to threat intelligence as part of a broader five-year cybersecurity uplift. Details of the uplift – which is currently in its second year – are contained in a submission by the University to a federal inquiry into national security risks affecting the Australian higher education and research sector.
The first year of the uplift had focused on reducing the university’s vulnerability to cyber threats while balancing a practical need for platforms that support academic autonomy and collaboration, it said.
In line with the experience of tertiary education providers around the world, the university routinely encounters and defends against cybersecurity threats, including sophisticated attacks that cannot be attributed to any known threat actors. The university is cognisant of the fact that advanced persistent threat (APT) actors regularly test its defences.
The university said it had recently run a threat modelling exercise with an external consultancy to provide a better understanding of the threats the university faces, but will also generate a controls library that will be mapped to an industry-standard framework (NIST).
This project will additionally generate a list of risks, associated threats, and clarify the university’s effectiveness of response, all leading to a stronger cybersecurity ecosystem, the university noted.
In addition, with biomedical researchers at the university conducting various Covid-19 work, the university said it had collaborated with the Australian Cyber Security Centre (ACSC) to run a cyber hygiene improvement programs (CHIPs) scan to provide the university with information for the purpose of visibility, analysis and risk management.
As the university moves into the second year of its five-year uplift, it intends to introduce an endpoint detection and response (EDR) capability into its IT environment. This will enhance the cybersecurity team’s ability to rapidly respond to threats even in remotely located university assets, the university said.
The EDR will be augmented by consuming a commercial threat intelligence feed to identify TTPs [tactics, techniques and procedures] for advanced threat actors and risk conditions. In addition, a proactive threat hunting program will also be introduced to provide additional visibility into the environment.
The university said it had doubled the size of its cybersecurity team over the past two years. It has also rolled out multifactor authentication (MFA) for all staff accounts and will do the same for student accounts sometime this year.
Updating Australia’s cybersecurity
In an earlier article, OpenGov Asia reported that The Australian Cyber Security Centre (ACSC) is enhancing the Information Security Registered Assessor Program (IRAP) to strengthen the cybersecurity assessment framework. The agency has released an updated IRAP policy and a new IRAP Assessor Training module following an independent review of the program.
The enhanced program has been designed to help develop the capabilities of industry partners, increase the number of cybersecurity assessors and bolster national cybersecurity efforts. It has been developed in consultation with government and industry representatives.
Changes include increases to the standard and consistency of cybersecurity advice provided by IRAP assessors by requiring these assessors to maintain and demonstrate ICT security knowledge.
Other changes include a minimum requirement for IRAP assessors to maintain a Negative Vetting Level 1 Security Clearance, and enhanced governance arrangements in place for assuring IRAP assessors are performing their roles as independent third parties.
The ACSC has also established a revised five-day IRAP training course, which covers both IRAP and Information Security Manual fundamentals. The new policy will apply to all assessments initiated going forward, and current IRAP assessors will have 24 months to meet new requirements outlined in the policy.