Tuesday, April 11, 2017

Announcing: 2017 NSF Cybersecurity Summit Call for Participation and Student Program

It is our great pleasure to announce the 2017 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure. The event will take place Tuesday, August 15th through Thursday, August 17th at the Westin Arlington Gateway near the National Science Foundation Headquarters in Arlington, VA. Attendees will include cybersecurity practitioners, technical leaders, and risk owners from within  the NSF Large Facilities and CI community, as well as key stakeholders and thought leaders from the broader scientific and cybersecurity communities.

Call for Participation (CFP) - Now Open
Program content for the summit is driven by our community. We invite proposals for presentations, breakout and training sessions as well as nominations for student scholarships. The deadline for CFP submissions is June 5th. To learn more about the CFP, please visit: http://trustedci.org/2017-nsf-cfp/

Student Program - Now Open
Each year, the summit organizers invite several students to attend the summit. Students who are interested in complex cybersecurity needs around and new, efficient, effective ways to protect information assets while supporting science will benefit most from attending. Students may self-nominate or be nominated by a mentor or a teacher. To learn more about the Student Program, please visit: http://trustedci.org/students2017/

Monday, April 10, 2017

CCoE Webinar April 24th th 11am EDT: HIPAA and FISMA: Computing with Regulated Data

Susan Ramsey and Anurag Shankar are presenting the talk "HIPAA and FISMA: Computing with Regulated Data," on April 24th at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation with attached calendar file.
With cyberattacks and breaches rising exponentially, there is increasing pressure on federally funded scientific and academic institutions to protect regulated data, including identifiable patient data protected by the Health Insurance Portability and Accountability Act (HIPAA), and data collected or processed on behalf of the government, which is subject to the Federal Information Security Modernization Act (FISMA).  Each comes with its own set of cybersecurity requirements, including physical, administrative, technical controls, to be applied using a risk-centric approach.  FISMA specifies the risk methodology to use, namely the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), but still provides considerable latitude in how it can be deployed.  HIPAA leaves the choice entirely to the practitioner. Organizations are also allowed by both regulations to tailor implementation to fit their size, budget, risk tolerance, etc.  This provides great flexibility, but the flexibility comes at a cost. Without prescriptive checklists and tools from the government, interpreting the regulations can be a nightmare, especially for the newly initiated.  Commercial expertise comes at a premium, and may even be beyond reach due to budget. Fortunately, the news is not all bad.  Cybersecurity has seen great improvements in the scientific and academic community in recent years, with a majority of required controls in place already.  Remaining obstacles generally are policies and procedures, risk assessment, mitigation, and, most of all, documentation. While these take time and effort, the bulk is limited to initial implementation, with considerable gains in security and efficiency.  To illustrate this, this webinar will feature two institutions, the National Center for Atmospheric Research (NCAR) and Indiana University (IU).  They will share their stories of how they faced and overcame the FISMA and HIPAA challenges in their research computing environments, and benefited. The webinar will also touch upon the basics of HIPAA and FISMA, the NIST RMF, and how it can be leveraged for HIPAA and FISMA and other types of cyber compliance.
More information about this presentation is on the event page.

Presentations are recorded and include time for questions with the audience.

Join CTSC's discuss mailing list for information about upcoming events. To submit topics or requests to present, contact us here. Archived presentations are available on our site under "Past Events."

CTSC helps CC*DNI awardee tune its cybersecurity practices

CTSC helps CC*DNI awardee tune its cybersecurity practices

The University of New Hampshire Research Computing Center’s (UNH RCC’s) mission is to provide information technology (IT) support for the sponsored research community at UNH and collaborate with higher education, industry, and government to create innovative technologies designed to address important social, environmental, and economic needs. UNH RCC is supported in part by CC*DNI NSF CISE Grant #1541430. CTSC and UNH RCC are conducting an engagement looking at UNH RCC’s existing cybersecurity practices in relation to UNH and the scientists it serves. The engagement has the following related objectives:
  • Produce a report within the next month assessing the current state of UNH RCC’s information security program and make specific prioritized recommendations. 
  • Plan and conduct a period of collaborative work culminating in a 2-4 day CTSC site visit at UNH in early June.  During the site visit, meetings, training sessions, and other activities will leverage the report to build momentum for UNH to implement and sustain the plan's prioritized recommendations. 
This engagement is an opportunity for CTSC to work with a program at an institutional level and positively impact the security of the cyberinfrastructure and trustworthiness of the science it supports.

Thursday, April 6, 2017

CTSC Training at GPN/GWLA Annual Meeting

The Great Plains Network and the Greater Western Library Alliance Annual Meeting will be held in Kansas City on May 31st through June 2nd. CTSC will be providing an Incident Response and Log Analysis workshop during the conference. For more information on the conference please refer to the link below. Details for the workshop are on the Schedule page.


Monday, April 3, 2017

Open Science Cyber Risk Profile Published

In a culmination of efforts, the Center for Trustworthy Scientific Cyberinfrastructurethe NSF Cybersecurity Center of Excellence, and the Department  of Energy’s Energy Sciences Network (ESnet), along with research and education community leaders have published version 1.2 of the Open Science Cyber Risk Profile (OSCRP) -- a living document designed to help principal investigators and their supporting information technology professionals assess cybersecurity risks related to open science projects. A PDF of the OSCRP can be found at https://scholarworks.iu.edu/dspace/handle/2022/21259.