For 24 years now, FCCN, digital services of the Foundation for Science and Technology, responds to cybersecurity incidents at national Higher Education and Research Institutions, through RCTS CERT.
To take stock of this activity, Carlos Friaças, manager of this digital service, answered a few questions, detailing the role of this solution in the IT security of institutions belonging to the Science, Technology and Society Network (RCTS) and how this work has evolved.
What led to the creation of RCTS CERT?
In 2000, following what was already happening in other NRENs [National Education and Research Networks], the FCCN, FCT's digital services, formed a small team to respond to computer security incidents. This team grew and, until 2014, served as the national CERT for Portugal. Until then, the team was known as "CERT.PT“.
With the creation of the National Cybersecurity Center (CNCS), a rebranding took place to “RCTS CERT”, which allowed us to focus the team's scope solely on security incidents related to the institutions of the Science, Technology and Society Network (RCTS).
Over the years, what has been the main hallmark of this service's performance?
The main brand is there is a team that coordinates the response to incidents within the RCTSThis allows anyone, from any location and on the Internet, to report an incident that they identify as originating from RCTS.
Another distinguishing feature is the effort being made to ensure that RCTS members (higher education and scientific research institutions) create and maintain their own incident response teams.
How has proximity to the teaching and research community been ensured over the years of activity?
The main instrument is the FCCN Conferences – annual meeting of the community served by FCCN, FCT’s digital services.
In everyday life, proximity results from incidents that occur and which we work to ensure a conclusion. At the same time, this proximity is also guaranteed by the various cybersecurity services that we provide, namely, to the campaigns of phishing, of awareness, the DNS firewall or the management of vulnerabilities. We also have weekly reports of “intelligence” and monthly cybersecurity reports, which are our attempt to share with each institution what we observe regarding various aspects of their cybersecurity.
In recent years, we've seen the education sector become a target of cybercrime. What challenges has this situation presented you?
This issue undoubtedly exists. We've seen some serious cases in recent years in institutions in our community.
Historically, the main threats facing the teaching and research community at this time are ransomware, but also CEO fraud or supply chain attacks (supply chain). This implies dedicating an adequate level of resources to preventive mechanisms, so that, when an attack is successful, the recovery phase is faster and more successful. Nowadays, it is also necessary to continuously measure the level of exposure, and it is absolutely essential to keep systems updated.
And at an organizational level, what behaviors can employees adopt to keep institutions safe?
Employees are also a key aspect. An employee whose account is compromised represents a significant advantage to an attacker. Employees should always take a preventative approach and, when in doubt about certain actions, should ask others if it makes sense to perform them.
Are there any new developments we can expect in the future in this area?
Security is a bit like a referee in the middle of a football match. The more unnoticed you can go, the better (laughs).
However, we know that sometimes this relative calm can change quickly if several circumstances come together. What we hope is that all [RCTS] institutions know that they can count on our help if you need it.
All information about this digital service from the Foundation for Science and Technology is available at FCCN page dedicated to RCTS CERT.
