GN3-4 Security White Paper outline for download
We aim to provide guidance for security activities for GÉANT and the NRENs for the period of 2018 – 2022. In the GN3-4 Security White Paper, we will address some of the cybersecurity challenges of the NREN community, focussing on six main areas:
Main themes | |
---|---|
Security Baselining for products, services and organisations | Agreed frameworks and guidelines, their applications, what they mean for the organisation, frameworks as a means to prove and improve mutual trust between organisations thru benchmarking and sharing, both organisational and technical |
(Managed) Security products and services | Services delivered by NRENs or joint services delivered by GÉANT, for example Certificate Services (TCS, other), DDoS mitigation, (virtualised) Firewalling, and others. Research into the use of emerging technologies such as quantum cryptology and blockchain technologies. |
Legal compliance (including privacy compliance) | EU and other regulations on security, privacy and data sharing, measures that need to be taken and implemented (GDPR[i], NIS Guideline, EIDAS, to mention a few), representing NRENs in influencing what the regulations will be about in the future |
Management of risks | Identifying risks, risk management methods, risk registers, (cyber) threat assessments, threat intelligence sharing, sharing best practices |
Training and awareness | Creating cyber security awareness culture, communicating risks, threats and their mitigation internally; specific training needs of the security officers, applying the newest training methods (online trainings, serious gaming, simulation) |
Incident response, business continuity and crisis management | Addressing and managing security breaches and attacks not only on networks, but also on internal services, ways of dealing with unexpected threats, managing crises, preparing for the unexpected |
[i] In this paper, we will not discuss implementing GDPR compliance as the new GÉANT Task Force will be working on it.
Community Consultations
Community consultations are organised to:
- Collect feedback on the 6 main themes identified
- Collect specific ideas that could be included in the paper
- Rate the ideas suggested from the most to least urgent
The results of the community consultations:
Consultation | Date, place | Results |
---|---|---|
SIG-ISM Security white paper consultation | 5 October, Brussels | SLIDES |
Public Security white paper consultation (1) | 16 October, Online | SLIDES |
Public Security white paper consultation (2) | 25 October, Online | |
Public Security white paper consultation (3) | 31 October, Online | |
Joint results (ratings) | - | Security white paper brainstorm sessions results.xlsx |
- 25 October 10:00 – 11:00 https://eventr.geant.org/events/2766
- 31 October 10:00 – 11:00 https://eventr.geant.org/events/2767
Recent space activity
Authors
Steve Kennett (Jisc)
Alf Moens (SURFnet)
Sigita Jurkynaitė (GÉANT)