Tuesday, December 12, 2017

CCoE Webinar Series: Looking toward 2018, review of 2017

The 2017 season of the CCoE Webinar series has concluded. We have spent the last few months scheduling presentations for the upcoming year.

The following topics and speakers have been booked for 2018:
(Webinars are scheduled the 4th Monday of the month at 11am Eastern time.)
  • January 29th: Security Program at LSST with Alex Withers
  • February 26th: SMARTDATA Blockchain with Murat Kantarcioglu
  • March 26th: Data Provenance for Mobile Devices with Leon Reznik
  • April 23rd: Creating Dynamic Superfacilities the SAFE Way with Jeff Chase & Paul Ruth
  • May 28th: SouthEAST SECURE with Jill Gemmill
  • July 23rd: RSARC: Trustworthy Computing over Protected Datasets by Mayank Varia
Join CTSC's announcments mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations.

2017 webinars:
  •  January: Open Science Cyber Risk Profile (OSCRP) by Von Welch & Sean Peisert (Video)(Slides)
  • February: Practical Cybersecurity for Open Science Projects by Susan Sons, Craig Jackson, & Bob Cowles (Video)(Slides)
  • March: SDN and IAM Integration at Duke by Richard Biever & Charley Kneifel(Video)(Slides)
  • April: HIPAA and FISMA: Computing with Regulated Data with Susan Ramsey & Anurag Shankar (Video)(Slides)
  • May: Cybersecurity Research: Transition to Practice with Emily Nichols and Alec Yasinsac (Video)(Slides)
  • June: Provenance Assurance Using Currency Primitives with Anthony Skjellum & Richard Brooks (Video)(Slides)
  • July: Inaugural Security Program at Internet2 by Paul Howell (Video)(Slides)
  • August: Stronger Security for Password Authentication with Stanislaw Jarecki (Video)(Slides)
  • August: An overview of CTSC Engagements & Application Process with Von Welch (Video)(Slides)
  • September: Demystifying Threat Intelligence with Romain Wartel (Video)(Slides)
  • October: Cybersecurity in an Open and Decentralized Network with Aashish Sharma (Video)(Slides)
  • December: CTSC's Services and Vision with Von Welch (Video)(Slides)

Friday, December 1, 2017

CPP-CTSC SFS Cyberinfrastructure Security Workshop

On the weekend of October 14th, the California State Polytechnic University Pomona Scholarship for Service program in collaboration with the Center for Trustworthy Scientific Cyberinfrastructure (CTSC) hosted a cyber workshop for Scholarship for Service (SFS) students. 45 Students from 13 different universities traveled to Pomona, CA, to participate despite looming midterms the following week. Students spent all day Saturday and half of Sunday participating in workshops covering topics such as public key infrastructure and deployment, log analysis + Splunk, network security in a Science DMZ, and federated identity and access management.

The Student Attendees
The students at this workshop are participants of the Cybercorps Scholarship for Service (SFS) program, designed by the National Science Foundation to strengthen the workforce of information assurance professionals protecting the government’s critical information infrastructure. The SFS program provides a scholarship to full-time students that typically includes full tuition, related fees, and a stipend. These students then repay the program through public service and employment in a government agency. Agencies and positions qualifiable for the program include both federal and state institutions.
The CPP and CTSC Instructors
The engagement process started in May of 2017, with CPP submitting an application to CTSC requesting assistance in creating a training workshop for the SFS students. Once the engagement started, CPP and CTSC equally shared the task of planning the event.   Cal Poly Professors Dr. Mohammad Husain, Dr. Ron Pike, and Dr. Tingting Chen, as well as CTSC security professionals Dr. Jim Basney, Jeannette Dopheide, John Zage, and Kay Avila participated in the coordination. Materials from previous CTSC lectures and training were used as a base for the lessons taught by CTSC, as well as for the creation of new material. Hands-on training was prepared in a single virtual machine from the NSF project SEED base image. The SEED image provides a host of instruction and training materials for Information security projects.
The day before the workshop, the CPP staff led the CTSC team through a tour of the facilities and introduced them to the various cyber student groups on the CPP campus. One of these groups, Students With an Interest in the Future of Technologies (SWIFT), were preparing for a national capture the flag competition, while another group, CPP PolySec Lab, was penetration testing integrated devices. A third group demonstrated their student-run data center, including a small server room with server racks and sensors. This data center provides services to students while providing excellent experience to the students managing the server.
On Saturday, the workshop began with Dr. Mohammad Husain, the director of cyber security programs and Cal Poly Pomona’s SFS Principal investigator, introducing the instructors for the weekend. Following introductions, the day started with CTSC instructors introducing a set of cyberinfrastructure projects currently being worked on, namely HTCondor, DKIST, and OSiRIS.
At the end of the day on Saturday, the students were introduced to a panel of professionals to showcase different career paths for the security profession. The panel consisted of Karl Mattson, the Chief Information Security Officer for City National Bank; Veronica Mitchel, a cyber risk officer for the city of Long Beach,  CA; Deronda Dubose, a special agent for the secret service; John W. McGuthry, the Chief Information Officer for Cal Poly Pomona; and Dr. Basney, a CTSC co-PI.  Dr. Daniel Manson, a professor and the campus Information Security Officer at Cal Poly, moderated the conversation. Students did a phenomenal job participating in the panel, giving elevator speeches and promoting their extracurricular activities while receiving feedback on their participation from the panel.
Survey results were collected after the workshop, and responses indicate the hands-on sessions were well received, especially the log analysis session. Ninety-five percent of students found the workshop either good or excellent, while sixty-three percent thought they were more likely to pursue a career in cyberinfrastructure security after the workshop. For more information about the workshop, slides, handouts, and videos will be uploaded here.

Monday, November 27, 2017

CCoE Webinar Dec. 11th at 11am ET: State of the CCoE

CTSC's Von Welch is presenting the talk "The State of the Cybersecurity Center of Excellence" on December 11th at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation with attached calendar file.
The NSF Cybersecurity Center of Excellence (CCoE) leads the NSF community in addressing the cybersecurity challenges in producing trustworthy science. Beginning as the Center for Trusted Scientific Cyberinfrastructure (CTSC) in 2013, the CCoE, funded by NSF's Division of Advanced Cyberinfrastructure, provides cybersecurity resources and services to NSF projects and facilities, at no fee to them. Examples include webinars, the annual NSF Cybersecurity Summit, one-on-one engagements, training, and best practices in the realms of operations, identity management, and software development. This talk will cover:
  • The CCoE’s vision for cybersecurity in the NSF community;
  • The CCoE’s mission and an overview of services offered by the CCoE to the NSF community to instantiate that vision, highlighting recent initiatives on software assurance and reaching small-to-medium sized projects; and
  • Experiences and lessons learned in community engagement and cybersecurity for science over the past four years.
More information about this presentation is on the event page.
Presentations are recorded and include time for questions with the audience.

Join CTSC's discuss mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Monday, October 30, 2017

IAM for Research Organizations at AGU17

CILogon and CTSC are co-organizing a workshop on Identity and Access Management for Research Organizations co-located with the 2017 AGU Fall Meeting. The workshop will provide an overview of identity and access management (IAM) issues including single sign-on (SSO) facing research collaborations and demonstrate IAM solutions available to both large and small collaborations using interactive tutorials. CTSC's Jim Basney and Scott Koranda will present.

The workshop will be held Sunday, December 10 from 9am to 5pm CT at the HIlton New Orleans Riverside. Visit the workshop's Eventbright page to register. There is no registration fee. Space is available for up to 20 attendees.

Workshop topics will include:
  • Research Identity Management Process Needs
  • Federated Identity for Authentication (SAML and OIDC)
  • The Complexities of SAML Federation
  • Non-Browser Clients and Federated Identity
  • Participant Lifecycle Management
  • Application Integration and Provisioning
Please contact jbasney@illinois.edu with any questions about the workshop.

Tuesday, October 10, 2017

Open Science Cyber Risk Profile publications

The Open Science Cyber Risk Profile (OSCRP) is a living document, developed under leadership from CTSC and ESnet, designed to help principal investigators and their supporting information technology professionals assess cybersecurity risks related to open science projects. We’re happy to share an update on its usage and appearances.
Richard LeDuc, Director of Computational Proteomics at the Proteomics Center of Excellence, Northwestern University, presented a poster “Protecting Proteomic Data Processing on the TDPortal with the Open Science Cyber Risk Profile” at the 65th ASMS Conference on Mass Spectrometry and Allied Topics.  The TDPortal is the front end to research system of the National Resource for Translational and Developmental Proteogenomics (NRTDP) running on high performance computing at Northwestern University. The poster describes the NRTDP’s use of the OSCRP to manage risks for the TDPortal.

Two recent articles also covered OSCRP: the University of California IT Blog published “Helping Scientists Understand Research Cyber Risks,” and it was the subject of an article in IEEE Security and Privacy Magazine.

Monday, October 9, 2017

CCoE Webinar Oct. 23rd 11am ET: Incident Response in an Open and Decentralized Network

Berkeley Labs' Aashish Sharma is presenting the talk " Incident Response in an Open and Decentralized Network" on October 23rd at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation with attached calendar file.

This talk presents various aspects and challenges of monitoring and security of a big research network while keeping it open and usable. We focus on issues faced due to following attributes: 
  1. decentralization
  2. high Speed
  3. BYOD policy
  4. openness
We further provide insights into our detection and incident response process using some real world examples and how above attributes influence this process.

More information about this presentation is on the event page.
Presentations are recorded and include time for questions with the audience.

Join CTSC's discuss mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Wednesday, September 27, 2017

CTSC welcomes two leading CIOs to its Advisory Committee

We are very pleased to welcome new members to the CTSC Advisory Committee:

Dr. David Halstead is the CIO for the National Radio Astronomy Observatory, a facility of the NSF operated under cooperative agreement by AUI, where his responsibilities are divided between Data Management for the Observatory’s HPC infrastructure in support of the national radio telescopes, and the general IT support for 500+ employees. He has served on number SuperComputing committees and is a founding member of the ACM’s SIGHPC Education Chapter. Prior to joining NRAO, he worked in the DOE Scalable Computing Laboratory in Ames Lab, and in the private sector with Celera Genomics.  

Dr. Melissa Woo is the Senior Vice President for Information Technology (IT) and Chief Information Officer at Stony Brook University. Prior to joining Stony Brook University, Melissa was the Vice Provost for Information Services and Chief Information Officer at the University of Oregon. Melissa has also worked for the central IT organizations at the University of Wisconsin-Milwaukee and the University of Illinois at Urbana-Champaign leading and supporting a number of areas, including research cyberinfrastructure, enterprise IT services, and IT operations and infrastructure.


David and Melissa join a committee that consists of Tom Barton of the University of Chicago, Neil Chue Hong of the UK Software Sustainability Institute, Nicholas Multari of Pacific Northwest National Lab (PNNL), and Nancy Wilkins-Diehr of the San Diego Supercomputing Center.

Both David and Melissa bring key expertise and experiences to the advisory committee. David, as CIO of NRAO, has the perspective of an NSF Large Facilities and the cybersecurity challenges they face in supporting research. Melissa, as CIO at Stony Brook, brings a wealth of experience in higher education IT and the key role it has supporting research nationally.

We thank both David and Melissa for joining the CTSC Advisory Board and look forward to working closely with them to support research and science cybersecurity challenges.

We also take this opportunity to thank Don Middleton of NCAR for his service on the Advisory Committee and wish him well in retirement.