The University of Melbourne will deploy endpoint detection and response technology across its IT environment this year and improve its access to threat intelligence as part of a broader five-year cyber security uplift.
Details of the uplift – which is currently in its second year – are contained in a submission [pdf] by the University to a federal inquiry into national security risks affecting the Australian higher education and research sector.
The first year of the uplift had focused on reducing the university’s “vulnerability to cyber threats while balancing a practical need for platforms that support academic autonomy and collaboration,” it said.
“In line with the experience of tertiary education providers around the world, the university routinely encounters and defends against cyber security threats, including sophisticated attacks that cannot be attributed to any known threat actors.
“The university is cognisant of the fact that advanced persistent threat (APT) actors regularly test [our] defences.”
The university said it had recently run a threat modelling exercise with an external consultancy to “provide a better understanding of the threats the university faces, but will also generate a controls library that will be mapped to an industry standard framework (NIST).”
“This project will additionally generate a list of risks, associated threats, and clarify the university’s effectiveness of response, all leading to a stronger cybersecurity ecosystem,” it noted.
In addition, with biomedical researchers at the university conducting various Covid-19 work, the university said it had collaborated with the Australian Cyber Security Centre (ACSC) “to run a cyber hygiene improvement programs (CHIPs) scan to provide the university with information for the purpose of visibility, analysis and risk management.”
As the university moves into the second year of its five-year uplift, it intends to introduce “an endpoint detection and response (EDR) capability into its IT environment.”
“This will enhance the cyber security team’s ability to rapidly respond to threats even in remotely located university assets,” the university said.
“[The EDR] will be augmented by consuming a commercial threat intelligence feed to identify TTPs [tactics, techniques and procedures] for advanced threat actors and risk conditions.
“In addition, a proactive threat hunting program will also be introduced to provide additional visibility into the environment.”
The university said it had doubled the size of its cyber security team over the past two years.
It has also rolled out multifactor authentication (MFA) for all staff accounts, and will do the same for student accounts sometime this year.