Wednesday, January 11, 2017

2016 Security Awareness Retrospective

As we enter the new year it’s a good time to reflect on what has happened in the last year and the lessons we should be learning from them. The general goal of our situational awareness mission is to inform on threats to the cyberinfrastructure (CI) of research and education centers. With most alerts it can sometimes be hard to identify overall threats not only to CI but also to you as an individual. We try our best to provide information to help you identify where these vulnerabilities may affect your infrastructure. We translate the issue into a more understandable format so you can make better assessments for how it may affect you, how you can detect it and how it can be resolved.

If you have been taking advantage of this service let us know how it’s been going. We would really appreciate your feedback to help us prepare for our annual report to the NSF as well as to improve the Situational Awareness program. Here is the link to the survey:

In the last year we have provided a number of different alerts for core software like OpenSSH and OpenSSL. We announced vulnerabilities for content management systems WordPress and Joomla. There have been alerts for vulnerabilities in the Linux kernel as well. We have even provided some guidance for named vulnerabilities like Badlock, DirtyCOW and HTTPoxy.

Many of these issues we’ve seen in the last year can be identified, mitigated and/or resolved quickly by taking a few extra steps. If you don’t have the time or expertise on site to manage a service, use professionally hosted services that can provide security mitigation and patching quickly. Use regularly scheduled vulnerability scanning services to identify vulnerabilities in your infrastructure such as unpatched systems or exposed services that you’re unaware of. Protect against compromised passwords by enabling multi-factor authentication. Taking these extra steps can go a long way to protect your infrastructure from pending vulnerabilities.

Back in October we posted about Ransomware and ensuring that you are backing up your data. Every year Ransomware attacks have been increasing in number and complexity. We’ve seen this increase in the last year and expect to see another increase in the next year. If you haven’t already invested in a backup solution for your data this is something you should put effort in as soon as possible.

This last year has also seen the rise of a new compromise vector in small internet devices known as the Internet of Things (IoT). These are embedded devices of everyday things that are connected to the internet. These give you the ability to turn lights on and off, adjust your thermostat, open doors, even cook your food all from your phone. These simple devices are not as complex as a desktop computer and are usually designed for ease of use and not for security. Attackers have taken advantage of this lack of security using the ‘Mirai’ malware to build up an impressively destructive botnet. Because these devices are usually not designed to be upgraded remotely it’s likely this botnet will not disappear soon. In the next year we expect to see increased activity from and growth of this botnet.

The ease at which many of these devices can be added to any network can make this a very real threat for your CI. You may also see devices that show up in offices or on your wireless network. The most likely source of IoT devices will be networks for personal living spaces like dorm networks. The introduction of these devices to your network may create unintended vectors for access to your network. In large enough numbers they can potentially cripple your network if they’re compromised and being used in a DDoS attack. This post from Internet2 has a number of options for mitigating DDoS attacks on your infrastructure.

One of the other things we’ve noticed a lot of in the last year are compromised accounts. Yahoo recently announced the compromise of over 1 billion accounts from as far back as 2013. While large public sites like Yahoo often get mentioned in the news, we do still see lists of compromised accounts for organizations like Universities and small businesses. Also we continue to see re-use of passwords across systems, where a password compromise at a commercial service like Yahoo can lead to compromise of a CI account using the same password. To counteract this many sites and organizations have started to roll out multi-factor authentication solutions to protect their users and systems. The introduction of multi-factor authentication is something we’ll likely be seeing more of in the next year and beyond.

Whatever the new year brings we hope our service will help you navigate through them. If you haven’t already signed up for our mailing lists you can find them here. Security alerts are sent to the CTSC Infrastructure Operators Announce List for issues affecting CI. Alerts that affect software development are sent to the CTSC Software Developers Announcement List. We hope this next year is a safe and secure one.

Monday, January 9, 2017

CCoE Webinar Jan. 23rd 11am EST: Open Science Cyber Risk Profile

Our first webinar for the year will be a team presentation on the Open Science Cyber Risk Profile (OSCRP), on January 23rd at 11am (EST) by Von Welch and Sean Peisert.

Please register here. Be sure to check spam/junk folder for registration confirmation with attached calendar file. 
The Open Science Cyber Risk Profile (OSCRP) is a joint project of the Center for Trustworthy Scientific Cyberinfrastructure, the NSF Cybersecurity Center of Excellence, and the Department of Energy’s Energy Sciences Network (ESnet). Over the course of 2016, the CTSC and ESnet organized a working group of research and education community leaders to develop a risk profile for open science. The risk profile is a categorization of scientific assets and their common risks to science to greatly expedite risk management for open science projects and improve their cybersecurity. The working group released the a draft of the OSCRP for public comment in late 2016.
More information about this presentation is on the event page.
Presentations are recorded and include time for questions with the audience.

Join CTSC's discuss mailing list for information about upcoming events. To submit topics or requests to present, contact us here. Archived presentations are available on our site under "Past Events."


Other upcoming webinar(s) of potential interest

  • XSEDE Science Gateway webinar on January 11th at 1pm EST. 
    • Topic: An overview of SGCI services, see original post for more information
  •  NSF's WATCH webcast on August 18th at 12pm EDT
    • Topic: Mapping Interconnection Connectivity and Congestion, see event page for more information

Tuesday, December 20, 2016

US Antarctic Program/CTSC Report Identifies InfoSec Opportunities

CTSC and the National Science Foundation’s Office of Polar Programs have wrapped up an engagement focused on the United States Antarctic Program (USAP) processes and policies relevant to polar science information security. CTSC produced a report focused on the present state of infosec integration and opportunities for improvements, entitled “Integrating Information Security into USAP’s Science Project Lifecycle”. During the course of the engagement, CTSC reviewed over 110 artifacts and interviewed four representatives of polar science projects and facilities. Additionally, CTSC and USAP held 12 calls with NSF and Leidos staff.

This engagement presented a unique opportunity for CTSC to engage directly with the people and program that facilitates all US science in Antarctica. The CTSC team approached this engagement from the viewpoint of PIs, researchers, and grantee personnel, mapping their experience integrating with USAP’s processes and infrastructure. The report included a factual summary of information security information provided in various phases from proposal to deployment to the ice; opportunities for improvement; and potential areas for future collaborations. The opportunities ranged from event timing, clarification and usability, and improved information security for the science projects. CTSC provided appendices listing the artifacts reviewed, a detailed event timeline from the grantee point of view, and detailed comments on selected artifacts.

Antarctica is an incredibly important and challenging environment for science and the use of technology. Its remoteness and harsh environment stretches the boundaries of where the Internet and other utilities we take for granted can reach and function. The logistics of moving people and technology from hundreds of different institutions on and off the ice is challenging, indeed. CTSC engagement team was honored to have the opportunity to learn about the polar science process and talk to some of the people who make it happen. We hope the report is a valuable input.

In its immediate post-engagement evaluation, USAP selected the following areas where the engagement helped improve cybersecurity: “Communication of risks to decision-makers and stakeholders”; “Increased cybersecurity knowledge among staff and personnel.”

NSF manages the USAP to enable NSF-funded polar research carried out by grantees at colleges and universities nationwide. Within NSF Office of Polar Programs, the Antarctic Infrastructure and Logistics Section (AIL) manages the support systems for the field science, primarily through the Antarctic Support Contractor, Leidos. These functions include station operations, logistics, information technology, construction, and maintenance. USAP has a goal of maximizing grantees’ effective integration of information security planning and implementation into that lifecycle.

For more information regarding the engagement deliverables, please contact Tim Howard, USAP Information Security Manager,

Monday, December 19, 2016

CCoE Webinars: Wrapping up 2016 and preparing for 2017

This year we launched our new webinar series with the goal of delivering high-quality, actionable guidance regarding cybersecurity to the NSF community. We have built an impressive catalog so far and are excited to continue the program in 2017. Suggestions for future speakers and topics are welcome, you can contact us here.

If you missed any of our webinars, here's a list of our presentations from the past year:
A few topics we have planned for early 2017 are:
  • January 23rd: Open Science Cyber Risk Profile (OSCRP)
  • February 27th: Cybersecurity Program for Small Projects
  • March 27th: SDN and IAM Integration at Duke University
Join CTSC's discuss mailing list for information about upcoming events. Happy New Year.

Friday, December 9, 2016

CASC Brochure Features Cybersecurity, NSF Summit

The Coalition for Academic Scientific Computation (CASC) 2017 Brochure features a section on cybersecurity (p.8-9) with remarks from CTSC Director Von Welch and photos from the NSF Cybersecurity Summit.

Wednesday, November 30, 2016

Change of CTSC co-PI and Thank you to Randy Butler

It is with some regret that I announce Randy Butler stepping away from CTSC. Randy Butler has been a CTSC co-PI since CTSC's inception in 2012 and led the Scientific Software Security Innovation Institute Workshops that led to the concepts and documented the community requirements that were the foundation of CTSC.

I wish Randy all the best with his promotion to Senior Associate Director for Integrated Cyberinfrastructure at NCSA.

Jim Basney, already a CTSC co-PI, will be the lead for CTSC activities at NCSA. Bart Miller, currently CTSC senior personnel from the University of Wisconsin, will be taking on a co-PI role in CTSC. Bart’s new role recognizes his strong contributions to software security and training, and CTSC’s growing emphasis on software assurance.


Monday, November 28, 2016

CCoE Webinar Dec. 12th 11am EDT: CICI Regional Cybersecurity Collaboration projects

Our last webinar for the year will be a group presentation on the CICI Regional Cybersecurity Collaboration projects, on December 12th at 11am (EDT). More detailed information about the individual projects is listed below.

The presenters and project names are:
  • Xinwen Fu, New England Cybersecurity Operation and Research Center (CORE)
  • James Joshi & Brian Stengel, SAC-PA: Towards Security Assured Cyberinfrastructure in Pennsylvania
  • Jaroslav Flidr, Substrate for Cybersecurity Education; a Platform for Training, Research and Experimentation (SCEPTRE)
  • Jill Gemmill, SouthEast SciEntific Cybersecurity for University REsearch (SouthEast SECURE)
Anita Nikolich from NSF will provide an introduction to the NSF CICI program.

Please register here. Be sure to check spam/junk folder for registration confirmation with attached calendar file.

More information about this presentation is on the event page.

Presentations are recorded and include time for questions with the audience.

Join CTSC's discuss mailing list for information about upcoming events. To submit topics or requests to present, contact us here. Archived presentations are available on our site under "Past Events."

New England Cybersecurity Operation and Research Center (CORE)

CORE Project Web Site

Presenter: Xinwen Fu (University of Massachusetts Lowell)

The New England Cybersecurity Operation and Research Center (CORE) is a collaboration between cybersecurity researchers and networking experts from the University of Massachusetts Lowell, and Information Technology (IT) support personnel and leadership from the Office of the President of University of Massachusetts (UMass), who work together to improve the security of under-resourced institutions in New England and providing a model of a regional approach to cybersecurity. The researchers have established an open cybersecurity program at UMass, which guides customers through a sequence of steps and selects security controls and technologies from both proprietary solutions and free open source solutions, considering the budget of the institution or enterprise that wants to protect their assets. This project also performs research on emerging threats, trends and defense based on the collected data.

SAC-PA: Towards Security Assured Cyberinfrastructure in Pennsylvania 

Presenters: James Joshi & Brian Stengel (University of Pittsburgh)

Cybersecurity is a growing concern for individuals, communities, nations and the world. Increasing cyberattacks make cybersecurity a critical national security concern. Information technology provides tremendous opportunities to accelerate data-driven scientific research and education. Increasing cybersecurity problems can adversely impact the research and its economic and social benefits if our cyberinfrastructure that supports scientific research and education is not well protected. Beyond innovative cybersecurity solutions, it is critical to establish structured and effective practices and better collaboration among various stakeholders to share cybersecurity resources, expertise and information. This project focuses on establishing a regional collaboration and partnership within the state of Pennsylvania, referred to as SAC-PA. SAC-PA will provide critical support to smaller academic institutions (schools and colleges, etc.) including resource constrained regional institutions that serve under-represented groups, females and high school teachers and students. It will establish a collaboration and partnership framework to enable concerted activities promoting the use of effective cybersecurity techniques and practice of security-assured cyberinfrastructure. While enhancing the cybersecurity posture of PA, SAC-PA will provide a regional cybersecurity collaboration and partnership model that can be adopted by other regions, or be extended for national level collaborations. The SAC-PA project will include participation from the public-private sectors and academic institutions in PA in the following key activities: (i) developing and delivering three regional workshops in Pittsburgh to bring together various regional stakeholders from scientific research related communities with cyberinfrastructure or cybersecurity resources to better understand the regional capabilities; explore existing and emerging cybersecurity challenges/solutions; and devise collaboration and partnerships to enable concerted cybersecurity activities to promote the use of effective cybersecurity techniques and practices; (ii) collaboratively developing training/awareness materials based on the needs and capabilities identified in the workshops, and sharing these extensively with regional partners and beyond through various channels; and (iii) establishing regional partnerships and a shared repository of cybersecurity resources/capabilities to facilitate collaborative and concerted efforts towards protecting scientific cyberinfrastructures.

Substrate for Cybersecurity Education; a Platform for Training, Research and Experimentation (SCEPTRE) 

Presenter: Jaroslav Flidr (The George Washington University)

In collaboration with the Michigan Cyber Range (MCR) facility operated by Merit Network, and the Cyber Academy operated by the College of Professional Studies (CPS) at the George Washington University, the project proposes to establish and deploy an open and flexible technology platform for broad-context cybersecurity education and hands-on training. Initially, the platform will be used in developing and delivering a credit bearing Practicum (2 credit hours) that addresses “Intrusion Detection and Remediation.” The course will be transferable toward the undergraduate certificate in Protection and Defense of Computer Networks, which is part of the Bachelor’s degree completion in cybersecurity. The practicum is a hands-on training that will cover a broad range of network intrusion, prevention, and detection techniques such as implementation and testing of IDS security plans, security monitoring, intrusion detection, alarm management, analysis of events and trends, and vulnerability management. The program will utilize a high-performance, flexible environment built on Cisco’s UCS hardware platform with a modified OpenStack framework. This multi-tenant system, originally developed under an NSF grant, will facilitate the full integration of the Cyber Academy with the MCR resources. Thanks to its virtual nature and its tight coupling with physical cyberinfrastructure components such as HPC, cluster storage arrays, public and private clouds, 100G optical networks, and a wide variety of SDN technologies, the system will be able to deploy nearly any cybersecurity scenario, on demand. The program will start enrolling students immediately after making the platform operational.

Collaborative Research: CICI: Regional: SouthEast SciEntific Cybersecurity for University REsearch (SouthEast SECURE)

Presenter: Jill Gemmill (Clemson)

The SouthEast SciEntific Cybersecurity for University REsearch (SECURE) project helps protect the National Science Foundation's investments in scientific research while providing scientists with tools to safeguard intellectual property and ensure data integrity. The project team provides education, training, and selected cybersecurity services to NSF-funded researchers across the Southeast. The team is multidisciplinary, comprised of cybersecurity experts (both research and practitioner), scientists, and experts in communication. Team members are located in South Carolina, Alabama and Mississippi, with strong representation from Historically Black Colleges and Universities (HBCU). This program raises investigators' awareness of their essential role in creating a secure and trustworthy cyberspace and offers concrete assistance in risk assessment, vulnerability testing, and mitigation tailored to NSF-funded scientists? workflow and program size. Through past collaborations, the team is well positioned to leverage both national and regional cybersecurity organizations and programs to effectively reach the target audience.

SouthEast SECURE impacts the region by raising cybersecurity awareness; providing concise training, assessment, tools and one-on-one help; and assisting in preparation of select cybersecurity metrics. Student interns are conducting many of these activities by means of practicum-based deployment and support, thus developing capabilities in the next generation of cyber professionals. An online survey of NSF-funded investigators in the region will be conducted to learn about their primary cybersecurity challenges and concerns. Training is then tailored to provide concrete and practical assistance in how to do right-sized risk assessment and mitigation. A "toolkit" is provided to test and validate local cybersecurity, and measures of cybersecurity are created and field-tested. The team's approach facilitates communication between research faculty and university IT/Data Security staff. A long-term goal is building communities with common interests in cybersecurity and a commitment to helping others; and building connections with other regions and with national centers and programs.