For 24 years, FCCN, the digital services of the Foundation for Science and Technology, has been responding to cybersecurity incidents at Portuguese Higher Education and Research Institutions, through RCTS CERT.
In order to take stock of this activity, Carlos Friaças, manager of this digital service, answered a few questions, detailing the role of this solution in the computer security of the institutions that belong to the Science, Technology and Society Network (RCTS) and how this work has evolved.
What led to the creation of RCTS CERT?
In 2000, following what was already happening in other NRENs [National Research and Education Networks], FCCN, FCT's digital services, set up a small team to respond to computer security incidents. This team grew and, until 2014, played the role of national CERT for Portugal. Until then, the team used the name "CERT.PT".
With the creation of the National Cybersecurity Center (CNCS), we rebranded to "RCTS CERT", which allowed us to focus the team's scope only on security incidents related to the institutions of the Science, Technology and Society Network (RCTS).
Over the years, what has been the main hallmark of this service?
The main feature is that there is a team that coordinates incident response within RCTS. This allows anyone, from anywhere on the Internet, to report an incident that they identify as originating from RCTS.
Another distinctive feature is the effort being made to ensure that RCTS members themselves (higher education and scientific research institutions) create and maintain their own incident response teams.
How has proximity to the teaching and research community been ensured over the years?
The main instrument is the Jornadas FCCN - an annual meeting of the community served by FCCN, the FCT's digital services.
On a day-to-day basis, proximity is the result of incidents that occur and which we work to ensure are brought to a conclusion. At the same time, this proximity is also guaranteed by the various cybersecurity services we provide, namely the phishing campaigns . phishingand awareness, o dns firewall or the management of vulnerabilities. We also have weekly "intelligence" reports and monthly cybersecurity reports, which are our attempt to share with each institution what we observe regarding various aspects of their cybersecurity.
In recent years, we have seen how the education sector has been targeted by cybercrime. What challenges has this reality posed for you?
This issue certainly exists. We've had some serious cases in recent years in institutions in our community.
Historically speaking, the main threats facing the education and research community at the moment are ransomware, but also CEO fraud orsupply-chain attacks. This means devoting an adequate level of resources to preventive mechanisms, so that when an attack is successful, the recovery phase is more expeditious and also more successful. Nowadays, it is also necessary to continuously measure the level of exposure, and it is completely fundamental to keep systems up to date.
And at the organizational level, what behaviors can employees adopt to keep institutions safe?
Employees are also a key aspect. An employee whose account is compromised represents a significant advantage for an attacker. Employees should always take a precautionary approach and, if in doubt about carrying out certain actions, they should ask other people whether it makes sense to do so.
Are there any new developments we can expect in this area in the future?
Security is a bit like a referee in the middle of a soccer match. The more unnoticed you are, the better (laughs).
However, we know that sometimes this relative calm can quickly change if various circumstances contribute to it. What we hope is that all [RCTS] institutions know that they can count on our help if they need it.
All the information about this digital service from the Foundation for Science and Technology is available on theFCCN page dedicated to RCTS CERT.
