The frequency and complexity of information security threats are increasing at an unprecedented rate and as such, the associated cost of mitigation is unsustainable. This is particularly acute in the higher education space. It is safe to say that no individual institution has a realistic chance of addressing the issues alone. The problem we face is becoming so large that if we want to move from being reactive to proactive we are going to have to think outside of the box and work collectively.
Back in April a group of Senior IT leaders met at the University of Alberta to explore the possibility of creating a shared Canadian Security Operation Centre (SOC). The group included a collection of willing and able institutions: University of British Columbia, University of Alberta, McGill University, University of Toronto, along with their respective provincial Research and Education Networks: BCNET (BC), CYBERA (Alberta), RISQ (Quebec), ORION (Ontario) and the national Research and Education Network: CANARIE. Discussion focused on the challenges that we face, the value of collaboration, what others were doing, potential financial models along with the possible services a shared SOC may offer. A lot of the discussion focused on an emerging model from the Big Ten universities called OmniSOC.
Since that time we have met at the University of Toronto in April, and during the Canadian Higher Education Information Technology (CANHEIT) conference in Vancouver last month. In addition, part of the group attended a summit at the University of Indiana in June, to ask questions about OmniSOC. There now exists a draft project charter for a Shared SOC Service, and by the August we are looking for verbal commitment to undertake a 12-month proof of concept (POC). After the meeting in Toronto, McMaster University and Ryerson University officially joined the conversation. This brought the group to six universities. Experience from OmniSOC suggests that the sweet spot is four to six institutions for a POC.
During the POC, we will test some technology to ingest information from the various partners and also create the document outlining how this could be rolled out more broadly to the Canadian higher education community. This document would include resources and tools such as a governance model, a financial model, templates for data sharing, a service delivery model and several other deliverables. The intention is to collaborate with OmniSOC and try and leverage what they have already learned and completed. If things go as planned there would be an excellent opportunity to create a federation of higher education SOCs built on similar technology stacks offering similar services.
Overall this is an ambitious undertaking, but big problems, require big solutions. There is a great deal of interest from the community and we will be looking to sharing progress on a regular basis and soliciting input on direction. This model may not fit everyone’s needs and it does come with some risks, but the opportunity is so significant that we are compelled to explore. Assuming there is broad agreement from the participants, the project will start shortly, there will be a website and a series of community update meetings to share progress.
Initial Shared SOC meeting on April 11th 2018, at the University of Alberta. Absent from the picture are the partners from Ryerson and McMaster University – Brian Lesser and Gayleen Gray.