IT experts from Masaryk University's Institute of Computer Science have tested how well they can defend against cyber-attacks. Using a cyber-attack simulation, they have checked the security of highly protected information, so-called sensitive data, in a unique environment known as SensitiveCloud. The results of the latest testing will help improve the security of this environment for storing and processing sensitive data and advance cybersecurity research.
It's no secret that data owners are constantly under threat from hackers. Therefore, a team of IT specialists in cyber security works at the Institute of Computer Science MU to improve, for example, the cyber security of systems or the environment readiness for investigating security incidents. They pay special attention to protecting sensitive data, i.e., highly protected information requiring high guarding. The MU's CERIT-SC research infrastructure's users store their data in a unique environment known as SensitiveCloud. Over the past months, IT experts at the Institute therefore tested how well this unique environment meets the high demands of cybersecurity. They prepared a simulation of a sophisticated hacker attack and examined both the system's readiness and the reactions of the IT professionals who manage the Cloud.
System weaknesses are usually tested with penetration tests, which focus on detecting vulnerabilities that allow unauthorized access to IT systems. However, the trial by experts from the Institute of Computer Science MU was much more complex. It aimed to examine the reactions of IT administrators to an ongoing simulated attack. Although they knew that the system would be tested, they were not aware of the time or hour when the test would take place. At one moment, they received a fictitious message that sensitive data had been released from the repository. They then used the existing environment settings to track down exactly what had happened and how to improve the protection of the environment in the future. "You can think of it as a bit of a detective game. The system administrators had to go through the steps of an imaginary thief who had committed a criminal act. As detectives, they looked for the clues he had left at the scene and tried to figure out exactly how the crime had happened. It was a very detailed job, where every little detail was important to us," said IT expert Lukáš Daubner, who led the team preparing the testing.
The test was exceptional because of the fictitious attack and the high demands on the SensitiveCloud administrator. They had to trace what the attacker had done to the system and map his actions and their sequence. "The system administrators gained invaluable hands-on experience thanks to the simulated scenario. They learned which systems in the SensitiveCloud ecosystem need more care focused on security when configuring and managing them," said Matej Antol, Executive Director of CERIT-SC from Masaryk University. The IT experts prepared the testing for two months, and its preparation was confidential.
Solving this simulated incident helped IT experts from MU to improve the Cloud's defensibility, configuration, and processes related to protecting sensitive data. The unique testing was part of the preparation for obtaining security certification to operate SensitiveCloud, and the results will help improve the forensic preparedness methodology. IT expert Lukáš Daubner is working on this with leading information security expert Raimund Matulevičius from University of Tartu in Estonia. The testing was carried out as part of the international CHESS, cyber security project, involving IT specialists from Estonia and the South Moravia region. Also, Lukáš Daubner presented this unique forensic readiness testing of SensitiveCloud at the 35. mezinárodní konferenci CAISE '23 in Zaragoza, Spain, in June 2023..
Published article: „A Case Study on the Impact of Forensic-Ready Information Systems on the Security Posture“
After a year spent abroad at The University of Texas at San Antonio, our colleague Martin Husák from the cybersecurity team CSIRT-MU returned to us. He was able to complete his postdoc internship in a research group in the USA thanks to a grant to support the mobility of promising researchers. What exactly does he focus on in his research? And why does he think Brno is the best city in the world?
In an interview with Vice-Rector Radim Polčák, we discussed changes in IT at Masaryk University. We discussed how the university is adapting to new needs and how it manages funding and maintaining a high level of IT services. We also touched on the Vice-Rector's view on the importance of the adaptation of the Institute of Computing to the University's strategic plan and the role of IT during crisis situations such as the recent covid-19 pandemic. We also discussed future plans, including the relocation of the Institute of Computer Science and its involvement in research activities and projects such as EOSC.
