Carlos Friaças, the cybersecurity service manager (RCTS CERT) at the FCCN Unit of the Science and Technology Foundation (FCT), offers some thoughts on cybersecurity in the Science, Technology and Society Network (RCTS) during the pandemic. October is European Cybersecurity Month – an initiative of ENISA which aims to “promote computer security among citizens, companies and public entities”
What are some of the cybersecurity challenges that the pandemic has presented to RCTS in recent months?
One of the challenges, perhaps somewhat unexpected, was the issue of videoconferencing session intrusions, where several incidents were reported—sometimes unusual and, in other cases, extremely serious. We urged users of the services provided by RCTS to seek help. to existing security mechanisms across various tools. Setting a password for the session you want to log in to, for example, has become essential.
Regarding account compromise cases, we believe this continued throughout the pandemic. The physical distancing of people from institutional facilities likely contributed to some cases taking longer to be mitigated.
Finally, I believe that the provision of remote work resources (VPN) initially raised some concerns in some institutions. This was due to the volume of users who did not have VPN access and now have it. However, I believe this was overcome within the first few weeks, also thanks to the contribution, in some cases, of the FCCN Unit, which responded with recommendation to adopt the eduVPN solution.
Many institutions are now facing a return to what has been deemed "the new normal," combining in-person and remote activities. What consequences might this situation have from a cybersecurity perspective?
I believe that this "new normal," with greater physical presence in institutions, will inevitably lead to a greater number of infected devices (mainly mobile) reappearing within the infrastructures of various institutions. This will be reflected in the information we receive daily and transmit to the respective institutions.
Traffic volume will naturally increase, and we naturally expect some increase in DDoS attacks targeting RCTS. These attacks are sometimes triggered by conflicts between people, and with more people using RCTS's infrastructure, it's also normal for the volume of these types of attacks to reach pre-pandemic levels.
What are some good practices that RCTS users should keep in mind in the current context?
Best practices are no different from the usual in the current context. Robust and long passwords are recommended, and it's crucial not to reuse the same password in different contexts. In contexts where this is possible, it's also highly recommended to enable 2FA (second-factor authentication) mechanisms—this prevents exploitation of a compromised password if the second level of authentication relies on a physical object, typically a cell phone, in the possession of its rightful owner.
There are various subservices included in the RCTS security serviceHow important are these subservices to RCTS users? How do you assess the community's connection to these subservices?
To a large extent, the benefits of these subservices for RCTS users will only be possible if institutional leaders decide to adopt them within their scope, and also on a widespread basis. The various subservices, which are available free of charge within the RCTS, follow an "opt-in" approach. This means that institutional leaders can opt for other similar services available on the market.
A good example of this is DNS Firewall, which, based on a list of DNS domains classified as malicious, blocks communications that are part of infection chains on devices using DNS. There are several options on the market, with different prices and sizes, regarding the list of malicious domains. At the beginning of the pandemic, some companies even offered this service free of charge for a limited time. However, we believe the strengths of our solution are its price (free for RCTS member entities) and the ability to quickly add and flag false positives due to proximity.
Community engagement with these subservices is still relatively low, as their adoption depends on decisions made by infrastructure managers rather than individual end users. Therefore, we must continue working on improvements to the various subservices to make this decision easier and more transparent.
Is there anything you would like to add?
Even in these unprecedented times, with new rules of conduct, it's important not to let your guard down when it comes to cybersecurity. Electronic identity theft can have very serious consequences for victims, so it's important to always be vigilant.
Fraud attempts haven't decreased since the pandemic began, and the pandemic itself is being heavily used as a theme for various types of fraud. When doubts arise, it's important for people to continue communicating with each other, even via video conferencing. In this regard, I must say that I'm very proud of our Colibri service.
Finally, I would also like to reaffirm RCTS CERT's willingness to assist, in any way we can, in further improving cybersecurity standards within the RCTS community. While an incident response team is reactive in nature, any investment we can make in the preventive aspect will have an impact—albeit difficult to measure—on the subsequent need for response.
