Overview
A few weeks ago, ORION’s Director, Marketing and Communications, Cathy Bogaart, our Chief Information Security Officer (CISO) Farooq Naiyer and I attended the CANHEIT conference that took place at Simon Fraser University (SFU) in Burnaby, BC. CANHEIT is the largest gathering of all the Canadian IT leaders in higher education, advanced research computing (ARC), and technological institutions. It was great to see many of our friends in attendance. The IT world is moving ever faster and, at CANHEIT, we were pleased to see that Ontario was well represented in these movements.
Compute Canada Townhall
Compute Canada’s President and CEO, Robbin Tourangeau, and the CTOs from their regional partners, WestGrid, Calcul Quebec, Compute Ontario and ACENET led an open forum on current activities, key initiatives in the advanced research computing landscape in Canada. Our friends at Compute Ontario mentioned a health AI platform project, in which we were particularly interested.
Benchmarking Cybersecurity at Canadian Universities
Brian Lesser, Ryerson University’s CIO and a member of our advisory group, led a discussion about Canadian University Council of CIOs (CUCCIO)’s cybersecurity benchmarking initiative. The panel was filled with CIO and CISO members from the project’s participating organizations to talk about their findings. There is still a long journey ahead, but it was a start in working together on solutions. I was pleased to hear that CIRA D-Zone service improved cybersecurity scores for participants since we provide CIRA’s D-Zone Anycast DNS service to all our users free of charge.
IT is a Strategic Asset (and Not a Utility)
This panel was comprised of the CIOs from SFU, U of T and Mount Royal University.
Key takeaways from this session were the importance and significance of the four pillars of technology: people, process, technology and data. Another important point raised was that, given the fact that there is so much dependence on IT, it should be as seamless as the utilities. The board and the executive management have now started seeing the strategic importance of IT and have realized the importance of IT governance.
Two Paths to Two-factor Authentication
Two-factor authentication for logging into our accounts is one of the best things we can do to protect accounts. Our good friends Brian Lesser (Ryerson University) and Jason Testart (University of Waterloo) discussed how post-secondary institutions are informing its residents on two-factor authentication, the many options, challenges and adoption for two-factor authentication.
Yikes – What Did I Get Myself Into? Confessions of a New CIO
A panel of newly appointed CIOs discussed and engaged with the audience in a session of questions and answers about their new roles. Two of our advisory group members, Bo Wandschneider (University of Toronto) and Gayleen Gray (McMaster University), who continuously help guide our strategies at ORION, shared their perspectives on the greatest challenges of their new roles and how they’ve adjusted. The new CIOs shared their initial plans and what those taking on a leadership role in IT can expect.
Securing the National Research and Education Network Federation Style
I joined a panel together with Gerry Miller (MRnet), Todd Williams (ACORN-NS), and Jill Kowalchuk (CANARIE) as part of Canada’s National Research and Education Network (NREN). NREN security is an important layer to enable the highest performance standards and availability for Canada’s research and education system. We talked about the NREN Security Information and Event Management (SIEM) project as one of our first initiatives in a new strategy to manage security threats for Canadian higher education institutions. I shared our experience with Ontario’s shared CISO cybersecurity initiative pilot project, which has been driven by our community. Four big areas of focus to date have been security training, security guidelines development, security assessments, and a shared SIEM proof of concept.
The NREN’s goal is to deploy a SIEM in each province and territory that can support the needs of the network and connected institutions in the future. Improving our cybersecurity capability is a big project. We can only tackle this effectively by working together at the institutional, provincial and national level.
Security Frameworks: Sharing University Models
Many Ontario technology leaders were interested in this session with CIOs from HEC Montréal, McGill University, and University of Regina. The panel shared their experience of leveraging the leading security frameworks such as ISO 27001, COBIT and NIST cybersecurity framework, and tweaking them based on their maturity level and their organizational needs.
Farooq asked them about the role of the board of directors in cybersecurity and most of them responded that they are in process of defining that.
Model for Cybersecurity Maturity Assessment
Tariq Al-Idrissi, Associate Vice President in charge of IT at Trent University, presented strategies in handling breaches in security, assessing the cybersecurity maturity of institutions in different methods and addressing self-assessment questions for a better understanding of our cybersecurity. The presentation provided templates for starting these self-assessments within our institutions. They’re quite similar to the ones we’ve been using in our own Shared CISO group. The session mentioned that there is no such thing as “perfect protection”, but we can always advance our tools in cybersecurity; we can always have make room for continuous improvement.
Rallying the Troops: Practical Tips for Raising Information Security Awareness
Although there have been many advancements in securing the network perimeter. However, humans remain the weakest link and the main target of security attacks. Wilfrid Laurier University showcased how we can communicate effectively with all the employees about security risks and making them aware of their responsibilities in improving the security posture of the organization. We were happy to see the role Wilfrid Laurier ITS is playing in security awareness since they are a part of our shared CISO initiative in which we are working on a collaborative security awareness framework for participating institutions.
How ENCQOR will revolutionize R&E with the help of 5G
Ciena presented on the ENCQOR project, which they also talked about at THINK and of which ORION is proud to be a part. ENCQOR is a $400M public-private partnership that connects the Governments of Canada, Ontario and Quebec and five global digital technology leaders. The project is aiming to construct the first ever Canadian pre-commercial 5G wireless testbed.
Wrap Up
The conference closed out on a refreshing note with a keynote from Jennifer Moss and a breeze of fresh air from the outdoor setup. The keynote profiled the science of happiness and how we can better communicate with our teams. At ORION, our job is to connect research and education institutions with one another through our network and our actions. We’re committed to keeping an open channel with our community to better enable the innovation that makes Ontario a better place. We will continue these conversations and will see you next year in Winnipeg when we can report on the progress we’ve made together.