JCSC News: New advice, new events and a new Cyber Security Centre

June 18, 2025 • Estimated Reading Time: 11 minutes

Contents

Dear reader,

One of the challenges of cyber security is how to make it real for people who haven’t yet been affected by a cyber attack. If you went into the Co-op or Marks and Spencer recently and saw empty shelves, you’ll understand that cyber isn’t theoretical concept - it’s hard reality.

These attacks came as a surprise for many, but they were not much a surprise to us - this is the sort of effect that we plan for. We know cyber incidents will happen: we just don’t know who they’ll happen to, or when.

Whatever you think about the responses, do spare a thought for those whose livelihood is impacted by them. These are real staff, with real challenges, trying to serve their customers as best they can in difficult circumstances. Incidents are rarely fun, and the best way to learn is simulation.

These high profile-attacks have been part of our work over the last month. We’ve produced guidance for the general public on how they can respond if their data is compromised in a data breach (see below). We talk more below about how we are working as a community to test our readiness.

This month, we’ve also launched more Lunch and Learn sessions to give more Islanders a free intro to cyber security. (Even if you’ve already attended one of these sessions, you can help us by sharing with a friend of colleague)

Finally, we also have some news on how we will be developing a pan-island approach to cyber security and resilience, as well as an update on what I learned from being invited to speak at the Global Conference on Cyber Capacity Building.

Finally, we are a public service and as such we welcome feedback. We’ve introduced a formal feedback process and encourage you to tell us where we have done well, and where we can learn. It only takes a moment and is appreciated by the whole team.

Until next month,

Matt

PS. Jersey’s Government has now begun work on a new Cyber Policy Framework, replacing the 2017 Cyber Security Strategy. Ahead of that, we ask: are we doing enough?

Supporting the States of Guernsey to establish a Guernsey Cyber Security Centre

St Peter Port, Guernsey - Photo by Julie Clarke on Unsplash

Following a comprehensive tender process, JCSC will work with the States of Guernsey to set up Guernsey Cyber Security Centre (GCSC). As another small-Island jurisdiction, Guernsey faces similar risks to Jersey, and needs to have a dedicated capability to prepare, protect, and defend against cyber attacks.

GCSC will be based in Guernsey, with dedicated staff, but with overarching direction from JCSC. Like JCSC, GCSC will provide information, advice and guidance. It will also support organisations to improve their cyber security, and monitor vulnerabilities in Guernsey public networks.

We’ll be establishing GCSC over the next 12 months. You can read more about GCSC, including a list of FAQs, via our website.

New advice published: Data breaches

The recent cyber attacks on Co-Op and Marks and Spencer have - once again - highlighted Jersey’s vulnerability to cyber attacks, even if it isn’t an Island organisation that is targeted.

It’s also made more Islanders concerned about what they should do if their data is breached in a cyber attack. (Both the Co-Op and Marks and Spencer attacks led to personal information being leaked.)

We’ve put together plain English advice to guide and reassure individuals. You can find the full article via our website: just tap the button below.

Upcoming events

New dates added: Lunch and Learn

We’ve listened to your feedback and added more dates for Lunch and Learn sessions throughout the rest of this year. The new sessions include:

  • Wednesday 2 July: Providers of Critical National Infrastructure (including organisations that provide energy supply, water supply, transportation, health and telecommunications)

  • Thursday 7 August: Small businesses and charities

  • Friday 5 September: Financial and professional services

  • Monday 3 November: Hospitality

  • Tuesday 2 December: Small businesses and charities

As always, you can join us in person at 1 Seaton Place, or via Teams. These sessions are designed for people who aren’t cyber security specialists, and focus on basic controls that can prevent some of the most common cyber attacks.

Can’t make these sessions? Want a bespoke session for your organisation or industry? Just email us at [email protected] to request another session. 

JCSC Supports Government Cyber Exercise

Last week three JCSC team members supported the Government of Jersey to understand how it would respond to a cyber attack. Jersey’s Emergency Planning team and the South West Police Regional Cyber Crime Unit ran attendees through an incident response exercise, designed as a realistic worse case scenario affecting public services.

Incident response exercises allow those taking part to identify gaps in current practice and legislation. We’ve seen this from the annual exercises JCSC has run since 2021. Those exercises have led to concrete action, like the development of the Cyber Security (Jersey) Law, closer collaboration with Guernsey on joint capabilities, and ongoing work on a shared cyber incident response plan under the Jersey Resilience Forum.

These outcomes have also been informed by lessons from real-life emergencies the Island has faced in recent years.

If you think your organisation could benefit from running an incident response exercise, there are several Channel Island suppliers who can support you, and you can find a full list in this year’s Cyber Security Guide.

PS. Our incident response exercises are paused while we focus on the implementation of the Cyber Security (Jersey) Law, but we’ll share future dates via this newsletter.

Notes from the Global Conference on Cyber Capacity Building

Matt Palmer, Director of JCSC, at GC3B

Last month I attended the Global Conference on Cyber Capacity Building (GC3B) in Geneva. I spoke about navigating technology choices for cyber incident response. I included some of the challenges we have faced as a small ‘national CSIRT’ and how we approached these to build our infrastructure, and services like the Jersey Cyber Shield.

In short: we can't afford to gold-plate everything we offer as a small CSIRT, but there are good solutions to be found. We've made use of open source and proprietary tools. And, where needed, we've built out own (like the incident handling tool developed by Paul Dutot last year).

GC3B is a large conference: there were 600 delegates from 103 countries, representing governments, industry and academia. This means it was an excellent opportunity to learn from others who are trying to become more cyber resilient at a smaller scale, or on a limited budget.

This is key, because small organisations don't have the capacity to keep reinventing the wheel. For example, speakers at the conference spoke about the Cyber Capacity Model for Nations. The model outlines all the areas we need to be good at as an island community if we want to protect islanders, our public services, and our economy.

Hearing how this (and other approaches) have been deployed elsewhere has fed directly into how we're supporting the Government of Jersey to develop future cyber security policies. A step removed from day to day incident response? Absolutely. And critical if we want a sustainable, resilient digital economy.

Poll: are we doing enough to improve our cybersecurity?

Ahead of the planned new Government Cyber Policy Framework, we ask: Are we working fast enough as an Island community to improve our cyber security?

Login or Subscribe to participate in polls.

Cybersecurity in the news

New tools, old tactics: criminals use promise of AI tools to launch malware attacks

Cyber criminals are launching ransomware attacks using fake installers for AI tools.

But while the lure (AI tools) are new, the tactics used by the criminals aren’t: their websites offer an unbelievably good deal on the tool, or urge the user to act quickly so they don’t miss out. It’s a useful reminder that some of the basic (and often-repeated) advice, is still useful.

Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools

thehackernews.com/2025/05/cybercriminals-target-ai-users-with.html

Crypto scam company sanctioned by the US Government

Jersey has been targeted by several waves of crypto scams over the last 10 months. These scams usually impersonate a trusted figure or media organisation to offer an unbelievable return. Once the scammers get hold of the money they vanish, along with your ‘investment.’

The recent decision by the US Treasury to sanction a company based in the Philippines that was supporting this type of crypto scam is a good sign this threat is being taken seriously. Meanwhile, if you do see anything like this targeted Jersey, please report it to us: [email protected].

US Sanctions Philippine Company for Supporting Crypto Scams

www.securityweek.com/us-sanctions-philippine-company-for-supporting-crypto-scams

Jobs in Cyber

Digital Degree Apprenticeship - PwC

This internship would suit people who are want to earn their first undergraduate degree while working and studying on-Island.

Are you recruiting for a cyber role locally? Tell us at [email protected] and we’ll share your job listing with the community.

Learning and Tools of the month

Each month, we provide a round up of tools that our team have found useful, and which could be useful to cyber security professionals. If you’ve found a helpful tool you’d like to share, please email us and we’ll include it in a future newsletter.

Invictus IR

This Powershell tool allows you to pull together a range of information from a range of sources across Microsoft, which makes it easier to conduct investigations.

Linux Rootkit Indicators of Compromise

This repository collects IOCs for 24 rootkits targeting Linux systems. This includes filepaths, strings and network traffic.