Since 1 September 2023, teams from the Restena Foundation have been working on a major project to improve the protection of Luxembourg’s research and education institutions against cybersecurity risks. Called LuCySe4RE - "Enhancing Cybersecurity Services for the Luxembourgish Research and Education community", the project is co-funded by the Digital Europe programme of the European Union and will run for three years.
A federated platform for harmonised protection
With LuCySe4RE, Restena intends to set up a security event management platform dedicated to institutions from the Luxembourg research and education community. Each institution will forward its IT security related events to this platform. Restena will analyse these events, in order to provide to all institutions timely advice concerning best practices and countermeasures to deal with them and protect themselves as effectively as possible.
To this end, Restena will draw on its know-how and expertise in network management, the Domain Name System (DNS), system administration, internal development and its ISO27001:2013-certified information security management system. But that is not all: the project team will be able to count on the involvement of institutions representing the research and education community. The University of Luxembourg, the Centre de gestion informatique de l'éducation (CGIE) and the Luxembourg Institute of Health (LIH) will be involved in the development and evolution of the platform.
"With LuCySe4RE, we will improve awareness and readiness level in cybersecurity questions and give access to valuable tools and knowledge before and during cybersecurity attack situations" explain Cynthia Wagner, Security Manager and Chief Information Security Officer at Restena, and Isidore Moreno, Network and Systems Engineer at Restena and LuCySe4RE project manager.
Assessing and raising awareness of cyber security
Alongside the platform, Restena will be assessing the security readiness level of institutions in the sector, using a maturity model developed at the European level to meet the specific needs of the research and education sectors. Called Security Maturity Model for NRENs and set up by the European association GÉANT federating national research and education networks at the European level, this model has been specifically developed for the National Research and Education Networks (NRENs), represented in Luxembourg by the Restena Foundation.
Finally, Restena intends to intensify awareness-raising activities on the relevant cybersecurity threats, measures and tools among staff, researchers and students in research and education institutions. Awareness-raising and prevention resources, training courses and conferences, on issues of IT security, will be developed and organised throughout the project.
Cybersecurity risks: disparities in treatment
As the national research and education network for Luxembourg, the Restena Foundation offers tailor-made services for institutions in the education and research sectors, as well as in the cultural, health and administrative sectors. Over the years, IT security services have become increasingly important, particularly in view of the growing number of IT security incidents affecting the entire economic sphere.
Restena operates a Computer Security Incident Response Team (CSIRT) dedicated to the research and education sectors: the Restena-CSIRT. Working in close collaboration with other security teams in Luxembourg and internationally, Restena focuses on prevention, handling, and response to security incidents. It is in this context that it has observed a disparity in the level of maturity in IT security awareness and preparedness among its constituents.