Monday, January 15, 2018

CCoE Webinar Jan. 29th at 11am ET: Security Program at LSST

NCSA's Alex Withers is presenting the talk "Security Program at LSST" on January 29th at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.
The concept behind the Large Synoptic Survey Telescope (LSST) is simple: conduct a digital image-based survey over an enormous area of the sky and build an extensive astronomical catalogue over the course of ten years. LSST’s astronomical data is the ultimate deliverable to its users. This unique scientific computing environment presents many cyber security challenges. LSST has in place a cyber security program to facilitate its scientific mission: to protect its data access requirements and rights. We will discuss the beginnings of LSST’s cyber security program, adoption and experience with its risk management framework, existing and planned security operations at LSST sites, including the observatory site in Chile and the National Center for Supercomputing Operations (NCSA).

This talk is presented by Alex Withers. Alex is a Senior Cybersecurity Engineer at the National Center for Supercomputing Applications (NCSA). He is the Information Security Officer for the Large Synoptic Survey Telescope (LSST). He is also a PI and co-PI for a number of NSF-funded cybersecurity projects.
Presentations are recorded and include time for questions with the audience.

Join CTSC's announcments mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Thursday, January 4, 2018

CTSC Collaboration with NSF Campus Cyberinfrastructure and CyberTraining Projects

CTSC's Warren Raquel and Mark Krenz at the Great Plains Network & Greater Western Library Alliance training in June 2017
NSF's 2018 solicitation for Campus Cyberinfrastructure (CC*) projects states that the "Campus CI plan should address the campus-wide approach to cybersecurity in the scientific research and education infrastructure," and NSF's 2018 solicitation for CyberTraining projects highlights the need for "training and certification of CI Professionals in cybersecurity technology and management for advanced CI-enabled research."

CTSC resources and staff are available to assist Campus Cyberinfrastructure and CyberTraining projects with cybersecurity plans and training, via one-on-one engagements and other CTSC activities. For example, CTSC recently engaged with the University of New Hampshire Research Computing Center (funded in part by the NSF CC*DNI program).

Our cybersecurity program guide provides recommendations and templates for establishing and maintaining cybersecurity programs. Our online training materials and webinars cover many cybersecurity topics tailored to the NSF CI community. CTSC staff are available to participate in training events as our schedule and travel budget allows. We can also assist with disseminating announcements about training events and training materials to the community. Our annual cybersecurity summit provides a venue for training sessions for cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI community.

If you are preparing a Campus Cyberinfrastructure or CyberTraining proposal to address cybersecurity needs, please see our guidance on including CTSC in a proposal and don't hesitate to contact us to discuss how CTSC can help.

Monday, December 18, 2017

DKIST Data Center Wraps Up Engagement with CTSC

CTSC is pleased to announce our successful completion of a six month engagement with the DKIST Data Center.  The DKIST Data Center (NSF AST-0946422), located in Boulder on University of Colorado’s east campus, serves as the operations data management and processing center for the Daniel K. Inouye Solar Telescope (DKIST). When construction completes in 2019, DKIST will be the largest and most precise solar telescope to date, capable of “zooming in” on the sun to an area roughly the size of a county. Data volume is expected to average around 9 TB/day, spiking up to 64 TB/day during ideal viewing conditions. These scientific measurements and images will be continuously streamed from the telescope’s site in Haleakala on Maui, Hawai’i, to the DKIST Data Center. Recognizing their importance in protecting the integrity, availability, and confidentiality of the data and services supporting the telescope’s critical science mission, the DKIST Data Center reached out to CTSC for an engagement focused on kickstarting their newly-forming cybersecurity program.

After discussion about its needs, the DKIST Data Center staff and CTSC decided to focus primarily on the development of written policies and procedures, and secondarily on recommendations for staffing and discussions about security training resources. CTSC recommended developing, implementing, and maintaining written policies based on the CTSC Guide templates available on the CTSC website at These were used as a starting point after a review of the existing policies.

As a project of the National Solar Observatory (NSO), which is managed by the Association of Universities for Research in Astronomy (AURA), the DKIST Data Center is subject to policies inherited from two parent organizations. Further, as a tenant at the University of Colorado, the Data Center must also comply with all of the university’s security policies. During the engagement, CTSC reviewed security policies from all three organizations in order to advise the Data Center on how to meet the requirements. CTSC offered guidance on how to navigate conflicting policies, as well as advice on when to adopt parent policies as-is versus when to adopt a stricter stance.

During the engagement, the CTSC team had an opportunity to visit the DKIST Data Center offices and facilities. This face-to-face opportunity facilitated communication as we finalized the development process of the security policies and reviewed all the policies written during the term of the engagement. Additionally, CTSC performed a physical review of the data center and a co-located center, provided a tutorial on the risk analysis process, and guided the DKIST staff through a tabletop cybersecurity exercise. DKIST also presented their current network map and demonstrated their current installation and security compliance tools.

Engaging with CTSC early in the creation of their security program allowed DKIST Data Center to develop excellent foundational policies rather than needing to change their operations at a later date. We would like to thank DKIST Data Center staff for their participation in this engagement.

Thursday, December 14, 2017

Save the Date: 2018 NSF Cybersecurity Summit for Large Research Facilities and Cyberinfrastructure - August 21-23, 2018

Please mark your calendar for the 2018 NSF Cybersecurity Summit for Large Research Facilities and Cyberinfrastructure, planned for August 21-23, 2018, in Alexandria, Virginia.
Note that we’re in new location this year.

Stay tuned for more information. We’ll update the website as details develop:

Jim Marsteller - NSF Cybersecurity Summit Program Chair

On Behalf of the Organizing Committee - Diana Borecky, Leslee
Cooper, Ryan Kiser, Mark Krenz, Jim Marsteller, Von Welch

Wednesday, December 13, 2017

DesignSafe-CI and CTSC Complete Cyber-checkup

CTSC has completed its engagement with DesignSafe-CI (DesignSafe), a component of the Natural Hazards Engineering Research Infrastructure (NHERI) and funded by the NSF under a Cooperative Agreement through the Division Of Civil, Mechanical, and Manufacturing Innovation (CMMI) (NSF-1520817).  In a cyber-checkup tailored for DesignSafe’s existing NIST 800-53 based cybersecurity control implementation, CTSC reviewed security documents for DesignSafe, as well as seven experimental facilities (EFs) that DesignSafe governed, and then generated a matrix in order to display the thoroughness of each site’s adherence to best practices in security.  Using this observed data, both CTSC and DesignSafe collaborated in identifying opportunities for improvement for each of the sites' existing security programs.

Tuesday, December 12, 2017

CCoE Webinar Series: Looking toward 2018, review of 2017

The 2017 season of the CCoE Webinar series has concluded. We have spent the last few months scheduling presentations for the upcoming year.

The following topics and speakers have been booked for 2018:
(Webinars are scheduled the 4th Monday of the month at 11am Eastern time.)
  • January 29th: Security Program at LSST with Alex Withers
  • February 26th: SMARTDATA Blockchain with Murat Kantarcioglu
  • March 26th: Data Provenance for Mobile Devices with Leon Reznik
  • April 23rd: Creating Dynamic Superfacilities the SAFE Way with Jeff Chase & Paul Ruth
  • May 28th: SouthEAST SECURE with Jill Gemmill
  • July 23rd: RSARC: Trustworthy Computing over Protected Datasets by Mayank Varia
Join CTSC's announcments mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations.

2017 webinars:
  •  January: Open Science Cyber Risk Profile (OSCRP) by Von Welch & Sean Peisert (Video)(Slides)
  • February: Practical Cybersecurity for Open Science Projects by Susan Sons, Craig Jackson, & Bob Cowles (Video)(Slides)
  • March: SDN and IAM Integration at Duke by Richard Biever & Charley Kneifel(Video)(Slides)
  • April: HIPAA and FISMA: Computing with Regulated Data with Susan Ramsey & Anurag Shankar (Video)(Slides)
  • May: Cybersecurity Research: Transition to Practice with Emily Nichols and Alec Yasinsac (Video)(Slides)
  • June: Provenance Assurance Using Currency Primitives with Anthony Skjellum & Richard Brooks (Video)(Slides)
  • July: Inaugural Security Program at Internet2 by Paul Howell (Video)(Slides)
  • August: Stronger Security for Password Authentication with Stanislaw Jarecki (Video)(Slides)
  • August: An overview of CTSC Engagements & Application Process with Von Welch (Video)(Slides)
  • September: Demystifying Threat Intelligence with Romain Wartel (Video)(Slides)
  • October: Cybersecurity in an Open and Decentralized Network with Aashish Sharma (Video)(Slides)
  • December: CTSC's Services and Vision with Von Welch (Video)(Slides)

Friday, December 1, 2017

CPP-CTSC SFS Cyberinfrastructure Security Workshop

On the weekend of October 14th, the California State Polytechnic University Pomona Scholarship for Service program in collaboration with the Center for Trustworthy Scientific Cyberinfrastructure (CTSC) hosted a cyber workshop for Scholarship for Service (SFS) students. 45 Students from 13 different universities traveled to Pomona, CA, to participate despite looming midterms the following week. Students spent all day Saturday and half of Sunday participating in workshops covering topics such as public key infrastructure and deployment, log analysis + Splunk, network security in a Science DMZ, and federated identity and access management.

The Student Attendees
The students at this workshop are participants of the Cybercorps Scholarship for Service (SFS) program, designed by the National Science Foundation to strengthen the workforce of information assurance professionals protecting the government’s critical information infrastructure. The SFS program provides a scholarship to full-time students that typically includes full tuition, related fees, and a stipend. These students then repay the program through public service and employment in a government agency. Agencies and positions qualifiable for the program include both federal and state institutions.
The CPP and CTSC Instructors
The engagement process started in May of 2017, with CPP submitting an application to CTSC requesting assistance in creating a training workshop for the SFS students. Once the engagement started, CPP and CTSC equally shared the task of planning the event.   Cal Poly Professors Dr. Mohammad Husain, Dr. Ron Pike, and Dr. Tingting Chen, as well as CTSC security professionals Dr. Jim Basney, Jeannette Dopheide, John Zage, and Kay Avila participated in the coordination. Materials from previous CTSC lectures and training were used as a base for the lessons taught by CTSC, as well as for the creation of new material. Hands-on training was prepared in a single virtual machine from the NSF project SEED base image. The SEED image provides a host of instruction and training materials for Information security projects.
The day before the workshop, the CPP staff led the CTSC team through a tour of the facilities and introduced them to the various cyber student groups on the CPP campus. One of these groups, Students With an Interest in the Future of Technologies (SWIFT), were preparing for a national capture the flag competition, while another group, CPP PolySec Lab, was penetration testing integrated devices. A third group demonstrated their student-run data center, including a small server room with server racks and sensors. This data center provides services to students while providing excellent experience to the students managing the server.
On Saturday, the workshop began with Dr. Mohammad Husain, the director of cyber security programs and Cal Poly Pomona’s SFS Principal investigator, introducing the instructors for the weekend. Following introductions, the day started with CTSC instructors introducing a set of cyberinfrastructure projects currently being worked on, namely HTCondor, DKIST, and OSiRIS.
At the end of the day on Saturday, the students were introduced to a panel of professionals to showcase different career paths for the security profession. The panel consisted of Karl Mattson, the Chief Information Security Officer for City National Bank; Veronica Mitchel, a cyber risk officer for the city of Long Beach,  CA; Deronda Dubose, a special agent for the secret service; John W. McGuthry, the Chief Information Officer for Cal Poly Pomona; and Dr. Basney, a CTSC co-PI.  Dr. Daniel Manson, a professor and the campus Information Security Officer at Cal Poly, moderated the conversation. Students did a phenomenal job participating in the panel, giving elevator speeches and promoting their extracurricular activities while receiving feedback on their participation from the panel.
Survey results were collected after the workshop, and responses indicate the hands-on sessions were well received, especially the log analysis session. Ninety-five percent of students found the workshop either good or excellent, while sixty-three percent thought they were more likely to pursue a career in cyberinfrastructure security after the workshop. For more information about the workshop, slides, handouts, and videos will be uploaded here.