The National Cyber Security Centre (NCSC) and the Information Security Office, part of the University of Oxford's Assurance Directorate, gave an update to researchers, academics, and staff on the threat landscape for higher education and research institutions at the Oxford Vaccine Group, on the fourth anniversary of when the Oxford/AZ vaccine research began.
Professor Sir Andrew Pollard and Dr Parvinder Aley OBE welcomed the NCSC to the Oxford Vaccine Group (OVG) where they were given a tour of the clinical and laboratory spaces. They also had unique opportunity to see where the first person received the first Oxford/AZ covid vaccine.
Chief Executive Officer for the NCSC Felicity Oswald said: "The UK has thriving academic and research sectors which remain high-value targets for our adversaries. This threat was in sharp focus during the pandemic and we should be really proud of the collective efforts to protect the Oxford-AZ vaccine research and development as part of the UK’s response to Covid. It is vitally important to continue this collective approach to defending the sector, which we saw again recently when vice-chancellors from the UK’s leading research universities, including Oxford, were briefed by the Deputy Prime Minister, the Science and Technology Secretary, and the intelligence community on the ongoing cyber threat hostile states pose to the nation’s most sensitive academic research."
Former Chief Information Security Officer (CISO) Graham Ingram, who led the University’s incident response to attacks against the University during the Oxford-AstraZeneca (AZ) vaccine development, returned to speak about his experience as CISO during this period. One of our key responses to the threats was the Multi-Factor Authentication (MFA), which is now fully implemented across the collegiate university, reducing the numbers of incidents per month.
He said: "I know at the time that we all felt the weight of responsibility on our shoulders whilst already entangled in a difficult cyber situation. The need to protect the confidentiality, integrity and availability of this data was vital to shortening the pandemic. What eased the weight of this burden was the joint effort from InfoSec, the Medical Sciences Division and departmental IT, the Joint Information Systems Committee (JISC), and a multitude of staff from across the NCSC. It is very rare to consider a cyber calamity resulting in real world harm which could have impacted millions of lives. As a result of the unity of effort between the University and NCSC, we avoided just such a calamity."
Interim CISO Tony Brett also spoke about his experience as Director of Medical Sciences Division (MSD) IT Services at that time, and the crucial support he and his colleagues received from the NCSC and InfoSec in securing the OVG’s vaccine research and protecting the university’s systems.
He said: "Having been the Director of MSD IT Services during the pandemic and now being Interim CISO, I am acutely aware of the importance of protecting clinical trials from cyber interference or attack. I am immensely grateful to the NCSC and InfoSec for working so diligently and tirelessly to protect us from cyber threats thus ensuring the success of the trial, and millions of lives saved."
Different teams within NCSC then presented to research staff within the OVG about the current threat landscape for higher education and research institutions, how the NCSC are mitigating those risks, and the threats the university and its researchers faced during the vaccine development. The NCSC also offered guidance and advice to the audience about what they can do to keep their data safe and secure. A short Q&A followed from the research staff.
Professor Sir Andrew Pollard then hosted the NCSC as well as Pro-Vice Chancellors Professor Anne Trefethen and Professor Patrick Grant at St Cross College for a lunch.
Pro Vice Chancellor Professor Patrick Grant said: "The University can only meet its aspiration to be a global research leader with real-world impact if its research is protected and secure. During the pandemic and our efforts to develop what became the Oxford/AZ vaccine, we came close to seeing our research being critically disrupted. Thanks to our partners at the NCSC and our colleagues in InfoSec, our research remained secure and ultimately, we were able to go on to deliver 3 billion vaccine doses."