Wednesday, June 22, 2016

NSF Cybersecurity Center of Excellence, ESnet Organize Working Group on Open Science Threats

Managing the security risks to scientific instruments, data and cyberinfrastructure is a priority for creating a trustworthy environment for science. Assessing and managing the risks to the integrity and availability of science, and sometimes also privacy issues, involves making judgments on the likelihood and consequences of threats. Deep experience in understanding  cybersecurity and the science being supported is needed to achieve these goals. As a result, ESnet and the NSF Cybersecurity Center of Excellence are collaborating with research and education community leaders to develop a threat profile for open science to formally capture and benchmark this expertise, allowing other organizations to apply these best practices more broadly.

“Finding the expertise and experience to do risk assessments in the context of science is difficult for many open science projects,” said Von Welch, director of the NSF Cybersecurity Center of Excellence.“  We believe this collaboration will be a valuable, and more importantly, a scalable asset for the community as they look to apply appropriate cybersecurity measures at their science facilities and institutions.”

Organized by Sean Peisert and Michael Dopheide from ESnet and Von Welch and Susan Sons from the NSF Cybersecurity Center of Excellence, a working group of nine scientists and cybersecurity leaders from across the country has been formed to tackle developing the threat profile: Ilkay Altintas (San Diego Supercomputer Center), RuthAnne Bevier (Caltech), James Cuff (Harvard), Rich LeDuc (Northwestern), Pascal Meunier (HUBzero), Reagan Moore (iRods), Stephen Schwab (USC Information Sciences Institute) and Karen Stocks (Scripps Institution of Oceanography).

“Several government and academic organizations involved in cybersecurity policy have built a solid foundation for risk management, but it still takes expert judgment to assess risks for the assets found in the open science community,” said Sean Peisert. “The goal of this effort is to provide tailored guidance to the science community on the threats to science assets and the consequences of those threats to the science mission. This information will provide a basic knowledge framework to expedite managing those threats for the wide portfolio  of open science projects.”

The need for a threat profile is a key component of the NSF solicitation which recently funded the NSF’s Cybersecurity Center of Excellence. “Cybersecurity for science is different than in many other domains. For example, integrity is as important to scientific datasets as confidentiality,” said Anita Nikolich, cybersecurity program director at the NSF's advanced cyberinfrastructure division. “Having a shared, documented understanding of these threats will be a substantial step forward for the NSF community.”

“As the Department of Energy’s network for research and collaboration, ESnet connects so many large DOE experimental and HPC facilities which are producing the datasets that researchers around the world need access to for their research,” Peisert said. “We believe it is a moral imperative to be a part of this effort so the community can have greater assurance that their data and network-connected scientific instruments are secure.”

More information about the working group can be found at or you can follow for updates.

[Edited Oct 26, 2016: The WG subsequently renamed itself to the Open Science Cyber Risk Profile working group. URLs in this article have been updated to reflect that change.]

About the NSF Cybersecurity Center of Excellence •

The Center for Trustworthy Scientific Cyberinfrastructure (CTSC) is funded as the National Science Foundation’s Cybersecurity Center of Excellence. The mission of CTSC is to improve the cybersecurity of NSF science and engineering projects, allowing those projects to focus on their science endeavors. This mission is accomplished through one-on-one engagements with projects to address their specific challenges; education, outreach, and training to raise the state of security practice across the scientific enterprise; and leadership on bringing the best and most relevant cybersecurity research to bear on the NSF cyberinfrastructure research community.

About ESnet •

The Energy Sciences Network (ESnet) is an international, high-performance, unclassified network built to support scientific research. Funded by the U.S. Department of Energy’s Office of Science (SC) and managed by Lawrence Berkeley National Laboratory, ESnet provides services to more than 40 DOE research sites, including the entire National Laboratory system, its supercomputing facilities, and its major scientific instruments. ESnet also connects to over 140 research and commercial networks, permitting DOE-funded scientists to collaborate productively with partners around the world.

Monday, June 20, 2016

LIGO posts Cybersecurity Officer position

The NSF-funded LIGO project, responsible for the recent breakthrough discovery of gravitational waves that validate Einstein's theory, has posted an opening for a Cybersecurity Officer. This represents an opportunity to undertake cybersecurity in the support of scientific research with one of NSF's largest projects.

CTSC is working with LIGO to help advertise the position. Please see the LIGO posting for more information and details on how to apply:

Reminder: Terry Fleury will be presenting the webinar, “Risk Self-Evaluation,” on Monday June 27th at 11am EDT. See the CTSC blog for more information and a link to registration:

Wednesday, June 15, 2016

Help CTSC Build Our Community Cybersecurity Benchmarking Survey

What information about other NSF projects and facilities will help you in your own cybersecurity efforts?  Please take a few minutes to share your thoughts via our online form by Friday, July 1st:

CTSC is developing a benchmarking survey to collect and aggregate information about cybersecurity in the NSF science community. We anticipate including questions on topics like cybersecurity budgets, type and frequency of security incidents, and most-used best practices resources and frameworks.

We want to ensure the survey report is of maximum utility to the NSF researchers, projects, and facilities, and encourage a high level of participation. Your input will help us meet that goal.

Monday, June 13, 2016

Array of Things Privacy Policy Available for Public Comment

The Array of Things (AoT) is an urban sensing project: a network of interactive, modular sensor boxes that will be installed around Chicago to collect real-time data on the city’s environment, and infrastructure for research and public benefit.  The AoT has recently been funded by NSF to enable a variety of scientific research, and CTSC has engaged with AoT to advise on cybersecurity and privacy in its capacity as the NSF Cybersecurity Center of Excellence.

AoT has released their draft privacy policy for public comment.  We encourage members of the NSF community as well as other interested parties to review and comment.

Edited to add: Ways to provide feedback via

CCoE Webinar June 27 11am EDT: Risk Self-Evaluation with Terry Fleurry

CTSC's Terry Fleury will be presenting the webinar, "Risk Self-Evaluation," on June 27th at 11am (EDT).

Please register here.

This talk will present a self-evaluation spreadsheet which can be used by projects to make an initial assessment of their cybersecurity readiness. The spreadsheet is based on the “Securing Commodity IT in Scientific CI Projects” document available as part of CTSC’s Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects (link).

More information about this presentation and speaker bio are on the event page.

Presentations will be recorded and include time for questions with the audience.

Join CTSC's discuss mailing list for information about upcoming events. To submit topics or requests to present, contact us here. Archived presentations are available on our site under "Past Events."

And, we want to remind the community that CTSC is hosting The 2016 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure on August 16th - 18th in Arlington, VA. For more information, see the summit event page.