Leverage Trusted CI in your NSF Proposal

NSF recently announced solicitations for both the Integrated Data Systems & Services (IDSS) and NAIRR Operations programs.

“The Integrated Data Systems and Services (IDSS) program supports operations-level national-scale cyberinfrastructure systems and services that broadly advance and facilitate open, data-intensive and artificial intelligence-driven science and engineering research, innovation, and education.” Proposals to this solicitation (NSF 25-544) are due by December 4.

The NAIRR-OC solicitation seeks proposals to establish a community-based organization that will be responsible for the foundational visioning, coordination, operations, and development activities in support of an integrated national infrastructure for AI research and education. The resulting award would advance the National Artificial Intelligence Research Resource (NAIRR) vision for a public-private partnership to accelerate AI innovation and national competitiveness. Letters of intent for this solicitation (NSF 25-546) are due by December 15.

Trusted CI offers the following suggestions to engage us in these areas:

Identify and utilize Trusted CI resources. The Trusted CI Framework provides recommendations and templates for establishing and maintaining cybersecurity programs. Our online training materials and webinars cover many cybersecurity topics tailored to the NSF cyberinfrastructure community. Our annual cybersecurity summit provides a venue for training sessions for cybersecurity practitioners, technical leaders, and risk owners from within the NSF Major Facilities, Mid-Scales, and broader NSF research cyberinfrastructure community.

Indicate your intent to approach Trusted CI. We invite proposing NSF research cyberinfrastructure projects to indicate their intention to approach Trusted CI once they are funded. Trusted CI resources and staff are available to assist NSF projects with cybersecurity plans and training, via consultations and other Trusted CI activities. Proposers are free to include language showing an awareness of cybersecurity of a specific issue and showing you are aware of Trusted CI, how we can help, and that you plan to approach us if funded to collaborate on addressing the issue. You can do this unilaterally without any commitment from Trusted CI (and please be aware it does not commit Trusted CI, we do our best to help all NSF projects, but are subject to our own resource availability).  We ask that you let us know if you reference Trusted CI this way to help us plan ahead.

Possible language to include in a proposal:

Our proposal team recognizes [that cybersecurity is important for the effort we are undertaking | we have a cybersecurity challenge with regards to XXX]. To address this issue we plan to approach Trusted CI, the NSF Cybersecurity Center of Excellence (trustedci.org). Trusted CI engages projects such as the one we propose to help them address cybersecurity challenges and maintain the trustworthy nature of the computational science we support. We understand that engagements with Trusted CI are collaborative and have budgeted resources in our project to work with Trusted CI on our challenge.

Include Trusted CI as a funded partner in your proposal. You can include one or more of the institutions that compose Trusted CI (IU, LBNL, UIUC/NCSA, PSC, University of Wisconsin-Madison, Arizona State University, Sustainable Horizons Institute) via a subcontract on your proposal, a process that provides a firm commitment of our participation. Please contact us to discuss which partner would be most appropriate, whether the commitment would be exclusive for a given solicitation, and the level of effort that would be involved. In this case, we would provide a custom letter of collaboration indicating our agreement to the terms of the subcontract.

Including Trusted CI in other ways. The above are examples and we are open to discussions on other collaborations not listed. If you are preparing a proposal and would like additional assistance from Trusted CI, don't hesitate to contact us to discuss how Trusted CI can help.

More information can be found here: https://www.trustedci.org/includingtrustedci. Please reach out to us at info@trustedci.org with any questions.

Trusted CI Ambassador Engagement at the EarthScope Retreat

Earth’s movements tell a story, from shifting tectonic plates to subtle tremors beneath the Earth’s surface; movements that uncover the Earth’s ever-changing dynamics. Understanding that story requires precise, continuous measurements, and EarthScope provides the infrastructure to make this possible. The facility supports transformative research and education in the geosciences, offering a global community of scientists and educators access to instrumentation, observations, and infrastructure that help decode the physical processes of our planet. 

In September 2025, Trusted CI Ambassador Megha Moncy attended the EarthScope Data Services Retreat in Warwick, Rhode Island, spending three engaging days with the dedicated staff. At the retreat, she had the chance to meet the Data Services team face-to-face and share insights on how Trusted CI supports NSF facilities. She connected with researchers, managers, and leadership, gaining a deeper understanding of EarthScope and exploring practical ways to integrate cybersecurity into day-to-day operations.

Bridging Science and Cybersecurity

As part of her ongoing Ambassador engagement, which includes regular check-ins with Rob Casey, Moncy serves as a liaison between EarthScope and the broader Trusted CI team. She connects the facility with the right cybersecurity expertise, offering guidance on information security, risk management, and other security needs tailored to support the facility’s mission. Building on this ongoing work, the retreat provided an ideal setting for Moncy to highlight how smart, mission-focused cybersecurity can enable groundbreaking scientific work and support EarthScope’s research effectively. 

Megha Moncy, Trusted CI Ambassador to EarthScope presenting cybersecurity insights to the EarthScope team.

During her 30-minute session, Moncy presented Trusted CI’s core mission and the need for helping research facilities find the sweet spot between pushing the boundaries of science and managing cybersecurity risk. From there, she guided attendees through the Trusted CI Framework’s four pillars, Mission Alignment, Governance, Resources, and Controls; demonstrating how each pillar provides practical guidance to strengthen security while supporting the facility’s scientific mission. The session also explored the challenges and opportunities of securing operational technology (OT) and Internet of things (IoT) - enabled instruments. Moncy also highlighted the “Secure by Design” approach, explaining how building security into systems from the start can prevent problems that would be much harder to fix later. 

Beyond her formal presentation, Moncy participated in team-building activities and lunches with leadership and management. These moments allowed informal conversations about cybersecurity priorities, potential collaborations, and the ways Trusted CI can support EarthScope’s mission. Amid the retreat, some exciting news arrived: EarthScope Consortium received the much awaited National Geophysical Facility (NGF) award, opening the door to expanded resources and new opportunities, including for strengthening cybersecurity across the facility.

Reflections from the Retreat

Attending the EarthScope retreat gave Moncy the opportunity to connect with staff and gain an up-close view of the inner workings of a major geophysical facility. She observed a team deeply committed to advancing Earth science and was able to share insights on how Trusted CI’s guidance and services can help strengthen the security and resilience of that work. She is especially grateful to Rob Casey for the invitation to participate, to the organizers who made the retreat run so smoothly, and to the EarthScope staff whose engagement, curiosity, and energy made the three days fly by. The experience left her inspired by the team’s dedication and the collaborative spirit that drives discovery at EarthScope, and she looks forward to many more opportunities to work together.

Safely Steering Scientific Progress on the High Seas

Modern cars are like computers on wheels. From the dashboard displays to the steering wheel and even your car keys, a complex dance of computer parts and mechanical components work together to keep you safe and on the road. Today’s maritime ships are a similar blend of machinery and software. From computers to networks and satellites, the modern ship purrs with an electronic hum, but also includes more mechanical tools like winches, cranes, engines, and bilge pumps. But the very same seamless systems that help ships run smoothly can be compromised. Like cars, ships must be protected against potential hackers and other malicious actors. 

The R/V Sally Ride, docked in Alameda, CA in 2024.

Trusted CI, the NSF Cybersecurity Center for Excellence, has been working with operators of research vessels across the United States to defend ships from cyberattacks. They have been supporting ships before construction on "secure by design" approaches as well as cybersecurity in research vessel operations. Research vessels are floating laboratories and instruments for landlocked researchers to gather information about what lies beneath the waves. The U.S. Academic Research Fleet includes 17 vessels, which are built with the finest electronics and observational instrumentation. They depend upon strict safety protocols to keep them safe.

But as Sean Peisert, the director of Trusted CI explains, “There are the experiments and equipment that are brought onboard, many of which also have digital and computing elements in them, making them potentially vulnerable to cybersecurity issues.”  The consequences of a successful cyberattack could range from loss of data in a scientific experiment to a ship being dead in the water without propulsion, with the implications ranging from loss of time and funding to dangers of the safety of those on board.

Trusted CI’s Sean Peisert prepares for an inspection of the R/V Sally Ride in 2024.

Cybersecurity for a ship isn’t easy. It’s hard enough just keeping a ship running without thinking about computers. Case in point, Trusted CI had plans to join a training cruise in 2024 that was cancelled due to weather conditions. These are the kinds of real-world issues that research vessel operators have to deal with on top of all of the computers and science equipment that makes research vessels so special and distinctive.

In 2023, Trusted CI worked with experts in maritime operational technology at Scripps Institution of Oceanography and Oregon State University to develop “The Operational Technology Procurement Vendor Matrix,” a guide to ensure protection against cyberattacks by a proactive procurement process. Additionally, Trusted CI’s staff has been involved in visiting ships to better understand just how technology operates in real-world conditions.  Most recently, Trusted CI's visits have also included observation of ship inspections, which happen at regular intervals by the National Science Foundation, the U.S. Coast Guard, and the U.S. Navy.

What happens during one of these ship inspections? Peisert says that when he visited the Office of Naval Research’s R/V Sally Ride for a National Science Foundation and US Navy / INSURV inspection, they examined the vessel’s in-port and onboard elements. The inspection of the ship involved evaluating its performance while underway, including its engines, navigation equipment, and crew procedures, and verifying that it met Coast Guard requirements for communication and navigation, including a range of traditional and modern systems. A man-overboard drill was also conducted, including communications between the ship and the recovery team. 

Trusted CI’s Dan Arnold, left, conferring with marine technicians on the R/V Sally Ride in 2023.

The inspection wasn’t just limited to computer systems; inspectors also checked the state of the vessel's physical assets. “It may be interesting to know that Coast Guard rules require not just satellite, modern GPS, and digital, topological navigation charts,” Peisert observes, “but that ships must also carry HF radios that can propagate for thousands of miles, as well as paper charts, and even a sextant for determining latitude.” Inspectors even conducted visual inspections of the ship’s overboard handling system (“A-Frame”) to check the metal for potentially corrosive rust.  

So far, the Trusted CI team has visited the Office of Naval Research’s R/V Sally Ride and Oregon State University’s Hatfield Marine Science Center in Newport, Oregon, the future home port of the R/V Taani. Team members Mike Simpson and Mikeal Jones were present for the Office of Naval Research’s R/V Thomas G. Thompson inspection in September 2024. The Trusted CI team was also involved at the RVTEC 2024 Meeting hosted by the University of New Hampshire in October 2024.

The Trusted CI team is currently preparing for upcoming collaborations with research vessel teams. Simpson and Jones will be present in October for the National Science Foundation Inspection of the R/V Atlantic Explorer in Bermuda.  Another Trusted CI team member, Ishan Abhinit will be involved in the National Science Foundation inspection of the R/V Rachel Carson this November. Finally, Mike Simpson will be involved in the National Science Foundation inspection of the Office of Naval Research’s R/V Armstrong in December 2025.

As for Trusted CI Director Peisert, he plans to join the crew of the R/V Sikulaq, operated by University of Alaska, Fairbanks, in the Spring. While on board, he plans to participate in a cyber-incident drill that will take place during the transit to exercise the crew's skills and procedures in responding to simulated cybersecurity threats while at sea. Peisert says, “Trusted CI looks forward to more of these visits going forward as it continues its ongoing support of the U.S. Academic Research Fleet to ensure that the vessels' cybersecurity programs are as robust as possible for ensuring ship safety and the progress of the ocean science being conducted on the vessels.

Stay tuned for more information about Trusted CI’s maritime activities. Want to check out the activities happening on land this fall? We are hosting a ‘birds of a feather’ session at the NSF Cybersecurity Summit and we will be presenting during Cyber Monday at RVTEC this November. 

Announcing the 2025 Trusted CI Fellowship!

Trusted CI, the NSF Cybersecurity Center of Excellence, is proud to announce the 2025 Trusted CI Fellowship recipients!

We have selected ten individuals with professional interests in cybersecurity from a competitive national pool. These Fellows represent a wide range of institutions, disciplines, and experiences, united by a shared commitment to advancing cybersecurity in their communities in support of trustworthy open science. Throughout their Fellowship year, the Fellows will receive: * Recognition for their contributions to cybersecurity in the open science community. * Professional development opportunities, including specialized training. * Full travel support to participate in the 2025 NSF Cybersecurity Summit in Boulder, CO (October 20-23). Trusted CI looks forward to supporting their journey and seeing the impact they will make in strengthening the security of scientific cyberinfrastructure. Please join us in congratulating the 2025 Trusted CI Fellows! Learn more about our Fellows on our website: https://www.trustedci.org/2025-fellows

 

NSF Cybersecurity Summit | Extended Hotel Block Deadlines – Book Now!

Planning to attend this year's NSF Cybersecurity Summit in Boulder, CO? 

Great news — the hotel room block deadlines have been extended!

 Boulder Marriott & Residence Inn
 Book by Tomorrow, September 23, to secure your group discount.

 Hilton Garden Inn
 Book by Friday, September 26, to secure your group discount.

Trusted CI Webinar: No Harness, No Problem: Extending Fuzzing’s Reach via Oracle-guided Harness Generation, Monday September 22nd @ 10am Central

University of Utah's Stefan Nagy is presenting the talk, No Harness, No Problem: Extending Fuzzing’s Reach via Oracle-guided Harness Generation, on Monday September 22nd at 10am, Central time.

Please register here.

As NIST estimates that today's software contains up to 25 bugs per 1,000 lines of code, the prompt discovery of exploitable flaws is now crucial to mitigating the next big cyberattack. Over the last decade, the software industry mitigated increasing complexity by turning to a lightweight approach known as fuzzing: automated testing that uncovers program bugs through repeated injection of randomly-mutated test cases. Academia and industry have extensively studied fuzzing's three main challenges—input generation, program feedback collection, and, most critically, code harnessing—accelerating fuzzing to find many more vulnerabilities in less time. However, the critical nature of scientific computing—multi-purpose software toolkits, bespoke APIs, and high-performance environments—demands analogous advances in the vetting of scientific cyberinfrastructure. 

In this talk, I will showcase my group's research on automatic code harnessing, a key step toward making fuzzing scalable to today's complex scientific libraries. First, I will introduce our core approach Oracle-guided Harnessing: a technique that mutationally constructs and refines fuzzing harnesses using only library headers, validated through correctness oracles spanning compilation, execution, and coverage. Next, I will discuss our extensions of this approach to the C and Python library ecosystems, where it has uncovered over 70 previously-unknown security vulnerabilities and logical bugs across widely-used codebases. Finally, I will outline my vision for synergistic harnessing techniques that combine emergent large-language-model–driven methods with our Oracle-guided strategies, charting a path toward fully automatic, broadly applicable, and error-free harnessing.

Speaker Bio: 

Dr. Stefan Nagy is an Assistant Professor in the Kahlert School of Computing at the University of Utah, where he directs the FuTURES³ Lab. His work lies at the intersection of software engineering, computer systems, and security, with a focus on making automated vetting of software and systems more effective and efficient irrespective of kernel, architecture, and source code. His research frequently appears at top venues such as ICSE, USENIX Security, and ACM CCS, and has led to the discovery of more than 200 previously-unknown software bugs and security vulnerabilities (futures.cs.utah.edu/bugs). He holds a PhD from Virginia Tech and a BS from the University of Illinois at Urbana-Champaign.

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Secure Your Hotel Room for the NSF Cybersecurity Summit Before September 19

 

Time is running out to book your hotel room for this year's NSF Cybersecurity Summit in Boulder, CO!

The deadline to reserve your room at the discounted group rate is September 19th, and availability is limited.

Reserve your hotel room

This annual Summit brings together cybersecurity practitioners, technical leaders, and risk managers from the NSF Major Facilities and Cyberinfrastructure community. Attendees will also include key stakeholders and thought leaders from across the scientific and cybersecurity landscapes.

There is still time to register for this year's Summit—the deadline is October 6. If you have any questions or need assistance, please reach out to us.

Register for this year's Summit

We hope to see you in Boulder!

Summit Organizing and Program Committee