Created by iSolutions and Electronics and Computer Science (ECS), Project CASTLE aims to investigate how universities can benefit from collaboration between external industrial cyber security experts and their own multidisciplinary staff and students.
Dr Federica Paci, project leader and lecturer in Cyber Security within ECS said:
“We will analyse how industrial cyber security best practices can be translated to more open campus environments, where, for example, lecturers commonly use their own preferred devices and services, to produce learning materials and improved institutional practices.
“Another perspective will explore how the student learning experience and university’s security posture can be enhanced through activities including supervised penetration tests of university systems and establishing an appropriate responsible disclosure policy,” she added.
Simon Cox, Chief Information Officer said:
“At the core of the CASTLE Project is collaboration between ECS and iSolutions. This collaboration draws on the strengths of staff from both units to deliver a compelling, realistic, interesting environment and framework within which students are able to work to industry standards.
“The expected project output benefits all parties. Students graduate with experience of working within a real world penetration testing framework, ECS are able to offer a compelling student experience, and iSolutions gain feedback on current IT systems security profile.
“The technical teams on the project were led by Dan Adams, Rick Cross, Kevin Shaw and Oli Bills, thanks to all involved.”
A representative, segregated environment has been created which provides a subset of administrative, teaching and research systems used by the University. These application instances contain no live data, but are configured as closely as possible to those providing live production services.
This environment offers students involved the chance to follow industry standard testing processes against actual configuration services while ensuring that University IT services are not put at risk.
Following completion of testing, reports detailing penetration success and discovered vulnerabilities will be produced and recommendations made. These will be reviewed by ECS as part of student assessment, and by iSolutions who will assess the criticality of each point and act accordingly. There will also be a short debrief by each of the students as to their findings and recommendations.