Jersey Cyber Shield Onboarding

1. About Jersey Cyber Shield from Jersey Cyber Security Centre


We know that users in Jersey are being targeted – either for reconnaissance to find out more about a system or an organisation, or for attack. How will the Cyber Shield help?
James: We are bringing together a series of different services, which together we call the Jersey Cyber
Shield. The idea is that most vulnerabilities you can see from outside private networks will be detected by the shield and then addressed by participant organisations, so that the majority of attacks can be rebuffed.

Can you explain to us in simple terms what the services are that make up the shield?
Paul: The first is a Vulnerability Advisory Service. Vulnerabilities are just weaknesses like unpatched systems, and there are thousands in Jersey at any point in time. JCSC receives daily vulnerability information about systems in the Island from international organisations and from other national CERTs. This information comes from passive scanning of internet-facing devices. The security issues these scans find are communicated to the owners of the systems for them to action.

The second is Advanced Breach Detection. This allows selected organisations to install a variety of honeypots in their network. If you’re not familiar, a
honeypot is a device that is designed to look like a vulnerable device or an enticing file. If someone tries to get access to it, the honeypot will report to JCSC, triggering an alert to the owner to action. If we see lots of alerts, we can look at the patterns and that helps us spot coordinated attacks.

Thirdly, Coordinated Vulnerability Disclosure. This allows any security researcher or member of the public to report a vulnerability that they may have found with an internet facing system in the island. The report will be reviewed and passed on to the affected system owners in confidence.

Finally, we are looking at strengthening the shield though Active Scanning. At the moment, malicious attackers can scan our address space to find
vulnerabilities but we can’t look ourselves, so we need to level the playing field a bit or we will always be a step behind. However we also need to make sure we do this in a legal and compliant way, so we’re looking at bringing this in on an opt-in basis during 2024.

That sounds complicated. Does it really work?
Paul: We started planning the Cyber Shield in 2022, so it has been a full year in development, and we have been testing with manual processes since May this year. This has already resulted in over 500 vulnerabilities being fixed, any of which could have led to a cyber attack. We’re now ready to scale up, and we will continue to develop the service over time.

What does it cost?
James: There is no charge to participate. However we won’t be able to offer all services to everyone. Everyone can access the vulnerability advisory service for example, but deploying honeypots is more complex and requires agreement, so that will be on a case by case basis.

Does the Cyber Shield replace my existing security measures?
Paul: No, it works together with them. You still need to maintain strong controls to protect your organisation. We are providing an extra layer of visibility to help you, but it’s up to you to make sure your organisation is secure.

What’s in it for me?
James: You will have a better picture of your security posture. And you will also have a nice warm feeling because you are not just helping yourself, but the rest of the island as well.

How do I sign up?
James: Click continue below, and fill in the short onboarding form. It will help to have to hand your website address, contact details, and any fixed IP ranges you operate.

Jersey Cyber Shield - Poster

Continue to register >>>