Archive
CERT.JE - New Year, New Action!
Dear all,Let's cut to the chase as a whole day of the year is already gone, and time is short. So I recommend putting patching in 14 days, two-factor authentication for everything, and hardening to the CIS level 1 benchmark on the top of your new years resolutions list. Then do Cyber Essentials Plus with a local supplier to make sure you've got the basics right. If we all do that, we'll be the most cyber safe place on the planet. So what's stopping us? There's no time like the present!If on the other hand you're having new year's day off before starting those resolutions tomorrow, there's plenty below to get you thinking.Happy new year, and thank you all for your support for improving our cyber security in 2022.Regards,MattWhat does a hyperspace bypass have to do with Island cybersecurity?Well when it came to helping to navigate through a much-needed new law on cyber defence, where else to look for guidance but the Hitchhiker's Guide to the Galaxy:“But the plans were on display…”“On display? I eventually had to go down to the cellar to find them.”“That’s the display department.”“With a flashlight.”“Ah, well, the lights had probably gone.”“So had the stairs.”“But look, you found the notice, didn’t you?”“Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”Whilst these proposals are by no means as dramatic as a hyperspace by-pass, they do make meaningful impact - requiring operators of essential services to report incidents within a maximum period, and giving CERT the ability to share and protect information in similar ways to other equivalent bodies internationally, so people feel able to share with us.Now some consultations can be quite quick and streamlined - done and dusted in a few weeks. And a quick consultation was attractive, as we're on a tight timeline: without this law, we can't properly do the job we've been asked to do. However, the price of rushing things through could be missing out on important improvements and changes, and winning valuable support the hard way. After all, this is about improving our resilience together.So we spoke to our colleagues in Government Policy and were pleased to find that they agreed with us. Hiding the proposals behind an abandoned toilet was never really on the shortlist, and they were (of course) published on the gov.je website shortly before Christmas. A short consultation period was discounted, and a month long window allowed for comment. Rather than quietly leaving the consultation to gather dust, we've actively promoted it in local media and online. We've also chosen to consult now on what's called 'drafting instructions' rather than on the legal wording, so we get input before it's written, not after. And finally, we've elected to run a series of workshops for the public and interest groups to find out more and share their thoughts with Government directly.It a lot more work than anyone asked us to do, and I know there's not really a lot of optionality in many areas if we want to be effective. However we'll be there with a notepad, because to be sure we're getting it right for Jersey, we have to be sure we're listening to Jersey.We hope you agree this is important and come along to learn more.Regards,MattPS. As a result of Revue shutting down we will be moving our newsletter in January. If you have whitelisted the email to make sure it gets through you may need to do so again, and any unsubscribes processed during transition may need to be resubmitted. Thanks for understanding.PPS. missed the bit about patching, 2FA and hardening? It must have been a late night welcoming in the new year - feel free to read this as many times as you like, or send it to a colleague or family member to read for you :-)PPPS. All your systems patched within 14 days? go right ahead and find useful info, global insights, and lots of local cyber jobs and events below.
CERT.JE - What are you unwrapping this Christmas?
Dear all,At CERT.JE we’ve been putting a lot of effort into security this year – yours as well as ours. After all, we don’t want cyber criminals breaking in to our computers this Christmas and leaving unwelcome gifts of viruses, worms or ransomware.Other gifts of course can be warmly welcomed, but if you unwrap a new phone, laptop, or connected device this Christmas please bear in mind that whilst these can be wonderful tools (or toys!) they are not free of risk, and taking some basic steps can protect you and your family. So as our gift to you, we’re sending you our very own digital Christmas cards – 10 tops tips for a safe and secure Christmas, shared via social media between now and the end of December. Follow CERT.JE on LinkedIn, Twitter, Facebook or Instagram to unwrap them.On a personal level, my family life as well as my professional life over the last year have been very much affected by Russia’s war in Ukraine. This final newsletter of the 2022 is therefore dedicated to those whose most basic security has been taken away, and who have nonetheless proven their personal resilience in the most trying of times. Please do consider supporting them at Side By Side, Jersey | Bailiff's Ukraine Appeal.We move into 2023 with a much stronger cyber capability in Jersey. During Cyber Security Awareness Month we welcomed to CERT.JE Paul Dutot as Head of Cyber Defence, James McLaren as Senior Analyst and Morgan Franklin our Digital Apprentice.We still have a long way to go, and next year will for us be a year of action. I will be hoping it is less eventful - but whatever the world throws at us, this year has shown that we can rise to the challenge and deliver together as one island, and with the support of our partners both locally and internationally.Thank you to everyone who has helped us on this journey so far – we look forward to working with you all in the new year and beyond.Regards,Matt
CERT.JE - Cyber Security Awareness Month was a success!
Dear all,Wow that was a busy month! One event every 48 hours overall and fantastic feedback. I could spend the whole of this update talking about that – but we have news to share!We have completed the hiring of our technical team to provide a capability to prepare, protect and defend Jersey from a cyber attack. We had a huge number of amazing applications and thank you to everyone who applied.Paul Dutot, formerly of Defence Logic and Ports of Jersey, joins as the Head of Jersey Cyber Defence. James McLaren takes up the position of Cyber Security Senior Analyst after working at Logicalis and GCHQ. Morgan Franklin becomes CERT.JE's first-ever cyber apprentice.For Morgan, technology was always a big part of her life growing up. Focusing on IT and computing in school and maintaining that interest during early career opportunities enabled a passion for cyber security to flourish. Alongside working and her on-the-job development, Morgan is studying part-time towards a BSc in Digital & Technology Solutions (Cyber Security) from the University of Exeter, as well as a relevant professional qualification.James McLaren came to Jersey having worked nearly 20 years in the UK's intelligence, security and cyber agency, GCHQ, in Cheltenham, devising their first Internet security training course in 2001. He joins CERT.JE after eight years working for the managed security provider Logicalis, specialising in SIEM and security consultancy.Paul Dutot joins CERT.JE from being Chief Technology Officer at Defence Logic Limited. He previously managed the global provision of security services to a diverse range of clients including all forms of penetration testing, SIEM solutions and cyber security consultancy or governance services. Additionally, Paul developed custom SIEM implementations and response procedures to protect global clients from cyber security incidents. Over the last 12 months we have been working hard to lay the groundwork for CERT.JE, culminating in in a very successful Cyber Security Awareness Month in October. However, to deliver a lean and effective cyber emergency service that meets local needs, we need the right balance of skills and experience across a small team. With Paul, James and Morgan we now have the core capability to support local organisations and islanders in the event of a cyber attack. I am delighted to welcome them to the team, and look forward to working with them to deliver a secure and resilient island supported by a capable cyber defence.Regards,Matt
CERT.JE - Welcome to Cyber Security Awareness Month
Dear all,I’ll keep it short this month because I’ll see you all this Tuesday, October 4th, at the Channel Islands Cyber Security Conference.If you’re not yet going, now is the time to register for this and our other Cyber Security Awareness Month Events.Sign up here: http://cert.je/eventsSee you there!Regards,MattPS. Best be quick as there’s not long to go now!PPS. Great local cyber jobs below as usual :-)
CERT.JE - It’s a not a worst case scenario, it’s a realistic one.
Dear all,Laying the right foundationsRunning a CERT comes with a lot of complexities beyond the technical, from having the right mandate and authority to work with other governments and public bodies, to dealing with data protection, freedom of information and computer misuse legislation alongside national security requirements. Getting the foundations right is essential, and over the last 12 months we’ve been working closely with the Government of Jersey to define the right direction of travel. We don’t want to be reinventing the wheel or duplicating costs, but we do need the right degree of independence to deliver our mandate. Together we’ve found a good way forward that balances the two and learns from successful CERT’s around the world. This will require legislation, and therefore will be subject to consultation. It’s not the quickest route, but it is the right one. Once we get there we will be will able to fully deliver against our mandate to prepare, protect and defend Jersey from cyber threats.CERT RecruitmentWe made progress last week hiring for our Head of Cyber Defence, Senior Analyst and Apprentice and look forward to announcing these appointments soon. We’re enormously grateful to our candidates who put themselves forward. There was some wonderful talent on display who willingly put themselves through a practical cyber incident triage exercise, technical questions and a panel interview. Unfortunately we just can’t offer a role to everyone, no matter how much we’d like to. However we do want everyone seeking a career in cyber security in Jersey to find a role they will excel in and enjoy. A strong industry with good opportunities for local candidates makes all of us stronger. We are offering all those who applied 1:1 feedback and (should they want it) advice. If you are hiring, please tell us at [email protected] and we will include your role in our newsletter.Regards,Matt