Pedro Vale Pinheiro, Head of the ICT Infrastructure Division at the University of Coimbra, explains how the RCTS CERT services of the FCCN Unit impact the activity of this higher education institution.
#1 Looking at the various services offered by RCTS CERT, which services are of most interest to the University of Coimbra?
Of the RCTS CERT's strengths, the ones that the University of Coimbra (UC) is most interested in are support in the creation of the CSIRT [cybersecurity incident response technical group], assistance and support in defining security policies, and the use of incident assessment and detection tools.
The support that RCTS CERT has provided to the UC, particularly through the use of incident detection and assessment tools, has been crucial in addressing the institution's weaknesses regarding the limited resources available in this area.
#2 How would you describe the relationship and contact maintained with RCTS CERT?
The working relationship between RCTS CERT and the UC has been characterized by excellent bilateral communication. The service has open (direct and indirect) channels and a prompt response to both critical and less critical situations. The FCCN Unit team remains always available and cooperative at all levels.
#3 What are some of the specific cybersecurity challenges facing higher education institutions? Does RCTS CERT provide any support in addressing these challenges?
The challenges facing the University of Coimbra in the area of cybersecurity are diverse and complex, despite the institution's importance to this topic. However, the most significant and relevant weaknesses in policymaking can be summarized as: a lack of specialized human resources and technological resources suited to current demands, marked by extremely volatile dynamics with high risk and impact.
On the other hand, there are the new challenges we've been forced to face on a permanent basis, such as access from uncontrolled networks (from home) in a continuous remote work environment, or the increasingly intense and performance-demanding use of information technologies. Finally, there are issues of access security in services. on-permit and in Cloud.
#4 The Covid-19 pandemic has led to a reconfiguration of teaching activities, as you mention. From a cybersecurity perspective, what are some of the consequences of this context?
The need for technological and methodological adaptation to the new demands of remote teaching activities has brought challenges that, until now, were considered theoretically or thought of in the distant future. The ability to adapt and adapt infrastructure, technologies, and methodologies has clearly demonstrated higher education institutions' ability to respond to adverse situations.
From a computer security perspective, the issues of quality of remote access to services, reinforcement and adaptation of border protections to services, adaptation of systems for intensive remote access, greater care in carrying out backups and prevention of disaster situations arising from the use of systems external to the institution that may lead to attacks that were previously not considered.
#5 In what direction do you foresee the relationship with RCTS CERT evolving in the near future?
I believe that RCTS CERT will play an important role in creating synergies, technological solutions, and supporting the creation and adaptation of policies that cut across various higher education institutions to bridge the resource gap. By enabling the creation of alert mechanisms and operational coordination at the national level, providing an integrated and privileged perspective, it will provide higher education institutions with a fundamental tool for an appropriate response to future crises.
#6 Is there anything you would like to add?
As a suggestion, we propose the continuation of training sessions for technical and specialized staff, in order to raise awareness and provide better cognitive and intervention skills in these areas.
