Cybersecurity in UK Universities: mapping (or managing) threat intelligence sharing within the higher education sector

Higher education has recently been identified as a sector of concern by the UK National Cyber Security Centre (NCSC). In 2021, the NCSC reported that universities and higher education institutions (HEI) had been exponentially targeted by cyber-criminals. Existing challenges were amplified or highlighted over the course of the global pandemic when universities struggled to continue to function through hybrid and remote teaching provision that relied heavily on their digital estate and services. Despite the value of the sector and the vulnerabilities within it, higher education has received relatively little attention from the cybersecurity research community. Over 2 years, we carried out numerous interventions and engagements with the UK higher education sector. Through interviews with cybersecurity practitioners working in the sector as well as roundtables, and questionnaires, we conducted a qualitative and quantitative analysis of threat intelligence sharing, which we use as a proxy for measuring and analysing collaboration. In a unique approach to studying collaboration in cybersecurity, we utilized social network analysis. This paper presents the study and our findings about the state of cybersecurity in UK universities. It also presents some recommendations for future steps that we argue will be necessary to equip the higher education sector to continue to support UK national interests going forward. Key findings include the positive inclination of those working in university cybersecurity to collaborate as well as the factors that impede that collaboration. These include management and insurance constraints, concerns about individual and institutional reputational damage, a lack of trusted relationships, and the lack of effective mechanisms or channels for sectoral collaboration. In terms of the network itself, we found that it is highly fragmented with a very small number of the possible connections active, none of the organizations we might expect to facilitate collaboration in the network are playing a significant role, and some universities are currently acting as key information bridges. For these reasons, any changes that might be led by sectoral bodies such as Jisc, UCISA or government bodies such as NCSC, would need to go through these information brokers.