Archive
CERT.JE - New Year, New Action!
Dear all,Let's cut to the chase as a whole day of the year is already gone, and time is short. So I recommend putting patching in 14 days, two-factor authentication for everything, and hardening to the CIS level 1 benchmark on the top of your new years resolutions list. Then do Cyber Essentials Plus with a local supplier to make sure you've got the basics right. If we all do that, we'll be the most cyber safe place on the planet. So what's stopping us? There's no time like the present!If on the other hand you're having new year's day off before starting those resolutions tomorrow, there's plenty below to get you thinking.Happy new year, and thank you all for your support for improving our cyber security in 2022.Regards,MattWhat does a hyperspace bypass have to do with Island cybersecurity?Well when it came to helping to navigate through a much-needed new law on cyber defence, where else to look for guidance but the Hitchhiker's Guide to the Galaxy:“But the plans were on display…”“On display? I eventually had to go down to the cellar to find them.”“That’s the display department.”“With a flashlight.”“Ah, well, the lights had probably gone.”“So had the stairs.”“But look, you found the notice, didn’t you?”“Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”Whilst these proposals are by no means as dramatic as a hyperspace by-pass, they do make meaningful impact - requiring operators of essential services to report incidents within a maximum period, and giving CERT the ability to share and protect information in similar ways to other equivalent bodies internationally, so people feel able to share with us.Now some consultations can be quite quick and streamlined - done and dusted in a few weeks. And a quick consultation was attractive, as we're on a tight timeline: without this law, we can't properly do the job we've been asked to do. However, the price of rushing things through could be missing out on important improvements and changes, and winning valuable support the hard way. After all, this is about improving our resilience together.So we spoke to our colleagues in Government Policy and were pleased to find that they agreed with us. Hiding the proposals behind an abandoned toilet was never really on the shortlist, and they were (of course) published on the gov.je website shortly before Christmas. A short consultation period was discounted, and a month long window allowed for comment. Rather than quietly leaving the consultation to gather dust, we've actively promoted it in local media and online. We've also chosen to consult now on what's called 'drafting instructions' rather than on the legal wording, so we get input before it's written, not after. And finally, we've elected to run a series of workshops for the public and interest groups to find out more and share their thoughts with Government directly.It a lot more work than anyone asked us to do, and I know there's not really a lot of optionality in many areas if we want to be effective. However we'll be there with a notepad, because to be sure we're getting it right for Jersey, we have to be sure we're listening to Jersey.We hope you agree this is important and come along to learn more.Regards,MattPS. As a result of Revue shutting down we will be moving our newsletter in January. If you have whitelisted the email to make sure it gets through you may need to do so again, and any unsubscribes processed during transition may need to be resubmitted. Thanks for understanding.PPS. missed the bit about patching, 2FA and hardening? It must have been a late night welcoming in the new year - feel free to read this as many times as you like, or send it to a colleague or family member to read for you :-)PPPS. All your systems patched within 14 days? go right ahead and find useful info, global insights, and lots of local cyber jobs and events below.
CERT.JE - What are you unwrapping this Christmas?
Dear all,At CERT.JE we’ve been putting a lot of effort into security this year – yours as well as ours. After all, we don’t want cyber criminals breaking in to our computers this Christmas and leaving unwelcome gifts of viruses, worms or ransomware.Other gifts of course can be warmly welcomed, but if you unwrap a new phone, laptop, or connected device this Christmas please bear in mind that whilst these can be wonderful tools (or toys!) they are not free of risk, and taking some basic steps can protect you and your family. So as our gift to you, we’re sending you our very own digital Christmas cards – 10 tops tips for a safe and secure Christmas, shared via social media between now and the end of December. Follow CERT.JE on LinkedIn, Twitter, Facebook or Instagram to unwrap them.On a personal level, my family life as well as my professional life over the last year have been very much affected by Russia’s war in Ukraine. This final newsletter of the 2022 is therefore dedicated to those whose most basic security has been taken away, and who have nonetheless proven their personal resilience in the most trying of times. Please do consider supporting them at Side By Side, Jersey | Bailiff's Ukraine Appeal.We move into 2023 with a much stronger cyber capability in Jersey. During Cyber Security Awareness Month we welcomed to CERT.JE Paul Dutot as Head of Cyber Defence, James McLaren as Senior Analyst and Morgan Franklin our Digital Apprentice.We still have a long way to go, and next year will for us be a year of action. I will be hoping it is less eventful - but whatever the world throws at us, this year has shown that we can rise to the challenge and deliver together as one island, and with the support of our partners both locally and internationally.Thank you to everyone who has helped us on this journey so far – we look forward to working with you all in the new year and beyond.Regards,Matt