Frequently Asked Questions
- + Q. What is the Joint Security Project (JSP)?
- A: Building upon the successful collaborations resulting from a pilot of the Joint Security Project (JSP), the project will continue the development of a community of security specialists to strengthen the overall security of Canada’s universities, colleges, and research institutions.
- + Q. Who can join the JSP?
- A: Participation is open to Canadian universities, colleges, and research institutions that are connected to Canada’s National Research and Education Network (NREN). Participation is limited to one application per institution or organization. We anticipate that the application would come from the Information Technology or Information Technology Systems or Information Security offices.
To verify that your institution is connected to the NREN: canarie.ca/is-my-institution-connected
- + Q. How long is participation period of the JSP?
- A: The participation period spans from the time the successful participants are announced (September 18, 2019) through August 31, 2020. Details of the next phase of the JSP will be announced in 2020.
- + Q. What Intrusion Detection System (IDS) is provided by the JSP?
- A: The JSP uses the Zeek Network Security Monitor (also known as Bro) IDS. See https://www.zeek.org.
This software runs on a high performance server provided by CANARIE and includes 1 or 10 Gbps optics and two optical (or two electrical) network Termination Access Point (TAP) devices.
- + Q. We were part of the JSP Pilot. May we get another IDS system with this phase of the JSP?
- A: No. Note that the originally provided system is still under warranty for the duration of this project.
- + Q. Can we participate in the JSP using our own IDS?
- A: Yes, if you are not receptive to supporting multiple IDS systems at your institution. However, it is preferred that all participants in the project use the same IDS for consistency, ease of support, and ease of collaboration.
- + Q. Can we participate in the JSP using our security information and event management system (SIEM) instead of an IDS?
- A: No (or possibly if the SIEM can provide the equivalent data provided by an IDS). The JSP uses an IDS for data collection. It is preferred that all participants in the project use the same IDS for consistency, ease of support, and ease of collaboration.
- + Q. What data will I be sharing with the other JSP participants?
- A: The data shared by JSP participants is determined by agreement amongst the participants through working group discussions. JSP Pilot participants agreed to a minimum set of data, with some participants deciding it would be beneficial for them to provide more data.
- + Q. What is the Information Sharing Agreement?
- A: The Information Sharing Agreement will be based on the JSP Pilot Information Sharing Agreement that was signed by all 39 participating institutions.
- + Q. Where is the data stored, how is the data used, and for how long?
- A: At the time of writing, the data will be stored at two Canadian university cybersecurity centres. These centres will be announced once agreements with them are in place.
Software tools at the centres will aggregate data from across all participant data feeds, analyze the data, and provide cybersecurity analytics. The analytics based on the participants’ data feed are provided only to the institution, while aggregated analytics based on all participants data is provided to all institutions.
Through working group discussions, JSP participants will determine the amount of time data will be retained. The JSP Pilot kept data for 6 months.
- + Q. Will the JSP be investigating cyber threats that may affect me, and if so, will they let me know?
- A: Participants have access to data aggregation and visualization tools to provide institution-level cybersecurity analytics. These tools are self-serve; your institution must do any investigations.
- + Q. Can the JSP provide a threat feed to my SIEM?
- A: Not at this time.
- + Q. How is the JSP related to the Canadian Shared Security Operations Centre (CanSSOC) Proof of Concept, the National Research and Education Network (NREN) SIEM project, and the Community, Health, Environment, Communications (CHEC) program in Ontario?
- A: At this point, these are complementary projects, all building expertise, capacity, and the ability to share threat intelligence.
- + Q: Should I participate in the aforementioned projects or the JSP?
- A: At this point, these are complementary projects, so participating in all (if possible) would be ideal.
- + Q: It seems like these aforementioned security initiatives are all trying to solve the same problem. Why so many projects?
- A: Securing research and education is a complex challenge and requires a partnership of complementary solutions provided by different organizations. We are working closely with other initiatives/partners to evaluate possible collaboration or sharing of information to allow us to most effectively achieve our collective goal to better secure Canada’s research and higher education community.
- + Q: What is the role of the NREN’s provincial and territorial partners in the JSP?
- A: The provincial and territorial NREN organizations are partners with CANARIE. As operators of the NREN SIEM project, they are possible collaborators and complementary to the JSP.
- + Q: What is the $15,000 available funding for participants to be used for?
- A: The funding is meant to offset costs your institution may encounter completing the participation obligations. There is no need to track what these costs are.
- + Q: When will the $15,000 funding be transferred to participants?
- A: The funding is transferred at the close of the project, after August 31, 2020, and once the participation obligations are completed.
- + Q: Is there a funding limit for the call/is there a soft target for the number of participants?
- A: Funding will be provided to eligible participants in the order that applications are received. Given the limited funding that is available, interested institutions are encouraged to submit their applications as soon as possible. It is expected there will be funding for up to 160 participants, including the original 39 pilot participants.
- + Q: What are the reporting requirements?
- A: There are no financial reporting requirements. A final written report is required as part of the participation obligations.
- + Q: My institution was part of the JSP Pilot. What happened to the network data that we shared?
- A: Data sent to the aggregation tools was made available to participants throughout the Pilot through three self-serve portals that offered multiple settings for analysis and export. As communicated with Pilot participants, aggregated data was deleted six (6) months after it was received.
The security analysis tools that were available during the Pilot are no longer operating but new tools for the Joint Security Project are in development.