Training for University Staff in Myanmar

Summary

The project provided information security and advanced network security training for staff and students of Myanmar universities, primarily from the University of Computer Science, Yangon (UCSY), which operates Myanmar’s national research and education network (mmREN). Four workshops, each of four to five days, were conducted between in 2018 and 2019. The project was also supported by the KDDI Foundation.

Details

Aim

The aim of the project is to strengthen the technical network administration and security capacities of university staff, particularly those involved in operating Myanmar’s national research and education network (mmREN). The training material covered a wide range of topics, ranging from threats and countermeasures through to password storage, trends in cyberattacks and penetration testing. The course was designed to take beginner level understanding across a wide range of areas and elevate it to intermediate level understanding, though attendees came from a variety of skillsets and skill levels.

Context

Myanmar’s national research and education network (mmREN) is a digital platform for all universities in the country. It is operated by the University of Computer Studies in Yangon (UCSY). Some of the participants of the workshop were those working on the mmREN, but the project also trained staff from other universities as well as industry.

Outcomes
In addition to providing a broad level of understanding to the participants from a range of universities and industry, it was also an opportunity for APNIC staff and members of the Myanmar Computer Emergency Response Team (mmCERT) to establish contact for ongoing security-related projects and communication.

Outputs

Over 30 staff increased their cybersecurity technical knowledge.

Activities

The first phase of the project delivered four workshops over two years (two per year) with at least 30 technical staff of UCSY and other universities or organizations attending each workshop. The training covered the key concepts, protocols and policies involved to establish and maintain a robust, stable and secure university network and protect the data and processes in it.

A key focus of the training was penetration testing and vulnerability scanning. An entire day of each workshop was dedicated to a hands-on module covering these topics. Penetration testing involves using the same tools and techniques that hackers will use on the network, to determine areas where the network is vulnerable.

The second phase delivered two virtual workshops on routing and information security.