Please read our student and staff community guidance on COVID-19
Skip to main content Skip to navigation

JISC Digital Technology Feed

Jisc news

This week, we are joined by Dr Chris Headleand who is director of teaching and learning for the school of computer science at the University of Lincoln.

In this podcast we hear from members sharing their journeys to realising Education 4.0.

We chat with Chris about the power of games to engage with and teach students, looking into the digital skills and soft skills that games can help to develop.

We also talk to Chris about his pirate-themed tour game of the University of Lincoln, which is allowing prospective students to experience the campus digitally.

Show notes

Check out the Lincoln Island game discussed in the episode.

Subscribe to our newsletter for all the latest edtech news, guidance and events tailored to your interests.

Episode guest

Chris Headleand

Dr Chris Headleand, director of teaching and learning for the school of computer science, University of Lincoln



Episode host

Georgie Myers

Georgie Myers, media and content officer at Jisc.
 Read Georgie's LinkedIn profile

Further education institutions have been investing more in cyber security training, products and services in the last few years. More colleges are using third party services to help with detecting and managing threats and there's been an increase in those achieving the Cyber Essentials certifications. 

However, evidence from Jisc's security operations centre (SOC) and the National Cyber Security Centre NCSC) has shown that colleges are still impacted by attacks and concerns about the growing threat of cyber attacks have increased.

Attacks – the facts

Over the past few years, Jisc's computer security incident response team (CSIRT), which covers the national research and education network, Janet, has handled between 5,000 and 6,000 incidents and queries a year. The graph below shows a breakdown of the types of incidents affecting Jisc's members.

Creative Commons attribution information
Graph showing a breakdown of the types of incidents affecting Jisc's members
Graph showing a breakdown of the types of incidents affecting Jisc's members

These statistics help illustrate the breadth of incidents experienced across the education sector; the actual figures are heavily influenced by the activity of Janet CSIRT and the detection of events rather than their actual rates of occurrence. For example, a successful investigation into a botnet will cause that month's malware figures to rise even though the malware may have been active, but undetected, in previous months.

Although the move to remote working for staff and students has changed the threat model facing colleges, it hasn't changed the fact that security remains a high priority. Criminals are notorious for taking advantage of news events and piggybacking on emerging and trending issues, and the current COVID-19 situation is no different.


Very soon after news of the crisis arose, attacks started adapting to take advantage of the new context. Phishing emails have always been a problem and are even more so as criminals use coronavirus-related emails to encourage victims to follow links or download malware.

NCSC warned the public about this in April this year. Although not COVID-19 related, Janet CSIRT has had to respond recently to some extremely serious ransomware incidents. This included one college that had to close down all its systems for more than a week. With all incidents, and particularly business-disrupting examples like this, the sooner Janet CSIRT is contacted, the more effective digital forensics can be, and the quicker normal service can be resumed.

Denial of service attacks

During the last 12 months, Jisc has detected 569 denial of service attacks (DDoS) against colleges in England, which is more than 10% higher than the previous 12-month period. However, looking at the statistics from the start of lockdown until the time of writing (20 March to 20 May 2020), we detected 26 DDoS attacks targeting 15 UK colleges, which is fewer than those seen over the same time period in 2019 (100 DDoS attacks targeting 33 UK colleges).

The number of DDoS attacks in March and April for both years was fairly similar, but May has shown a significant drop, with 47 attacks reported 1-20 May 2019 and just five in the same period this year.

It is too soon to determine if this is due to lockdown changing the way everybody is working (including criminals) or if it is an anomaly. From previous analysis of attacks, and where we have managed to work with colleges to identify perpetrators, Janet CSIRT strongly suspects that a large proportion of DDoS attacks are being launched from within colleges.

Creative Commons attribution information
Graph showing number of DDoS attacks over 12 months
Graph showing number of DDoS attacks over 12 months

With many systems hosted in the cloud rather than on campus, and resources and systems accessed directly from home networks, there is potentially less to gain from launching a denial of service attack against the college network during lockdown.

In one example, Jisc's security analysts were mitigating an attack at a college that was launched at about 09:00. It finished at 12:00 and then started up again at 13:00 before petering out later that afternoon. This suggested that the attacker was somebody on campus who wanted to get online at lunchtime. The Jisc SOC has also detected access from colleges to websites that provide 'attacks as a service': so-called Booter and Stresser sites allow attackers to launch DDoS attacks against any organisation for just a few pounds.


If more colleges sign up to Jisc's Janet Network resolver service (JNRS), then we can help prevent access to such sites from the college network. JNRS can also help mitigate the risk of users' web requests being directed to compromised or dangerous web sites (for example, as a result of phishing or related attacks).

It is also important for colleges to maintain adequate logs on college systems to help identify attackers and determine what they have been up to. When a college experiences a cyber incident, its staff can call on Janet CSIRT for assistance. This could involve providing advice and guidance over email or by phone, but quite often entails a detailed investigation. This can include digital forensics to identify what exactly has happened, and how an attacker managed to get access, for example.

The team helps staff at institutions to get systems back up and working, to enable teaching and learning to continue. The CSIRT team also proactively contacts colleges when incidents have been detected, or when it has been alerted to a particular threat.

Attitude to risk

A total of 70% of respondents to the (pre-COVID-19) AoC/Jisc college IT survey said they either agreed or strongly agreed that their college is able to deal with a cyber security risk. This is an even more confident response than noted in Jisc's 2019 cyber security posture survey where a mean score of 6.6/10 was given in response to the question 'on a scale of 1 (not at all well) to 10 (very well protected) how well do you feel your organisation is protected?' Almost a quarter of respondents gave a score of 8/10 or higher.

Although Jisc has witnessed good practice within some colleges, such as good processes and policies, including patching policies, as with all organisations, there are choices to be made on what is a priority.

There is some concern that not all colleges are aware of the range of threats and that incidents are under-reported: more than half of colleges stated in the 2019 posture survey that they had not reported cyber security incidents in the previous 12 months. In the AoC/Jisc IT survey, 11% of colleges reported experiencing at least one cyber security incident that caused significant business disruption and nearly all (96%) had experienced at least one minor incident.

Resource and expertise

Very few colleges have dedicated cyber security staff. In fact, just 11% of respondents to the 2019 posture survey stated they have specific security roles. Many have small teams with wide-ranging responsibilities, which mean they can't do everything, so they have to prioritise. This might mean important attack vectors are overlooked.

Making good use of technology or working with a trusted partner, can help. Although adoption of security information and event management (SIEM) systems is low within FE currently, (4% according to the 2019 survey), having a central place for logging information from disparate systems helps save time in manually searching for signs of attack and can alert teams when something suspicious has been detected. Similarly, if it is already known what assets are connected to the network, it is easier to effectively manage threats.

From the findings of Jisc's 2019 survey, we know that an increasing number of colleges are ensuring they have basic security controls in place, by gaining the Government's Cyber Essentials certification. From just 4% of colleges in 2018, the 2019 survey results showed a large jump, to 31%. We expect this figure to have increased much further in this year's survey as colleges strive to meet the data security requirements in the Education and Skills Funding Agency's funding agreements.

Culture and training

Cyber security is both a technological and a cultural issue. Having technical controls in place to ensure that systems are kept up to date, patched, scanned for vulnerabilities etc. is key, but so is user training and awareness. It is encouraging to see more colleges training their staff, with an increase from 55% reporting mandatory training for some or all their staff in the posture survey from June 2019 to 67% in the AoC/Jisc IT survey in December.

The number that reported training students is not as positive, however, rising from just under a quarter in the June survey to 27% in December. Ensuring staff and learners are aware of the risk of phishing and malware as well as the need to back up their data is even more important with the current ways of working.

Cyber security awareness training should be in place for everyone across the organisation; getting the board and the directors to buy into the college's cyber security strategy and embedding it throughout the whole organisation is vital.

Build strong defenses

Remote working due to COVID-19 has changed the threat landscape but it still means the basic security controls and training needs to be undertaken. Attackers only have to find one weakness to exploit, so the more eyes on a network, the better the chance of blocking those weaknesses before the attackers get in or very soon after.

Although no institution is immune to cyber-attacks, there are a number of controls that should be in place to make colleges a harder target and to minimise the impact of an attack or breach. Colleges should ensure that systems are patched and kept up to date; networks should be segmented; all users should have information security awareness training; and consideration should be given to implementing a SIEM, either internally or via a managed service to maximise visibility.

Jisc is very keen to work with institutions to improve their cyber security posture and to ensure no college or their students get left behind when it comes to good security practices.

This article is part of a new e-book produced by the Association of Colleges and funded by Ufi, called Creating a post-Covid19 EdTech Strategy, bringing together all the wisdom and lessons learned from lockdown.

To learn more about cyber security, sign up free for Jisc's security conference (3-5 November 2020).

Prospects, which runs the Hedd degree fraud reporting service on behalf of the Office for Students, is warning that degree fraud could rise this year as students denied the usual graduation ceremony picture opportunities instead post selfies with their certificates on social media.

As graduation officers prepare to send out certificates, Prospects (now part of Jisc) is urging higher education providers to advise graduates against showing their degrees online.

Such images could give fraudsters access to everything they need to make illegal copies - logos, crests, signatories, stamps, holograms and wording. All of these are unique to each university and certificate designs change annually to help prevent forgeries.

While fake degrees, labelled as 'novelty', are sold for a few pounds on sites such as eBay, illegal diploma mills are a multi-million pound business.

Prospects works with universities to raise awareness of degree fraud among students with its #certificatefree campaign. Chris Rea, who manages Prospects Hedd at Jisc, said:

"We're expecting to see a rise in pictures of degree certificates posted on social media as these will be the only tangible mark of achievement for many graduates this year. This period marks the end of years of hard work, so we understand that the urge to share certificates will be strong, but the risks of fraud are high.

"Counterfeiters will be waiting to take advantage of graduates whose desire to connect with family and friends online is higher than normal. When students post pictures of their degree certificates, everything required to make a forgery could be visible.

"COVID-19 has led to a challenging graduate jobs market. Graduates should have the best chance they can and not have to compete with people faking their qualifications.

"We don't want to see the market flooded with fake degree certificates based on the real deal. Protect the investment made by genuine students and the reputation of a UK education by refraining from sharing degree certificate selfies."

Prospects degree fraud toolkits offer advice to help protect students, higher education providers and employers.

Jisc is launching an education-specific security information and event management (SIEM) service to help colleges and universities respond quickly to cyber security issues. 

Developed in partnership with member organisations, the SIEM solution will detect security-related anomalies on networks by collating information from various systems, including firewall logs, domain name system (DNS) records and other event logs.

The data is then aggregated into a central system via the popular data management system, Splunk. As Splunk's only managed service provider for education and research in the UK, Jisc already offers a cost-effective managed Splunk license service, which is included as part of the managed SIEM service.

Jisc's team of analysts will tailor the SIEM solution to individual requirements, separating suspicious activity from business-as-usual activity. The team will also triage alerts, assess the threat severity, contact members if they spot a situation that requires urgent attention and advise on how best to resolve the problem.

Among the education providers trialing the managed SIEM is University of Bath. Their IT security officer, Neil Toyne, says:

"As we see the service move towards a production-ready system, we can already see the value that the tool can bring to the established CSIRT at Bath. It's bringing meaningful and considered alerts to the cyber security team that could otherwise be background noise."

Jisc's cyber security product manager, Mark Tysom, says:

"SIEM solutions are widely used by commercial companies to safeguard their business and protect their reputation, but education and research organisations have been slower to implement these services.

"Many members have told us they are interested in a SIEM, but there are blockers: a lack of time and money is a factor and they are also put off by complicated on-boarding processes. To help, our experts will work with colleges and universities to explain the technical setup they'll need to get data flowing from their network into the Splunk platform."

For more information about the managed SIEM service, contact your account manager.

To hear more about cyber security in the HE, FE and research sectors, sign up for the Jisc security conference, running online 3-5 November 2020 - free for staff at member organisations.

As coronavirus continues to take over the UK, universities and colleges are playing a key role in supporting community efforts to fight the virus. From donating space for field hospitals to enabling digital infrastructure through these sites, the education sector is stepping up and sharing expertise. 

Bangor University  

As part of a wider COVID-19 response programme, in April the biggest health board in Wales, Betsi Cadwaladr University Health Board, approached Bangor University looking for resources to help set up a temporary hospital. Canolfan Brailsford, which normally functions as a sports and fitness centre for the university, was selected, and construction began almost right away.

Within a two-week period, Canolfan Brailsford was completely transformed.  

Alongside the essential real estate for the field hospital, it was important that the facility maintain a secure internet connection and network to allow staff to access NHS infrastructure remotely.  

Welsh institutions receive a connection to Jisc's Janet Network through the PSBA, a non-profit organisation that delivers secure connectivity for the public sector in Wales. 

Bangor staff worked with the PSBA to extend the NHS network, using the university's dark – or unused – fibre to provide a connection to the temporary hospital, and facilitate a secure internet link.  

The whole process was a smooth one, says Simone Barberesi, director of IT services at Bangor University:

"This project took less than a week to come together, so we can see what's possible when everyone's working together for a common goal. It's absolutely amazing. 

"The field hospital has full connectivity; everything you'd expect from a hospital, including wired ports, wireless, and a dedicated phone system. And it's all working across the university's fibre."  

As well as making sure the university could support the NHS within as short a timeframe, the IT team also had to perform due diligence in safeguarding the university's network. Simone explains:

"We had to make absolutely certain our network was secure, because our users are remote workers. We had to make sure that connectivity to all areas of the network in Bangor were safeguarded, and that this piece of work didn't put that at risk." 

Aberystwyth University 

Aberystwyth University has also had a hand in supporting the NHS, working with Hywel Dda University Health Board to set up a key worker screening centre and clinical space for local GP use.

The centre, housed on the university's Penglais campus, was set up in late April and is in close proximity to an existing GP surgery, which was already being serviced by the university's digital infrastructure. 

Hefin James, from the university's department of information services, said:

"The university has had digital presence in the nearby surgery for around four or five years. So we already had fibre extended from our main infrastructure running through the surgery. From there it was quite easy to extend it down into the new testing centre." 

This connection was an essential element of the testing centre's digital infrastructure within its first couple of weeks, because although the surgery was running its own Multiple Occupancy Site Service (MOSS) circuit - which allows multiple public sector organisations within the same site to use a single PSBA connection - the bandwidth being delivered was not sufficient.  

The university stepped in and a MOSS circuit was set up on the university's infrastructure which offered more than enough capacity to support the testing centre. This allowed a continuation of operations while an update was delivered.      

The university worked with the PSBA, BT and the Hywel Dda University Health Board during this project, and being a part of the team has been a joy, says Hefin: 

"As engineers, it's in our nature to just to get on and do things without any fuss. But obviously we're pleased to play our own small part in helping the NHS, especially at this time when they're fighting the virus.

"Although it's obviously a very worrying time for everyone, it's been a source of comfort to see everyone pulling together at the university and elsewhere to help out."  

Neath Port Talbot College 

But it is not only the higher education sector that has offered its expertise. Colleges have also played an essential role in supporting the NHS, and Neath Port Talbot (NPT) College offered up its Llandarcy Academy of Sport building as a field hospital for the Swansea Bay University Health Board (SBUHB).  

The college also facilitated network connectivity for the field hospital, providing a wireless access point and connection to Jisc's secure Janet Network, through which hospital staff could connect to NHS infrastructure. They also helped ensure that network points were available throughout the hospital, such as at nursing stations and beds, to support any connectivity needs at these sites.  

Jonathan Fellows, from the informatics directorate at SBUHB, says: 

"Mike Burns from NPT College was extremely helpful in SBUHB IT gaining a quick and comprehensive understanding of the existing network and infrastructure on site. He raised the request with Jisc on our behalf to utilise the existing circuit at the site, quickly and efficiently."   

Jeremy Sharp, Janet chief technology officer, adds:

"Jisc has a proud history of supporting UK education and research with a range of digital services, including the world-class Janet Network. We also work collaboratively with the broader public sector including the NHS, local government, schools, and the private sector into science and innovation parks.

"In this way we are keen to play our part in the UK's digital transformation. It's important that the UK continues to modernise the way we communicate and collaborate, and when met with the necessity demanded by the national response to the COVID-19 pandemic, we have been pleased to be able to play our part in rapidly bringing together solutions.

"All sorts of demands on the UK have meant that we need to learn and work differently, and the Janet Network has, and will continue to be, a key underpinning service. " 

Find out more about the Janet Network.