Introduction from Matt Palmer, JCSC Director

Dear reader,

Working in this area is a funny old business. There are some months where it feels that we’re making important - but slow - progress on individual projects. And then there are other months where things seem to accelerate and we make a sudden leap forward.

There are two pieces of progress to share with you this month.

Firstly, I am pleased to announce that our new website (jcsc.je) has now been launched. We’ll be talking about it more shortly, but as a newsletter subscriber, I’d like you to have the first look.

This is certainly a step up from our old one-page website, and it will continue to grow over the coming months and years. Our goal is to help you as much as possible. If there’s any content you think it should contain then let us know.

Secondly, we’re launching a new service for Islanders: the Suspicious Email Reporting Service (SERS). This is part of Jersey Cyber Shield, and is a free service. It’ll make it easier for people and organisations to report suspicious emails, and help us to gather intelligence so that we can produce advice and guidance. Find out more below, or make use of our shiny new website and read about it here.

As an individual, you can instantly report a suspicious email to SERS by emailing [email protected].

Apart from these two projects, we continue to build our knowledge as a team, and engage with the international cyber security community. As of this month, all of our team have completed the TRANSITS I Incident Response qualification. This means we now all understand how to build our work in line with best practice for cyber response teams.

In addition, myself and my colleague Paul Dutot attended the 36th annual FIRST conference along with the National CSIRT Annual Technical Meeting in Fukuoka, Japan. These meetings are a 7 day marathon packed with learning from countries around the world. Paul presented on how we responded challenges of building a national Computer Security Incident Response Team (CSIRT) on a small scale with JCSC in Jersey.

Regards,

Matt

JCSC.je is live

If you’ve worked with us for a while, you will probably recognise our old website. It’s minimal. It’s bare bones. (It also uses our old CERT.JE branding.)

But all that is about to change because this week we’ve soft launched our new website. We’ll share this publicly soon, once we finished some last minute checks.

The new website is designed to offer Islanders a starting point to understand what cyber security is and how it will affect them and their organisation.

It’s also designed to grow into an information repository. It will make it easier for people to access guidance and information from our team, or find out about our latest events.

Tap the button below to browse.

Making it easier to report phishing

We’re pleased to launch our Suspicious Email Reporting Service (SERS). SERS is part of Jersey Cyber Shield, and is free to use.

We’ve recently seen cyber attacks targeting specific sectors that use phishing as a way in. We were able to identify this as a coordinated attack and support the organisations that were targeted. But this was only because we’d had intelligence on several phishing attempts which - taken in isolation - didn’t seem too concerning.

SERS will make it easier for us to identify and disrupt this sort of coordinated phishing attacks. SERS is designed to:

• Allow JCSC to collate intelligence, and identify when phishing is being used as part of a broader cyber attack

• Enable us to share information with the UK’s National Cyber Security Centre (NCSC) so that they can take down malicious website

• Make it easier for organisations to report phishing, using one button (this is available if you integrate SERS into Microsoft Office 365)

You can report phishing emails to SERS by forwarding the email to [email protected].

You can find out more about SERS, how it works, and how you can automate it for your organisation. Simply tap the button below.

Bringing together cyber security suppliers

If you - or your company - supply cyber security services in Jersey, you’re invited to join the Cyber Suppliers Advisory Group.

Cyber security is constantly evolving: we believe that by bringing experts together two to four times a year, we’ll be able to improve practice and better protect the Island.

We set up this group to provide a non-competitive space where suppliers can collaborate, build strong working relationships, and learn from each other.

There is no membership fee to join, and the group is open to any supplier who provides cyber security services to customers in Jersey.

If you want to join the conversation, email [email protected] to request membership.

Reflections: does cyber security have a communication problem?

by Carla Jardim, Communication and Engagement Coordinator

In most organisations, communications practice is a supplement to the organisation's core work. It's an important supplement, and it's different depending on the organisation. But it's still a supplement.

(By 'communications practice,' I mean the strategy, structure, and methods we use to talk about what we do. This could be a product we sell or service we provide.)

Good communications practice isn't often highlighted as vital, crucial, or the most important thing you should take from this session. But those are direct quotes from training I've attended this month.

In early May, I attended the TRANSITS I training in Haarlem with two colleagues. The course is an introduction to working in Computer Security Incident Response Teams (CSIRTs) and throughout, the trainers highlighted two things.

Firstly, poor communication with your team and with stakeholders will complicate, slow down and disrupt your response to an emergency.

Secondly, the way to avoid this is to have agreed roles and processes in place. This includes how you communicate with non-specialists, including customers and the public.

Back in Jersey, the whole JCSC team were able to attend JESIP training for emergency response teams. This incudes States of Jersey Police, the Fire Service, Coastguard, and others. If Jersey’s key services were affected by a cyber security incident, the emergency response team would also include JCSC.

As with TRANSITS I, communications practice came up surprisingly often. The trainers noted that the Pollock Review found that responses to major incidents over decades has suffered from a lack of clear, planned communication. In many cases, this led to delays or disruptions that cost lives.

The trainers were also clear that the way to avoid disruption and save lives is to have protocols, processes and plans before an incident happens. This includes having clear communications protocols to manage public communications.

This is all very gratifying for someone whose role can often be minimised or overlooked as a ‘nice to have’. But it's also an important reminder for anyone working in cyber security.

If you’re interested in finding out more about communication during a cyber incident, we’re working with Soteria Communications to deliver an event on communication during a cyber crisis for the Chartered Institute of Public Relations Jersey branch this Thursday 6 June at 4.30pm. Click this link to get your ticket.

Jobs in Cyber

Digital Degree Apprenticeship
PwC

This apprenticeship is open to school leavers and career changers who want to earn a BSc (Hons) in Digital and Technology Solutions from the University of Exeter, while working full time.

IT Security Administrator (Fixed Term Contract)
Aztec Group

This role would suit someone with previous knowledge in administering banking software, and experience of operating within strict procedures.

Security Solution Architect
JT Global

This role would suit someone with a relevant degree or equivalent experience. You should also hold relevant risk and/or security certifications.

Cybersecurity news

Snowflake breaches set worrying precedent

In the last week, Ticketmaster and Santander have experienced cyber attacks linked to cloud hosting provider Snowflake. Given how many high profile companies use Snowflake’s services, this may be a developing story. Read the full story via Wired.

“Cybercrime has become incredibly profitable and has a low chance of detection or punishment.”

Director Matt Palmer spoke to Institute of Directors Jersey about his career, the prevalence of cybercrime, and the steps businesses can take to combat it. Read the full interview here.

Learning and Tools of the month

Each month, we provide a round up of tools that our team have found useful, and which could be useful to cyber security professionals. If you’ve found a helpful tool you’d like to share, please email us and we’ll include it in a future newsletter.

Remove pre-installed Windows 11 apps

If you’ve installed Windows 11 and understand powershell scripts, you can quickly removed unwanted applications and telemetry. Find out more.

Stark Industries, DDoS, and proxy warfare

This article includes a deep dive into a hosting company providing the proxy services used by Russian hacker groups since 2022. Find out more.