Jisc updates cyber security policy for Janet network

Cyber lock over binary code

Image source: istock.com/Temniy

Jisc has announced policy changes aimed at strengthening cyber security in how colleges, universities and research bodies use the Janet Network.

The membership organisation that provides technology services to the sector said the change follows consultation last summer and becomes effective from 1 April, with three key updates.

Firstly, organisations using the Janet Network will have to undertake an annual self-assessment of their security posture.

Secondly, there will be an expansion of the existing geographic location IP blocking restrictions, going beyond remote desktop protocols to block high risk protocols and ports. The restrictions will also shift from an opt-in control to being by default.

Thirdly, the remit of Jisc’s computer security incident response team will be extended to perform vulnerability scans across the network, effectively giving it a more proactive role rather than just responding to exceptional circumstances.

Increasing threats

Jisc’s head of Janet policy and strategy, Dr John Chapman, said: “We’ve made the policy changes against a background of increasing threats and on the basis that raising security standards at individual organisations will help the resilience of the whole sector.  

“For example, ransomware, which, according to our 2021 cyber security response posture survey, is currently the number one threat to further and higher education institutions, can spread among connected organisations. 

“So, it’s important that individual research and education organisations understand their cyber security strengths and weaknesses. An annual self-assessment will help achieve this. 

“For now, institutions can use whatever assessment methods works best for them, but we will be collaborating with members through our security community group to see if there is a consensus on which method works best or whether we should work together to develop a sector-specific model.  

“Colleges and universities don’t have to give us the results of their assessment, although we encourage them to share. The data, which will be confidential, will help Jisc to identify key problem areas and plan how to support the…