The National Center for Supercomputing Applications (NCSA) security team has produced “Building a Cybersecurity Program”—a 19-part online video tutorial series—as part of the Center for Trustworthy Scientific Cyberinfrastructure’s (CTSC) continuing effort to improve the cybersecurity of NSF-funded computational science and engineering projects. CTSC is a collaborative effort bringing together expertise in cybersecurity from multiple internationally recognized institutions, including NCSA, Indiana University, the University of Wisconsin-Madison, the University of Wisconsin-Milwaukee, and the Pittsburgh Supercomputing Center (PSC).
Science and engineering increasingly rely on computing, digital data and interoperability for the success of their education, collaboration and research efforts. Collaboration across countries and between disciplines is characterized by its open nature, use of unique instruments, large and complex data sets, and rich ecosystems. Appropriate cybersecurity measures for scientific cyberinfrastructure (CI) can therefore look very different from those of commercial CI. Just evaluating and choosing technologies for identity management, authentication, authorization, and auditing are major challenges.
CTSC feels that cybersecurity should not dictate how science is done; rather, it should support and enable the workflows and technology choices made by science teams.
“CTSC grew from the understanding that these teams want to focus on their research endeavors and collaborate across campus and the across the country without having to worry about what might hinder them doing so freely and openly,” says Randy Butler, Deputy Director for CTSC, leader of CTSC Education, Outreach and Training, NCSA Director of the Cybersecurity Directorate and Chief Security Officer. To address that need, NCSA’s security team put together this series of video tutorials, giving an overview of what cybersecurity looks like for a scientific CI project and how to build it in. “We have outlined a specific process, carefully tailored to the science community’s needs. The new videos make that process easy to understand and enact,” continues Butler.
“Many research projects don’t have the dedicated information security expertise, time or resources to develop a comprehensive information security program,” adds James Marsteller, PSC Information Security Officer and member of the CTSC team. Marsteller was one of the authors who developed the class materials that served as the starting point for the video production process. “Researchers and the general public can be assured these training resources were developed by information security professionals who understand the needs of the scientific CI community’s unique needs.”
Patrick Duda, Research Programmer for NCSA Cybersecurity and producer of these CTSC video tutorials, says the team is now looking to expand this original “how to get started” idea into a full blown, one-stop resource for all things cybersecurity series, “It’s looking at the community that we are working with and saying ‘what is it that a lot of people are struggling with right now and focusing on those particular topics over time.”
Duda imagines that, from here, the team will begin to focus on writing and producing tutorials delving deeper into passwords and password management as well as identity management. They hope to have five new videos posted this summer.