The head of the ICT Infrastructure Division at the University of Coimbra, Pedro Vale Pinheiro, explains how the RCTS CERT services of the FCCN Unit impact on the activity of this higher education institution.

#1 Looking at the various features of the RCTS CERT which are the services of most interest to the University of Coimbra?

Of the services that the RCTS CERT has, the ones that the University of Coimbra (UC) is most interested in are the support in the creation of the CSIRT [technical group for response to cybersecurity incidents], help and support in the definition of security policies and the use of tools for assessment and detection of occurrences.

The support that the RCTS CERT has given to the UC, mainly with the use of tools for detection and assessment of occurrences, has been of crucial importance to bridge the weaknesses of the institution regarding the scarce resources existing for the area in question.

#2 How would you describe the relationship and contact maintained with the RCTS CERT?

The working relationship between RCTS CERT and the UC has been characterized by excellent two-way communication. The service has open channels (direct and indirect) and responds promptly to critical and less critical situations. The team at FCCN is always available and cooperative at all levels.

#3 What are some of the specific challenges, in the area of cybersecurity, regarding the action of higher education institutions? Does RCTS CERT provide any support regarding these?

The challenges presented to the University of Coimbra in the area of cybersecurity are diverse and complex, notwithstanding the importance given by the institution to this topic. However, the most important and relevant weaknesses found in the area of policy definition can be summarised as the most important and relevant: lack of specialised human resources and technological resources suited to the current demands, marked by extremely volatile dynamics whose risk and impact is high.

On the other hand, the new challenges that we have been forced to face on an ongoing basis, such as access from uncontrolled networks (from home) on a continuous remote working basis or the increasingly intense and demanding use in terms of performance of information technologies. Finally, there are access security issues in on-permise and Cloud services.

#4 The Covid-19 pandemic led to a reconfiguration of school activities, as you mention. From an IT security perspective, what are some of the consequences that have resulted from this?

The need for technological and methodological adaptation to the new demands of remote teaching activities has brought challenges that, until then, were considered on a theoretical basis or thought of a distant future. The capacity of adaptation and adequacy of infrastructures, technologies and methodologies have given unequivocal proof of the ability of higher education institutions to react to adverse situations.

From the IT security point of view, the issues of quality of remote access to services, reinforcement and adaptation of border protections to services, adequacy of systems for intensive remote access, greater care in performing backups and prevention of disaster situations derived from the use of systems external to the institution that could bring attacks hitherto not so considered were assessed and adapted.

5 In what direction do you foresee the relationship with RCTS CERT evolving in the near future?

I think that the RCTS CERT will play an important role in creating synergies, technological solutions and support in the creation and adaptation of policies that are transversal to the various higher education institutions in order to bridge the resource gap. By allowing the creation of alert and operation coordination mechanisms at a national level, enabling an integrated and privileged vision, it will provide higher education institutions with a fundamental tool for an adequate response to crisis situations that may occur in the future.

#6 Is there anything you would like to add?

As a suggestion, we propose the continuation of training sessions for technical and specialized staff, in order to raise awareness and provide better cognitive and intervention skills in these areas.

Other related articles

My first experience at BlackHat

Understanding how important it is to be up-to-date on the latest techniques and methods used by attack teams and threat actors, I was able to attend the BlackHat USA 2023 conference for the first time.

Read article

Malware attack by e-mail. What it is and how to protect yourself.

It is crucial to know the threats that can attack your organization and how to mitigate them. One such threat is malware, which often infiltrates organizations through apparently harmless emails.

Read article

Testimonial Jornadas FCCN: Rui Canizes - IPDJ

Rui Canizes, Head of Technological Infrastructures Division at the Portuguese Institute for Sports and Youth (IPDJ), tells us what the Jornadas have been for him.

Read article

Testimonial Jornadas FCCN: António Luís Lopes - ISCTE-IUL

António Luís Lopes, responsible for the information systems development team at ISCTE-Instituto Universitário de Lisboa, tells us what the conference usually means to him and what are the expectations for the 2023 edition.

Read article

1st RCTS Cyberrange: a controlled space to train in defending and attacking computer systems

This cybersecurity initiative had 64 participants from 26 different institutions, divided into 10 groups. The winning team was made up of members from the University of Coimbra and the Polytechnic Institute of Cávado and Ave.

Read the news

7 tips for safe online shopping

Safe online shopping is especially important on Black Friday and Cyber Monday. Here are seven tips to ensure safe transactions.

Read the news

European Cybersecurity Month. Protecting the community

October is another Cybersecurity Month. Throughout the month, the FCCN Unit will be taking part in this initiative coordinated by ENISA and the European Commission.

Read the news

Unit FCCN launches digital service catalog

FCCN launches a digital catalog of services, dedicated to the solutions it provides for the academic community. An up-to-date digital portfolio that is easy to consult.

Read the news

Safer Internet Day (SID) 2024: Viseu hosts this year's initiative dedicated to Artificial Intelligence

February 6th marks the 21st edition of Safer Internet Day (SID). The Safer Internet Center Consortium is organizing this national commemorative event, which will be held this year in Viseu. The SID Summit 2024 program is dedicated to Artificial Intelligence.

More info

Registration for the Jornadas FCCN 2023 is now open

The 14th edition of the Jornadas FCCN will take place at the Naval School - Alfeite Base in Almada, between June 27 and 29, 2023. Registration is now open and can be done via the event's new dedicated website.

More info

CSIRT-in-a-box 2022

RCTS CERT organizes, on November 3 and 4, a new edition of the CSIRT-in-a-Box Workshop.

More info

"Unity FCCN exists to serve the community. The Jornadas da Unidade FCCN are extremely important"

"One of the goals we have, in organizing the Days, is to take them around the country. We like to go to the institutions we work for. We get to know them better and they get to know us better."

More info