tag:blogger.com,1999:blog-70774966058492435322024-03-17T23:01:08.872-04:00Trusted CI BlogBlog for <a href="https://www.trustedci.org/">Trusted CI</a>.Mark Krenzhttp://www.blogger.com/profile/13524023996157340111noreply@blogger.comBlogger495125tag:blogger.com,1999:blog-7077496605849243532.post-27417072292695308952024-03-04T12:31:00.001-05:002024-03-14T15:15:13.032-04:00Trusted CI Webinar: Lessons from the ACCORD project, March 18th @11am Eastern<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioQEoo8H-2L1RbhhXnuT6HnHu7NPTAUZ4OvlM8K0jq6F4Dkj5qUs4GnzJFgHxAlirql62bcuKP4DvCVJJSatgS87kLXH_qneySkqvPjELUyIbecKkxDzPFQRdSdRu38RSBVGzIqJZKrFijOUblR8igbl495_cW_J3gN-_W5k-c0A-HHzVA0oJ32qPNc_u-/s311/ACCORD_logo.png" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="80" data-original-width="311" height="80" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioQEoo8H-2L1RbhhXnuT6HnHu7NPTAUZ4OvlM8K0jq6F4Dkj5qUs4GnzJFgHxAlirql62bcuKP4DvCVJJSatgS87kLXH_qneySkqvPjELUyIbecKkxDzPFQRdSdRu38RSBVGzIqJZKrFijOUblR8igbl495_cW_J3gN-_W5k-c0A-HHzVA0oJ32qPNc_u-/s1600/ACCORD_logo.png" width="311" /></a></div>Ron Hutchins and Tho Nguyen are presenting the talk, <i>Lesson from the ACCORD Project</i>, on March 18th at 11am Eastern time.<br /><br />Please <a href="https://iu.zoom.us/webinar/register/WN_wb37iuZqQCyV3OlPdLKYuw">register here</a>.<br /><br />The ACCORD cyberinfrastructure project at the University of Virginia (UVA) successfully developed and deployed a community infrastructure providing access to secure research computing resources for users at underserved, minority-serving, and non-PhD-granting institutions. ACCORD's operational model is built around balancing data protection with accessibility. In addition to providing secure research computing resources and services, key outcomes of ACCORD include creation of a set of policies that enable researchers external to UVA to access and use ACCORD. While the ACCORD expedition achieved its technical and operational goals, its broader mission of broadening access to underserved users had limited success. Toward gaining a better understanding of the barriers to researchers accessing ACCORD, our team carried out two community outreach efforts to engage with researchers and computing service leaders to hear their pain points as well as solicit their input for an accessible community infrastructure.<br /><br />In this talk, we will describe the ACCORD infrastructure and its operational model. We will also discuss insights from our effort to develop policies to balance accessibility with security. And finally, we wil share lessons learned from community outreach efforts to understand institutional and social barriers to access.<br /><br />Speaker Bios:<br /><br /><b>Ron Hutchins</b>: In the early 1980’s, Ron worked at the Georgia Institute of Technology to create a networking laboratory in the College of Computing teaching data communications courses there. After moving to the role of Director of Campus Networks in 1991, Ron founded and led the Southern Crossroads network aggregation (SoX) across the Southeast. In 2001 after receiving his PhD in computer networks, he took on the role of Chief Technology Officer for the campus. In August of 2015, Ron moved into the role of Vice President of Information Technology for the University of Virginia, working to build partnerships across the campus. Recently, Ron has moved from VP to research faculty in the Computer Science department at UVA and is participating broadly across networking and research computing in general including work with the State of California building out the broadband fiber network backbone across the state. <p></p><p><b>Tho Nguyen</b> is a computer science and policy expert. He served as project manager for the ACCORD effort from 2019-2021, and continues to support the project implementation and growth. Nguyen is currently a Senior Program Officer at the National Academies of Sciences, Engineering, and Medicine. From 2015-2021 Nguyen was on the research staff in the Department of Computer Science at the University of Virginia where he worked on compute-in-memory and developing HPCs for research. Prior to UVA, he was a AAAS Science and Technology Policy Fellow at the National Science Foundation where he worked primarily on the Cyber Physical Systems program. Nguyen holds a PhD in Systems & Controls (Electrical Engineering) from the University of Washington. </p><p><br />---<br />Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."</p>Jeannette Dopheidehttp://www.blogger.com/profile/15745716926119250550noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-64694462815137328832024-02-07T15:19:00.000-05:002024-02-07T15:19:44.050-05:00Advancing the Cybersecurity of NSF Major Facilities and National Research Cyberinfrastructure: Trusted CI’s Framework Cohort Achievements in 2023<blockquote style="border: none; margin: 0 0 0 40px; padding: 0px;"><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOTXx4d05MG4nsnGhn4dKSpwD-6uq1xPZm7tuemUuJ4Cxam_UTtHQPtBkvM8e420AaKmhJ9xTOHI4MnwcZsqFpdi3P7b0o604vskSJi05vcBP8AMGvSq3QxwfNlGWuWeAnQN4iQQk17g6iiImT3e_oIAtFisKUbSGxKNu-E9x5bCfnhyKl9yDbwzSl5V8/s401/FW%20cybersecurity%20program%20badge_logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="401" data-original-width="401" height="136" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOTXx4d05MG4nsnGhn4dKSpwD-6uq1xPZm7tuemUuJ4Cxam_UTtHQPtBkvM8e420AaKmhJ9xTOHI4MnwcZsqFpdi3P7b0o604vskSJi05vcBP8AMGvSq3QxwfNlGWuWeAnQN4iQQk17g6iiImT3e_oIAtFisKUbSGxKNu-E9x5bCfnhyKl9yDbwzSl5V8/w136-h136/FW%20cybersecurity%20program%20badge_logo.png" width="136" /></a></div><p></p></blockquote><p><br />Trusted CI successfully conducted two more six-month engagements in its ongoing Cybersecurity Framework Cohort Program during 2023, mentoring 11 additional research cyberinfrastructure providers through Framework validated self-assessments and cybersecurity program strategic planning. The cohort during the first half of 2023 comprised representatives from the following NSF major facilities, mid-scale projects, and a scientific consortium:</p><div style="text-align: left;"><a href="https://www.unols.org/us-academic-research-fleet-0" target="_blank">U.S. Academic Research Fleet (ARF)</a>, an NSF major facility<br /><a href="https://icecube.wisc.edu/" target="_blank">IceCube Neutrino Observatory</a>, an NSF major facility<br /><a href="https://www.usap.gov/" target="_blank">United States Antarctic Program (USAP)</a>, an NSF major facility<br /><a href="https://deepsoilecotron.org/" target="_blank">Deep Soil Ecotron (DSE)</a>, an NSF mid-scale project<br /><a href="https://usnan.nmrhub.org/home" target="_blank">Network for Advanced NMR (NAN)</a>, an NSF mid-scale project<br /><a href="https://giantmagellan.org/" target="_blank">Giant Magellan Telescope Observatory Corporation (GMTO)</a>, a scientific consortium</div><p>Five of NSF’s leading high performance computing (HPC) centers composed the cohort during the second half of 2023:</p><div style="text-align: left;"><a href="https://ncar.ucar.edu/" target="_blank">National Center for Atmospheric Research (NCAR)</a><br /><a href="https://www.ncsa.illinois.edu/">National Center for Supercomputing Applications (NCSA)</a><br /><a href="https://www.psc.edu/" target="_blank">Pittsburgh Supercomputing Center (PSC)</a><br /><a href="https://www.sdsc.edu/" target="_blank">San Diego Supercomputer Center at UCSD (SDSC)</a><br /><a href="https://tacc.utexas.edu/" target="_blank">Texas Advanced Computing Center (TACC)</a></div><p>The foundation of the cohort program is the <a href="https://www.trustedci.org/framework" target="_blank">Trusted CI Framework</a>. The Framework was created as a minimum standard for cybersecurity programs. In contrast to cybersecurity guidance focused narrowly on cybersecurity controls, the Trusted CI Framework provides a more holistic and mission-focused standard for managing cybersecurity. For these organizations, the cohort was their first formal training in the Trusted CI Framework “Pillars” and “Musts” and how to apply these fundamental principles to assess their cybersecurity programs.</p><p>Cohort members entered the engagement with a commitment to adopting the Framework at their sites. They then worked closely with Trusted CI to gather site information and create validated self-assessments of their organization’s cybersecurity programs based on the Trusted CI Framework. Each site emerged from the program with a draft Cybersecurity Program Strategic Plan (CPSP) identifying priorities and directions for further refining their cybersecurity programs.</p><p>Several participants provided feedback on the value of the cohort experience to their organizations.</p><p>GMTO’s Sam Chan, IT Director and Information Security Officer, and Efren Sandoval, Cybersecurity Analyst, noted that “...the cohort collaboration process has given us a better understanding of a holistic and mission focused approach to cybersecurity. The cohort collaboration process also brought us together with colleagues from different fields and requirements with similar security controls. Sharing our experiences amongst ourselves helped us learn different approaches to similar areas of concern.”</p><p>Michael Wilson, Infrastructure Architect at UConn Health and Cybersecurity Lead of NAN, observed: “As a result of the cohort experience, NAN was not only able to identify gaps in our original cybersecurity implementation plan and significantly advance our cybersecurity posture, but I have also personally expanded my professional network to share and discuss cybersecurity implementation ideas and lessons learned with colleagues from other NSF facilities. While the cohort program demands considerable effort, the NAN executive team found it to be a worthwhile endeavor. I heartily encourage the leadership of NSF facilities that have not yet participated in the cohort training to do so.”</p><p>Scott Sakai, Security Analyst at SDSC, found that: “Trusted CI’s Framework cohort provided a supportive environment to explore the strengths and weaknesses of the state of our cybersecurity efforts in the context of the Trusted CI Framework. While strengths were praised, shortcomings and challenges were met with non-judgmental, matter-of-fact discussion rather than punitive shaming: a response that promotes a path to resolution and understanding.”</p><p>Mr. Sakai also noted that: “Importantly, the Trusted CI Framework, and guidance from the Trusted CI cohort team emphasize the significance of governance and mission alignment – two foundational concepts that bring together cybersecurity and leadership, and help formulate what a meaningful dialog between the two might look like. This sets it apart from other approaches to a security program that focus on policy and controls, a difference that will hopefully foster an asset that is approachable and predictable instead of a mysterious line-item expense in the budget.”</p><p>In January 2024 Trusted CI began the fifth Framework cohort engagement, whose members include: </p><div style="text-align: left;"><a href="https://simonsobservatory.org/" target="_blank">Advanced Simons Observatory</a><br /><a href="https://biodesign.asu.edu/cxfel/" target="_blank">Compact X-ray Free Electron Laser Project</a><br /><a href="https://www.icpsr.umich.edu/web/pages/" target="_blank">Inter-university Consortium for Political and Social Research</a><br /><a href="https://nationalmaglab.org/" target="_blank">The National High Magnetic Field Laboratory</a><br /><a href="https://sphere-project.net/" target="_blank">Security and Privacy Heterogeneous Environment for Reproducible Experimentation</a><br /><a href="https://www.tmt.org/" target="_blank">Thirty Meter Telescope International Observatory</a></div><p>Trusted CI is excited to be working with these new sites to advance their understanding and implementation of cybersecurity programs and best practices!</p><p>For more information, please contact us at <a href="mailto:info@trustedci.org">info@trustedci.org</a>.</p><div><br /></div>Kathy Benningerhttp://www.blogger.com/profile/06543545418478475494noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-71168727256214265702024-01-24T11:59:00.005-05:002024-01-24T12:08:56.590-05:002023 Summit Report Available, Save the Date for 2024 Summit <p>The report of the 2023 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure is now available on <a href="https://zenodo.org/doi/10.5281/zenodo.10552822" target="_blank">Zenodo</a> for your review.</p><p>Mark your calendar for the 2024 NSF Cybersecurity Summit, which will be held for four full days from October 7-10, 2024, at Carnegie Mellon University in Pittsburgh, PA.</p><p>Like last year, Trusted CI is inviting other groups to schedule full-day training on Monday, October 7, that may interest our community. Tuesday through Thursday will include a mix of plenary and shorter training sessions and workshops. If your organization is interested in providing a full-day training session on October 7, please contact the Summit organizers at summit@trustedci.org and include "full-day training" in the subject line.</p><p>To stay updated and receive more information about the Summit, please check our website, 2024 NSF Cybersecurity Summit, follow the Trusted CI blog, or subscribe to our <a href="https://www.trustedci.org/trustedci-email-lists">announcement email</a>.</p><p>If you have any questions, please don't hesitate to contact us at <a href="mailto:summit@trustedci.org">summit@trustedci.org</a>.</p><p>Thank you, and we look forward to seeing you at the Summit!</p><div><br /></div>Julie Songerhttp://www.blogger.com/profile/16161323599287966774noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-79864382110791607972024-01-04T16:02:00.000-05:002024-01-04T16:02:01.963-05:00Cyberinfrastructure Vulnerabilities 2023 Annual Report<p>The <a href="https://www.trustedci.org/vulnerabilities" target="_blank">Cyberinfrastructure Vulnerabilities</a> team provides concise announcements on critical vulnerabilities that affect science cyberinfrastructure (CI) of research and education centers, including those threats which may impact scientific instruments. This service is freely available by subscribing to Trusted CI's mailing list (see below).</p><p>We monitor a number of sources for vulnerabilities, then determine which ones are of critical interest to the CI community. While there are many cybersecurity issues reported in the news, we strive to alert on issues that affect the CI community in particular. These issues are identified using the following criteria:</p><ul><li>the affected technology's or software's pervasiveness in the CI community</li><li>the technology's or software's importance to the CI community</li><li>the type and severity of a potential threat, e.g., remote code execution (RCE)</li><li>the threat's ability to be triggered remotely</li><li>the threat's ability to affect critical core functions</li><li>the availability of mitigations </li></ul><p>For issues that warrant alerts to the Trusted CI mailing list, we also provide guidance on how operators and developers can reduce risks and mitigate threats. We coordinate with <a href="https://access-ci.org/" target="_blank">ACCESS</a>, <a href="https://osg-htc.org/" target="_blank">Open Science Grid</a> (OSG), and the NSF supercomputing centers on drafting and distributing alerts to minimize duplication of effort and maximize benefit from community expertise. Sources we monitor for possible threats to CI include the following:</p><ul style="text-align: left;"><li><a href="https://www.openssl.org/news/vulnerabilities.html" target="_blank">OpenSSL</a> and <a href="https://www.openssh.com/security.html" target="_blank">OpenSSH</a></li><li><a href="https://www.cisa.gov/uscert/ncas/current-activity" target="_blank">US-CERT advisories</a></li><li><a href="https://access.redhat.com/security/updates/advisory" target="_blank">RHEL</a>/<a href="https://fedoraproject.org/wiki/Security_Bugs" target="_blank">EPEL</a> advisories</li><li><a href="https://www.ren-isac.net/public-resources/AlertsAdvisories.html" target="_blank">REN-ISAC Alerts and Advisories</a></li><li>Social media, such as Twitter, and Reddit (<a href="https://www.reddit.com/r/netsec/" target="_blank">/r/netsec</a> and <a href="https://www.reddit.com/r/cybersecurity/" target="_blank">/r/cybersecurity</a>)</li><li>News sources, such as <a href="https://thehackernews.com/" target="_blank">The Hacker News</a>, <a href="https://threatpost.com/" target="_blank">Threatpost</a>, <a href="https://www.theregister.co.uk/security/" target="_blank">The Register</a>, <a href="https://nakedsecurity.sophos.com/" target="_blank">Naked Security</a>, <a href="https://slashdot.org/stories/security">Slashdot</a>, <a href="https://krebsonsecurity.com/" target="_blank">Krebs on Security</a>, <a href="https://isc.sans.edu/" target="_blank">SANS Internet Storm Center</a>, and <a href="https://www.schneier.com/" target="_blank">Schneier on Security</a> </li></ul><p><b>In 2023 the Cyberinfrastructure Vulnerabilities team discussed 43 vulnerabilities and issued 26 alerts to 187 subscribers.</b></p><p>You can subscribe to Trusted CI's Cyberinfrastructure Vulnerability Alerts mailing list by sending email to <a href="mailto:cv-announce+subscribe@trustedci.org">cv-announce+subscribe@trustedci.org</a>. This mailing list is public and its archives are available at <a href="https://groups.google.com/a/trustedci.org/g/cv-announce">https://groups.google.com/a/trustedci.org/g/cv-announce</a>.</p><p>If you have information on a cyberinfrastructure vulnerability, let us know by sending email to <a href="mailto:alerts@trustedci.org">alerts@trustedci.org</a>.<br /><br /></p>Terry Fleuryhttp://www.blogger.com/profile/03313341421176207441noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-2682690346285459622023-12-15T13:20:00.000-05:002023-12-15T13:20:25.538-05:00Trusted CI Webinar Series: Planning for 2024, review of 2023<p><span style="font-size: small;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnxIgrAkw-mMtGtDTtIvt2i0fDjAi5dYx5O7ahm2l2v5xZ1-_sgg0SqhxzVEwXlAqo-nKjCZm-RY9JKNbidQmBr-8DvA9p9yMXUc2nsZVhCO2z9lRoTB9RAK38GYtLWWlzpYwxiQT8nLfk2JlMDAsXsxJfZsc2DQ99nIlw0ZDFSxo4TuNiKvEOdoW4/s1280/TrustedCI_webinar_logo_blue_.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="389" data-original-width="1280" height="97" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnxIgrAkw-mMtGtDTtIvt2i0fDjAi5dYx5O7ahm2l2v5xZ1-_sgg0SqhxzVEwXlAqo-nKjCZm-RY9JKNbidQmBr-8DvA9p9yMXUc2nsZVhCO2z9lRoTB9RAK38GYtLWWlzpYwxiQT8nLfk2JlMDAsXsxJfZsc2DQ99nIlw0ZDFSxo4TuNiKvEOdoW4/s320/TrustedCI_webinar_logo_blue_.jpg" width="320" /></a></span></span></span><span style="font-family: inherit; font-size: small;"> </span><span style="font-size: small;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The 2023 season of the Trusted CI Webinar series has concluded and we are looking forward to the presentations scheduled in the next year. </span></span></span></p><p style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-size: small;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We are currently booking the 2024 season. </span></span></span><span style="font-size: small;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">See our <a href="https://www.trustedci.org/webinars-cfp">call for presentations</a> to submit a request to present. </span></span></span></p><p style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><br /></p><p style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-size: small;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">In case you missed them, here are the webinars from 2023:</span></span></span><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span></span></span></p><ul style="text-align: left;"><li><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">January ‘23: Real-Time Operating System and Network Security for Scientific Middleware with Gedare Bloom (<a href="https://www.nsf.gov/awardsearch/showAward?AWD_ID=2001789">NSF Award #2001789</a>) (<a href="https://youtu.be/KBc81L2Ze78">Video</a>)(<a href="https://hdl.handle.net/2142/117092">Slides</a>)</span></span></span><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span></span></span></li><li><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">February ‘23: Security Program for the NIH’s <a href="https://nih-cfde.org/">Common Fund Data Ecosystem</a> with Rick Wagner (<a href="https://youtu.be/qztKv0JVFKc">Video</a>)(<a href="https://hdl.handle.net/2142/117226">Slides</a>)</span></span></span></li><li><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">March ‘23: Mutually Agreed Norms for Routing Security (<a href="https://internet2.edu/security/routing-security/">MANRS</a>) with Steven Wallace (<a href="https://youtu.be/cmBRvuOrvoU">Video</a>)(<a href="https://hdl.handle.net/2142/117390">Slides</a>)</span></span></span></li><li><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">April ’23: Advanced Cyberinfrastructure Coordination Ecosystem: Services and Support (ACCESS) with Derek Simmel (<a href="https://www.nsf.gov/awardsearch/showAward?AWD_ID=2138296">NSF Award #2138296</a>) (<a href="https://youtu.be/Ke1_acnvV_k">Video</a>)(<a href="https://hdl.handle.net/2142/117468">Slides</a>)</span></span></span></li><li><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">May ’23: Deception Awareness and Resilience Training (DART) with Anita Nikolich (<a href="https://nsf.gov/awardsearch/showAward?AWD_ID=2230494">NSF Award #2230494</a>) (<a href="https://youtu.be/4G9H0QyTrR4">Video</a>)(<a href="https://hdl.handle.net/2142/118090">Slides</a>)</span></span></span></li><li><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">June ‘23: <a href="https://cacr.iu.edu/projects/SecureMyResearch/index.html">SecureMyResearch</a> with Will Drake, Tim Daniel, and Anurag Shankar (<a href="https://youtu.be/eKfwaGQEkyw">Video</a>)(<a href="https://hdl.handle.net/2142/118192">Slides</a>)</span></span></span><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span></span></span></li><li><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">July ‘23: The Technical Landscape of Ransomware: Threat Models and Defense Models with Barton Miller and Elisa Heymann (<a href="https://youtu.be/bEggA4dFo2k">Video</a>)(<a href="https://hdl.handle.net/2142/120029">Slides</a>)</span></span></span><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span></span></span></li><li><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">August ‘23: Leveraging Adaptive Framework for Open Source Data Access Solutions with Jeremy Grieshop (<a href="https://youtu.be/k8ou1i1MnGI">Video</a>)(<a href="https://hdl.handle.net/2142/120073">Slides</a>)</span></span></span><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span></span></span></li><li><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">September ‘23: Improving the Privacy and Security of Data for Wastewater-based Epidemiology with Ni Trieu (<a href="https://www.nsf.gov/awardsearch/showAward?AWD_ID=2115075">NSF Award #2115075</a>)</span></span></span><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> (<a href="https://youtu.be/E64Mvsh-fzU">Video</a>)(<a href="https://hdl.handle.net/2142/120616">Slides</a>)</span></span></span></li><li><span style="font-size: small; white-space: pre;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">December 4th: Enhancing Integrity and Confidentiality for Secure Distributed Data Sharing (Open Science Chain) with Subhashini Sivagnanam (<a href="https://www.nsf.gov/awardsearch/showAward?AWD_ID=2114202">NSF Award #2114202</a>) (<a href="https://youtu.be/e6s7jLu1e0E">Video</a>)(<a href="https://hdl.handle.net/2142/121168">Slides</a>)</span></span></span><br /></li></ul><p style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: left;"><span style="font-size: small;"><span style="font-family: inherit;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Join Trusted CI's</span><a href="https://list.iu.edu/sympa/subscribe/ctsc-announce-l" style="text-decoration: none;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration-skip-ink: none; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">announcements mailing list</span></a><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> for information about upcoming events. Our complete catalog of webinars and other presentations are available on our</span><a href="https://www.youtube.com/channel/UCD2sZ957eokDw8mcjkHXvXw" style="text-decoration: none;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration-skip-ink: none; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">YouTube channel</span></a><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">. See our <a href="https://www.trustedci.org/webinars-cfp">call for presentations</a> to submit a request to present. For questions or feedback, email us at <a href="mailto:webinars@trustedci.org">webinars@trustedci.org</a>.</span></span></span></p>Jeannette Dopheidehttp://www.blogger.com/profile/15745716926119250550noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-53661351329532813452023-12-15T10:54:00.005-05:002023-12-15T10:58:03.113-05:00Announcing publication of the Operational Technology Procurement Vendor Matrix<p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5Urgybf5_b9Y10geP_m_l2jWr_cvtvB2PGQuDynPuBPrB0MkobnP47GuCQuYZs9HVNUuWvNVuuqEKx6suZ4tJiTGa8P65agNx82rCM2jK0WcXyV31a3xu8jsBzAR9Yb70-1Y_vUvO28e-2FiTeF2Csa3RswAitFSMRMejVDeKFoYeLY6c6O1M2rIaa4Xw/s1900/3-ship_to_right-2021_1900x900.jpg" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="900" data-original-width="1900" height="152" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5Urgybf5_b9Y10geP_m_l2jWr_cvtvB2PGQuDynPuBPrB0MkobnP47GuCQuYZs9HVNUuWvNVuuqEKx6suZ4tJiTGa8P65agNx82rCM2jK0WcXyV31a3xu8jsBzAR9Yb70-1Y_vUvO28e-2FiTeF2Csa3RswAitFSMRMejVDeKFoYeLY6c6O1M2rIaa4Xw/s320/3-ship_to_right-2021_1900x900.jpg" width="320" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>RCRV Photo: The Glosten Associates</i><br /></td></tr></tbody></table><p></p><p>The Trusted CI Secure by Design team has completed work on “The Operational Technology Procurement Vendor Matrix.” The purpose of this document is to assist those in leadership roles during the procurement process. It’s meant to help formulate questions for vendors to discuss security controls on devices that will be used for maritime research.<br /><br />The matrix includes a list of controls, requirements for the control, potential questions for vendors, tips, and real world examples justifying a given control. <br /><br />For example, Item #3 in the matrix is an inventory requirement stating that security vulnerabilities in vendor-provided software must be patched. The Threat Actor Example we cite to justify the requirement is the WannaCry vulnerability. We include an example question that could be used when discussing with the vendor. (Click the image below to see in better detail.)<br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhK9uvV3to60qAerJ2O8RKhsldaAWdClyqIwq2oQ8qRVAKfLrwkIUTZ1zbIXQfsZzyp9wfn2u278JtaIRW6Aj7Ew67q7tyM3H0idlKrb9hJpP13BcgDDIYXAHDoQRrZVNBt-s1JLhJKgwJJ4vSGugvTV_8x666nAnVodCHzKNKqsyG1hjLj3xgsn5HYJZmH/s2025/TrustedCI%20Matrix%20Blog%20Post%20Image.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1454" data-original-width="2025" height="288" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhK9uvV3to60qAerJ2O8RKhsldaAWdClyqIwq2oQ8qRVAKfLrwkIUTZ1zbIXQfsZzyp9wfn2u278JtaIRW6Aj7Ew67q7tyM3H0idlKrb9hJpP13BcgDDIYXAHDoQRrZVNBt-s1JLhJKgwJJ4vSGugvTV_8x666nAnVodCHzKNKqsyG1hjLj3xgsn5HYJZmH/w400-h288/TrustedCI%20Matrix%20Blog%20Post%20Image.png" width="400" /></a></div><p>The document can be viewed and downloaded here <i>(Note: The file is available in many formats)</i>: <br /><br /><a href="https://zenodo.org/doi/10.5281/zenodo.10257812"><b>https://zenodo.org/doi/10.5281/zenodo.10257812</b></a><br /><br />This document represents the work of many people, including critical feedback from maritime operational technology practitioners (Scripps Institution of Oceanography’s <a href="https://scripps.ucsd.edu/news/uc-san-diego-receives-35-million-state-funding-new-california-coastal-research-vessel">CCRV</a>, and Oregon State University’s <a href="https://ceoas.oregonstate.edu/regional-class-research-vessel-rcrv">RCRV</a> and <a href="https://oceanobservatories.org/">OOI</a>). We are grateful for their contributions to this effort. <br /><br />Our goal is to share this matrix and continue to develop its utility after receiving feedback from the Trusted CI community. To contact us, email <a href="mailto:info@trustedci.org">info@trustedci.org</a>.<br /></p>Jeannette Dopheidehttp://www.blogger.com/profile/15745716926119250550noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-18856548701243648442023-12-06T16:34:00.008-05:002023-12-07T11:45:57.214-05:00Student Program at the 2023 NSF Cybersecurity Summit<p></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-ICwQB0c_tI0Wkokuqva0dXBw89m_bQ3ZRkg59VSrfzQOC4M14tiHftISzpoqp4MktW0_38pzeD2f9LqsUNIi0wYq8Sjukt3AI7Wri2UDo4yar0pZFVaW-mJKZ5qupHAugXJLlWbmWXd_IvIaSuezpb8eDptNl0ih0zNrxI4N-qhUpDR0pmNrjeE6BFsr/s13221/CyberecuritySummit23_groupMentorsStudents_6165(1).png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="9216" data-original-width="13221" height="223" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-ICwQB0c_tI0Wkokuqva0dXBw89m_bQ3ZRkg59VSrfzQOC4M14tiHftISzpoqp4MktW0_38pzeD2f9LqsUNIi0wYq8Sjukt3AI7Wri2UDo4yar0pZFVaW-mJKZ5qupHAugXJLlWbmWXd_IvIaSuezpb8eDptNl0ih0zNrxI4N-qhUpDR0pmNrjeE6BFsr/s320/CyberecuritySummit23_groupMentorsStudents_6165(1).png" width="320" /></a></div><p></p><p>In October, we hosted our <a href="https://www.trustedci.org/2023-cybersecurity-summit">annual NSF Cybersecurity Summit</a>, which was a hybrid event hosted at <a href="https://www.lbl.gov/about/">Berkeley Lab</a>. Our student program welcomed nine students to attend the in-person training sessions, present posters, network with fellow attendees, and introduce themselves to our community. We also matched students with mentors to help facilitate networking opportunities.</p><p>We give special thanks to our mentors: Ishan Abhinit, Jim Basney, Phuong Cao, Eric Cross, Wei Feinstein, Mark Krenz, Jim Marsteller, Sean Peisert, Kelli Shute, and Susan Sons.<br /><br />We asked the students to share their thoughts on their experiences at the Summit. Below are their responses. <i>These statements have been lightly edited for clarity</i>. <br /><br /><u>Chad Callegari, University of South Alabama</u>: <br />My experience at the 2023 Trusted CI Cybersecurity Summit completely exceeded my expectations in the best ways possible. I had never before attended a conference before this event, and as a student it was initially intimidating to be in a new environment with professionals from the field. I quickly learned just how inviting everyone at the event was, and everyone quickly made the environment one that I could feel comfortable in. I was able to learn so many new things from the trainings that were put on, and meet so many great people both other students and professionals. The event allowed me to learn about the different opportunities that I had not ever known about before and I was also able to talk with many of these professionals about potential opportunities for the future. The event was a great success for me and I hope to participate in other Trusted CI events in the future!<br /><br /><u>Matheu Fletcher, University of Illinois at Urbana-Champaign</u>: <br />The summit was a great experience as my first real conference. My biggest personal takeaway was the friendliness and helpful nature of the community present. Similarly, the biggest technical aspect I learned from the event was gaining a better understanding of Zeek, along with various development tools I heard discussed that I can make use of to be more efficient in both work and personal projects. Additionally, I gained a better understanding of the ever-changing balance between creating and detecting AI generated texts.<br /><br /><u>Robert Johnson, The University of Tennessee at Chattanooga</u>: <br />I thoroughly enjoyed my experience at the NSF Summit cybersecurity conference held at UC Berkeley. Not only were the surroundings gorgeous, but the organizers and attendees were extremely inviting. The more experienced members went out of their way to speak to first-time attendees providing networking opportunities. I believe it is important for students to familiarize themselves with the experience of attending a professional development conference. I enjoyed many of the talks and remained engaged despite the topics being niche and specific to different areas of cybersecurity. I am grateful to be able to speak with people from a variety of institutions, businesses, and countries and exchange knowledge.<br /><br /><u>Kaneesha Moore, Mississippi State University</u>: <br />As a rather curious yet reserved individual, I was delighted to have TrustedCI’s 2023 NSF Cybersecurity Summit as my first professional conference. The atmosphere felt welcoming and inviting, and one could feel the passion for cybersecurity in the air – as cliché as it sounds. The workshops were intriguing and encouraged hands-on participation from other attendees which reinforced the topics discussed during the sessions. It is hard to choose a favorite, but I really enjoyed the workshops on artificial intelligence/machine learning and intrusion detection topics – Zeek, deep machine learning intrusion detection for SCADA (and similar) systems, and tutorials on detecting deepfake messages. It felt like an educational getaway with like-minded individuals who wanted to share and gain knowledge. I thoroughly enjoyed my time, and I hope to attend next year’s conference!<br /><br /><u>Ololade Odunsi, University of New Haven</u>: <br />Attending the 2023 NSF Cybersecurity Summit was one of the best decisions I have ever made. I had the opportunity to meet industry professionals who were open to speaking with students and peers about topics they were interested in. From being paired with a mentor, to learning hands-on cybersecurity workshops and listening to seminars - the summit could not have been more value packed. I especially enjoyed the opportunity to present my poster on my background and projects I have worked on to the attendees, who were attentive and supportive.<br /><br /><u>Henry Schmidt, University of Arkansas</u>: <br />I had a great experience at the Trusted CI NSF Cybersecurity Summit. It was fantastic to see and talk to the wide array of individuals who came to the conference. There was a considerable variety of seminars, talks, and workshops to attend. I liked in particular the talk on deep learning IDS by Dr. Ismail from Tennessee Tech as well as the security log analysis workshop by Mark Krenz, Ishan Abhinit, and Phuong Cao. It was a pleasure to talk with the other students and professionals from around the world at the conference. Everyone was genuinely interested in the work other people were doing in the cybersecurity space. Thank you to everyone that stopped by my poster to talk with me about the work that CyberHogs is doing with RazorHack Cyber Challenge at the University of Arkansas! I look forward to reaching out to everyone and carrying these connections with me as I move forward in my academic and professional career.</p><p>The Student Program has continued to be a very rewarding experience for us. If you are interested in becoming a mentor next year, please contact us at <a href="mailto:summit@trustedci.org">summit@trustedci.org</a>.<br /></p>Jeannette Dopheidehttp://www.blogger.com/profile/15745716926119250550noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-83013302189269890752023-11-20T12:39:00.000-05:002023-11-20T12:39:03.414-05:00Trusted CI Webinar: Open Science Chain, Dec. 4th @11am Eastern<div style="text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5NKflZJU-6OD4QjQWRd9W6FNxFOjhZT8yex1rtUfYm_8RBdnIAYYXaS1s78Fd5lE45F6zs1aPSqz4n9AOpLI0c6L7EKEUEVgnuH0pgQSnneJzcDocfS0TVRqfyxYCYBLOTbuYUW_B_yLI17T7jPLrH_7JUNZADEWhzhBMmcsefbfoL4p1Ab3Vm8xmO2Va/s618/Subha.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="410" data-original-width="618" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5NKflZJU-6OD4QjQWRd9W6FNxFOjhZT8yex1rtUfYm_8RBdnIAYYXaS1s78Fd5lE45F6zs1aPSqz4n9AOpLI0c6L7EKEUEVgnuH0pgQSnneJzcDocfS0TVRqfyxYCYBLOTbuYUW_B_yLI17T7jPLrH_7JUNZADEWhzhBMmcsefbfoL4p1Ab3Vm8xmO2Va/s320/Subha.png" width="320" /></a></div>San Diego Supercomputer Center's Subhashini Sivagnanam is presenting the talk,<i> Open Science Chain - Enabling Integrity and Metadata Provenance for Research Artifacts Using Open Science Chain</i>, on December 4th at 11am Eastern time.</div><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p>Please <a href="https://iu.zoom.us/webinar/register/WN_KipCD_nbQu-OBg0hkipu2A">register here</a>.</p><p></p>The envisioned advantage of sharing research data lies in its potential for reuse. Although many scientific disciplines are embracing data sharing, some face constraints on the data they can share and with whom. It becomes crucial to establish a secure method that efficiently facilitates sharing and verification of data and metadata while upholding privacy restrictions to enable the reuse of scientific data. This presentation highlights our NSF-funded Open Science Chain (OSC) project, accessible at <a href="https://www.opensciencechain.org">https://www.opensciencechain.org</a>. Developed using blockchain technologies, the OSC project aims to address challenges related to the integrity and provenance of research artifacts. The project establishes an API-based data integrity verification management service for data-driven research platforms and hubs, aiming to minimize data information loss and provide support for managing diverse metadata standards and access controls.<p><b>Speaker Bio:</b></p><p>Subhashini Sivagnanam is the manager of the Cyberinfrastructure Services and Solutions (CISS) group at the San Diego Supercomputer Center/ UCSD. Her research interests predominantly lie in distributed computing, cyberinfrastructure development, scientific data management, and reproducible science. She serves as the PI/Co-PI on various NSF/NIH projects related to scientific data integrity and developing cyberinfrastructure software. Furthermore, she oversees the management of UC San Diego’s campus research cluster known as the Triton Shared Computing Cluster.<b><br /></b></p><p></p><p><span style="font-size: small;">---<br /></span></p><span style="font-size: small;">Join Trusted CI's <a href="https://www.trustedci.org/trustedci-email-lists?rq=lists">announcements mailing list</a> for information about upcoming events. To submit topics or requests to present, see our <a href="https://trustedci.org/webinars-cfp">call for presentations</a>. Archived presentations are <a href="https://trustedci.org/webinars">available on our site</a> under "Past Events."</span>Jeannette Dopheidehttp://www.blogger.com/profile/15745716926119250550noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-28305735226487105332023-11-13T15:01:00.006-05:002023-11-13T15:01:45.315-05:00Thank You to Debra Chapman and Alec Yasinsac!Since joining the Trusted CI team in 2021, Debra Chapman and Alec Yasinsac at the <a href="https://www.southalabama.edu/">University of South Alabama</a> have been leading Trusted CI’s <a href="https://www.trustedci.org/technology-transition-to-practice">transition to practice</a> (TTP) efforts. Through their work, they have fostered connections between researchers and practitioners and led the creation of a suite of TTP resources based on best practices and successes. In 2023, they hosted two free TTP workshops for researchers and industry professionals to come together and discuss challenges, resources, and how to move forward with transitioning their research.<br /><br />We thank Debra and Alec for their many contributions to the NSF TTP community and wish them all the best with their future endeavors!Kelli Shutehttp://www.blogger.com/profile/08611415753623346274noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-11478859609595964812023-11-06T15:42:00.000-05:002023-11-06T15:42:12.573-05:00Trusted CI members help Indiana local governments prevent cyber attacks<p>Trusted CI’s Craig Jackson and Ranson Ricks are leading an effort, called Cybertrack, to help local Indiana governments prevent cyber attacks. Cybertrack was initiated by the Indiana Office of Technology in partnership with cybersecurity experts from Indiana University and Purdue.</p><p>To accomplish this, they are relying on the Trusted CI Framework, which has been adopted by the state as part of its standard for local government cybersecurity. The Cybertrack team is expected to complete more than 300 assessments by 2026.</p><p><a href="https://news.iu.edu/live/news/31980-iu-co-leads-effort-to-help-local-governments-prevent-c" target="_blank">Read the full article published by Indiana University</a></p>Julie Songerhttp://www.blogger.com/profile/16161323599287966774noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-46149976833905167022023-10-03T11:50:00.002-04:002023-10-03T12:08:40.783-04:00MS-CC Cybersecurity Community of Practice<p>The <a href="https://www.ms-cc.org/">Minority Serving - Cyberinfrastructure Consortium (MS-CC)</a> is launching its Cybersecurity Community of Practice on October 10, 2023, from 2-3 p.m. ET. The community of practice will meet monthly, on the second Tuesday of every month. Jim Basney (Trusted CI) and Stephen Bollinger (North Carolina A&T State University) will be co-chairs.</p><p>This community of practice aims to create a supportive and collaborative space for faculty, researchers, staff, and students from minority serving institutions to continue their conversations around the topic of cybersecurity.</p><p>To participate in this and other MS-CC activities, please submit the <a href="https://www.ms-cc.org/join">MS-CC Participation Form</a>.</p>Jim Basneyhttp://www.blogger.com/profile/03020327423025316235noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-37727153027891445742023-09-21T11:07:00.002-04:002023-09-21T11:07:46.071-04:00Zeek and Jupyter Full-Day Security Training at the 2023 NSF Summit<p>This year the Summit is pleased to partner with Zeek and Project Jupyter to offer full-day training and a workshop on Monday October 23, 2023. </p><p><a href="https://zeek.org/" target="_blank">Zeek</a>, an open source network security monitoring tool, will offer two full-day training sessions. <b>“Hands-on Zeek Scripting”</b> will walk attendees through the fundamentals of Zeek Scripting along with some practical exercises. <b>“Intermediate to Zeek” </b>will teach attendees how to set up their own Zeek cluster deployments in production together with all the cluster components and the new Zeek management framework.</p><p><a href="https://jupyter.org/" target="_blank">Project Jupyter</a> is an open-source project sponsored by the non-profit NumFOCUS, that supports interactive data science and scientific computing. The <b>“Jupyter Security Workshop”</b> will expand on the current Jupyter security practices by focusing on the following near- and long-term goals: </p><p></p><ul style="text-align: left;"><li>Bring together people interested in contributing to security in Jupyter.</li><li>A white paper on “Jupyter Security Best Practices”.</li><li>Summarizing Jupyter development practices that target security.</li><li>Recommendations for security governance within the Project Jupyter governance model.</li><li>Based on any security gaps in documentation, software, processes, or other areas, identify potential support mechanisms to address them.</li></ul><p></p><p>All of these sessions will only be offered in-person. There is not a remote participation option and the sessions will not be recorded. More information on these and all of the Summit sessions can be found <a href="https://www.trustedci.org/abstracts-2023-nsf-cybersecurity-summit" target="_blank">here</a>.</p><p><b>Due to LBNL site access requirements, in-person registration is required by September 29. The registration </b><b>cut-off for inclusion in the</b><b> Hotel Shattuck room block with the reduced rate is 5:00pm PST on Friday, September 22, 2023. </b></p>Kelli Shutehttp://www.blogger.com/profile/08611415753623346274noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-16108215378586908912023-09-12T11:45:00.001-04:002023-09-12T13:37:29.263-04:00Trusted CI Webinar: Improving the Privacy and Security of Data for Wastewater-based Epidemiology, Sept. 25th @ 11am ET<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBiTsb-wvUfJ9bgVpyCnhn1knbFb3LyYEoUAJT6QMaqiXb2wycapr9pS2EFjsnAJks0RksRcKYA7KXJTBxvSeC8d-GBpNRSPAugDc2swYkY3z9wES8iTJYYQqOwpXZjx45CDXoQX8pD3QdbaC3aNeL3ALV_Fy5Aqi7sjAXsFfQKcZ8BfcdXf-_cjuNkIEq/s739/thumbnail_photo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="456" data-original-width="739" height="197" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBiTsb-wvUfJ9bgVpyCnhn1knbFb3LyYEoUAJT6QMaqiXb2wycapr9pS2EFjsnAJks0RksRcKYA7KXJTBxvSeC8d-GBpNRSPAugDc2swYkY3z9wES8iTJYYQqOwpXZjx45CDXoQX8pD3QdbaC3aNeL3ALV_Fy5Aqi7sjAXsFfQKcZ8BfcdXf-_cjuNkIEq/s320/thumbnail_photo.png" width="320" /></a></div><p></p>Arizona State University's Ni Trieu is presenting the talk,<i> Improving the Privacy and Security of Data for Wastewater-based Epidemiology</i>, on September 25th at 11am Eastern time.<p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p>Please <a href="https://iu.zoom.us/webinar/register/WN_vJBK1Df9RzOyuOvJd4cifg">register here</a>.</p><p></p><blockquote><p>As the use of wastewater for public health surveillance continues to expand, inevitably sample collection will move from centralized wastewater treatment plants to sample collection points within the sewer collection system to isolate individual neighborhoods and communities. Collecting data at this geospatial resolution will help identify variation in select biomarkers within neighborhoods, ultimately making the wastewater-derived data more actionable. However a challenge in achieving this is the nature of the wastewater collection system, which aggregates and commingles wastewater from various municipalities. Thus various stakeholders from different cities must collectively provide information to separate wastewater catchments to achieve neighborhood-specific public health information. Data sharing restrictions and the need for anonymity complicates this process. <br /></p></blockquote><blockquote><p>This talk presents our approaches to enabling data privacy in wastewater-based epidemiology. Our methodology is built upon a cryptographic technique, Homomorphic Encryption (HE), ensuring privacy. Additionally, we outline a technique to enhance the performance of HE, which could be of independent interest.</p></blockquote><p><b>Speaker Bio:</b></p><p>Ni Trieu is currently an Assistant Professor at Arizona State University (ASU). Her research interests lie in the area of cryptography and security, with a specific focus on secure computation and its applications such as private set intersection, private database queries, and privacy-preserving machine learning. Prior to joining ASU, she was a postdoc at UC Berkeley. She received her Ph.D. degree from Oregon State University.<b><br /></b></p><p></p><p><span style="font-size: small;">---<br /></span></p><span style="font-size: small;">Join Trusted CI's <a href="https://www.trustedci.org/trustedci-email-lists?rq=lists">announcements mailing list</a> for information about upcoming events. To submit topics or requests to present, see our <a href="https://trustedci.org/webinars-cfp">call for presentations</a>. Archived presentations are <a href="https://trustedci.org/webinars">available on our site</a> under "Past Events."</span>Jeannette Dopheidehttp://www.blogger.com/profile/15745716926119250550noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-75086009551108059372023-09-08T15:13:00.002-04:002023-09-08T17:54:23.212-04:00 Registration is open for the 2023 NSF Cybersecurity Summit!<p><span face="Calibri, sans-serif" style="color: #444444; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Registration is open for the</span><a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.trustedci.org%2F2023-cybersecurity-summit&data=05%7C01%7Cdborecky%40iu.edu%7C59f2f6a4baf64effa67408db98fbc5e3%7C1113be34aed14d00ab4bcdd02510be91%7C0%7C0%7C638271979342984825%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2F4CVjCz1OPJSavvRU%2BGRMo49YQIB0%2BFGvBh3oKXqal8%3D&reserved=0" style="text-decoration-line: none;"><span face="Calibri, sans-serif" style="color: #444444; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> </span><span face="Calibri, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">2023 NSF Cybersecurity Summit</span></a><span face="Calibri, sans-serif" style="color: #444444; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">! Please join us at the </span><a href="https://www.lbl.gov/" style="text-decoration-line: none;"><span face="Calibri, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">Lawrence Berkeley National Laboratory</span></a><span face="Calibri, sans-serif" style="color: #444444; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> in Berkeley, CA from October 23-26. If you are unable to join in person, please register to join virtually instead. Attendees will include cybersecurity practitioners, technical leaders, and risk owners from within the NSF Major Facilities and CI community, as well as key stakeholders and thought leaders from the broader scientific and cybersecurity communities. The Summit provides a forum for National Science Foundation (NSF) funded scientists, researchers, cybersecurity, and cyberinfrastructure (CI) professionals, and stakeholders to develop a community and share best practices. The Summit will offer attendees training sessions and workshops with hands-on learning of security tools, security program development, and compliance for research. </span></p><span id="docs-internal-guid-2e73a252-7fff-a394-40d3-dd84d5c69b21"><p dir="ltr" style="line-height: 1.38; margin-bottom: 12pt; margin-top: 12pt;"><span face="Roboto, sans-serif" style="color: #444746; font-size: 10.5pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;">Due to site access requirements, registration is required by September 29. Later registration cannot be accommodated. </span><span face="Calibri, sans-serif" style="color: #444444; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"> Please </span><a href="https://indianauniv.ungerboeck.com/prod/emc00/PublicSignIn.aspx?&aat=msu8jTB1D1nAwIT2pLNmVKSuL9VINtvWx9ztqTVUZ5c%3d" style="text-decoration-line: none;"><span face="Calibri, sans-serif" style="color: #1155cc; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space-collapse: preserve;">register</span></a><span face="Calibri, sans-serif" style="color: #444444; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space-collapse: preserve;"> by September 29</span><span face="Calibri, sans-serif" style="color: #444444; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">.</span><a href="https://indianauniv.ungerboeck.com/prod/emc00/register.aspx?aat=ZwtkyGqgdQUk4NBinSu6Hi6kqx1QAzEWOklHqqzGSUs%3d" style="text-decoration-line: none;"><span face="Calibri, sans-serif" style="color: #444444; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"> </span></a></p><p dir="ltr" style="background-color: white; line-height: 1.38; margin-bottom: 12pt; margin-top: 0pt; padding: 2pt 0pt 0pt;"><span face="Calibri, sans-serif" style="background-color: transparent; color: #444444; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">Thank you on behalf of the Program and Organizing Committees. We look forward to seeing you there!</span></p><div><span face="Calibri, sans-serif" style="background-color: transparent; color: #444444; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></div></span>Diana Boreckyhttp://www.blogger.com/profile/17185786916706861353noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-65265355878351960452023-08-21T14:59:00.000-04:002023-08-21T14:59:49.056-04:00Cybersecurity Research Transition To Practice (TTP) Virtual Workshop (Sep 14-15 2023)<p>Interested in Cybersecurity Research Transition To Practice (<a href="https://www.trustedci.org/technology-transition-to-practice">TTP</a>)? Join us for a free virtual workshop, funded by NSF, on September 14th (2pm-5pm Central Time) and September 15th (8am-12pm Central Time). See the flyer below for more details.</p><p>Please register at: <a href="https://forms.gle/pLTx1EYPoMxgueu1A">https://forms.gle/pLTx1EYPoMxgueu1A</a> </p><p>For more information about Trusted CI's Cybersecurity Research Transition to Practice (TTP) program, please visit: <a href="https://www.trustedci.org/ttp">https://www.trustedci.org/ttp</a></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisMk6Zp5Y5QUsPFkDs8PicAhmVXmW9yST98U44zM08Nxp7pOvn69QLDN5l9f9mllycqgTvpNbj4wbb69Es_4baE7S0dvsB3Lom-6OdQWxjHncY01O4JxbcWXMc2Sk_62mNXup3t0G4O_xiW3gDRs2Ww_nnJIsQiaR0P2_SGkJyfVVP73TkF4BmYQiMRpk/s3300/TTP%20Workshop%20Sept14_15v2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="3300" data-original-width="2550" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisMk6Zp5Y5QUsPFkDs8PicAhmVXmW9yST98U44zM08Nxp7pOvn69QLDN5l9f9mllycqgTvpNbj4wbb69Es_4baE7S0dvsB3Lom-6OdQWxjHncY01O4JxbcWXMc2Sk_62mNXup3t0G4O_xiW3gDRs2Ww_nnJIsQiaR0P2_SGkJyfVVP73TkF4BmYQiMRpk/w494-h640/TTP%20Workshop%20Sept14_15v2.png" width="494" /></a></div><br />Jim Basneyhttp://www.blogger.com/profile/03020327423025316235noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-82168789934475017622023-08-17T15:12:00.002-04:002023-08-17T16:03:09.278-04:00Trusted CI at August 24 MS-CC All Hands Meeting<p>This month's Minority Serving - Cyberinfrastructure Consortium (<a href="https://www.ms-cc.org/" target="_blank">MS-CC)</a> All Hands Meeting will feature a presentation by Jim Basney about the <a href="https://www.trustedci.org/framework" target="_blank">Trusted CI Framework for Cybersecurity Programs</a>. Join us on Thursday, August 24 at 12pm ET for Jim's presentation followed by a discussion about cybersecurity at Minority Serving Institutions (MSIs). Visit <a href="https://www.ms-cc.org/calendar/all-hands-meetings" target="_blank">https://www.ms-cc.org/calendar/all-hands-meetings</a> for Zoom coordinates and additional details, including past meeting recordings. </p><p>Trusted CI also participated in the 2023 MS-CC Annual Meeting in May. Visit <a href="https://www.ms-cc.org/2023-annual-meeting" target="_blank">https://www.ms-cc.org/2023-annual-meeting</a> for presentation materials and other information from that meeting.</p>Jim Basneyhttp://www.blogger.com/profile/03020327423025316235noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-50420390444118703342023-08-14T09:00:00.005-04:002023-08-14T09:00:00.135-04:00Trusted CI Webinar: Leveraging Adaptive Framework for Open Source Data Access Solutions, August 28th @11am EST<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIo5QzrTCWKhppyFR9_OjleAODQZhTRL63hiJRE1uOvZEOsDYl86F4kqCzno256KXnyfPGgTnntsvTzf9Y1ErAHkTXCajmqO8C2OtIpIEKh4psW8jol7qFmo1OMSbq8vQ8ExOTQxMB4gXaVNzo-faoaYFoHzPZW6qFllArhVN1RQWWqK-CLEALnQcQye33/s5008/Jeremy%20Grieshop%20w%20Clemson%20logo.png" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="5008" data-original-width="3452" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIo5QzrTCWKhppyFR9_OjleAODQZhTRL63hiJRE1uOvZEOsDYl86F4kqCzno256KXnyfPGgTnntsvTzf9Y1ErAHkTXCajmqO8C2OtIpIEKh4psW8jol7qFmo1OMSbq8vQ8ExOTQxMB4gXaVNzo-faoaYFoHzPZW6qFllArhVN1RQWWqK-CLEALnQcQye33/s320/Jeremy%20Grieshop%20w%20Clemson%20logo.png" width="221" /></a></div>Clemson University's Jeremy Grieshop is presenting the talk,<i> Leveraging Adaptive Framework for Open Source Data Access Solutions</i>, on August 28th at 11am Eastern time.<p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p>Please <a href="https://iu.zoom.us/webinar/register/WN_BU7KOZN-TBqknCiAAoAHVA">register here</a>.</p><p></p><blockquote><p>More than a decade ago, Clemson University outlined the requirements needed to integrate several campus-wide enterprise applications in a way that would automate the exchange of data between them, and establish the relationships of that data to the unique identities that represented all users within the system, including faculty, staff, students, alumni and applicants. There would be no direct access of data, except through applications that were approved and had established Memorandum of Understanding (MOU) contracts in place. This project was known as the Clemson Vault. </p><p>Within the Identity Management space, solutions for automating the provisioning of identities are offered by several vendors these days. However, mileage and cost vary when you wish to integrate arbitrary university resources, such as mailing lists, disk storage, building card access, and course registrations. Open source solutions, with all of the above requirements, are non-existent.</p><p>At Clemson University, we combined licensed vendor software and in-house apps, scripts and procedures to create a data integration solution that met the original requirements. This implementation has served us well for many years, but many of the drawbacks to the current design prompted us to begin pulling out many of these features into its own project, where we could collaborate on features and enhancements for the future with institutions outside of our own organization. The patterns, interfaces, and source code that emerged from the original vault were extracted out, embellished and migrated into an open source repository known as Adaptive Framework (<a href="https://github.com/afw-org/afw">https://github.com/afw-org/afw</a>).</p><p>Clemson University has been working on this project for several years now, and has recently released this open source framework for building data access solutions that provide web service API’s, data transformation tools, real-time data provisioning and an authorization architecture. The framework that has emerged offers a built-in scripting language, pre-compiled server-side applications and an administrative web interface.</p><p>Although it was originally designed for the implementation of an open source identity vault, we envision a broader adoption of this framework for other data-driven needs, such as extending databases with metadata, building policy-based authorization systems, and integrating data repositories with a metadata catalog, and varying levels of access control, across federated environments.</p><p>Our goal with this project is to gather external support from both commercial and public institutions to help make this framework sustainable moving forward.</p></blockquote><p><b>Speaker Bio:</b></p><p>Jeremy Grieshop is a software engineer (B.S. Miami University, M.S. Clemson University) and has been employed by Clemson University since 2001. His role has been in software development for the Identity Management team and has been directly involved in the software design and implementation of many of the authentication and provisioning software, along with self service tools that are in place at Clemson University today.<b><br /></b></p><p></p><p><span style="font-size: small;">---<br /></span></p><span style="font-size: small;">Join Trusted CI's <a href="https://www.trustedci.org/trustedci-email-lists?rq=lists">announcements mailing list</a> for information about upcoming events. To submit topics or requests to present, see our <a href="https://trustedci.org/webinars-cfp">call for presentations</a>. Archived presentations are <a href="https://trustedci.org/webinars">available on our site</a> under "Past Events."</span>Jeannette Dopheidehttp://www.blogger.com/profile/15745716926119250550noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-46442372383876483152023-08-09T09:52:00.003-04:002023-08-09T09:53:47.699-04:00Trusted CI and NSF RSI-ISAO<p>As NSF's Cybersecurity Center of Excellence (CCoE), Trusted CI is engaged with the connections between cybersecurity and <a href="https://new.nsf.gov/research-security">research security</a> - see the recently published <a href="https://blog.trustedci.org/2023/08/feedback-requested-on-trusted-ci-five.html">Trusted CI Five-Year Strategic Plan</a> for details. An effective cybersecurity program enables NSF facilities and projects to protect cyberinfrastructure from misuse by a breadth of adversaries, including adversaries that may be motivated by foreign government interference. While Trusted CI's cybersecurity mission is distinct from the research security mission of NSF's planned Research Security and Integrity Information Sharing Analysis Organization (<a href="https://www.nsf.gov/publications/pub_summ.jsp?ods_key=nsf23613">RSI-ISAO</a>), Trusted CI looks forward to coordinating and collaborating with the RSI-ISAO when appropriate, with a common goal for "research that is as open as possible, but as secure as necessary" [1].</p><p><u>RSI-ISAO proposing organizations, please note</u>: Trusted CI will not be providing letters of commitment for the NSF 23-613 solicitation [1], but proposals may cite this blog post when discussing plans for collaboration with Trusted CI. </p><p>Trusted CI welcomes inquiries and feedback. If you have any questions or comments, please <a href="https://www.trustedci.org/contact/">contact us</a>.</p><p>[1] <a href="https://www.nsf.gov/pubs/2023/nsf23613/nsf23613.htm">https://www.nsf.gov/pubs/2023/nsf23613/nsf23613.htm</a> <br /></p>Jim Basneyhttp://www.blogger.com/profile/03020327423025316235noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-84504612660376143482023-08-02T16:08:00.000-04:002023-08-02T16:08:05.778-04:00Feedback Requested on Trusted CI Five-Year Strategic Plan<p>NSF cyberinfrastructure is an engine of scientific research and innovation and underlies much of the science that Major Facilities enable. Key cyberinfrastructure components, including supercomputers, data repositories, sensor arrays, ships, software systems, and telescopes, are essential to scientific productivity, such that cybersecurity incidents can have a major impact on the scientific enterprise. For the cyberinfrastructure operators, implementing effective cybersecurity programs for these unique components is a complex challenge.</p><p>Trusted CI, the NSF Cybersecurity Center of Excellence (CCoE), has been working to overcome this challenge for over ten years. Its success has been noted both by the NSF community and the former director of the NSF Office of Advanced Cyberinfrastructure. The <a href="https://blog.trustedci.org/2022/03/trusted-ci-applauds-jason-report-on.html" target="_blank">2021 JASON Report on Cybersecurity at Major Facilities</a> indicated Trusted CI's demonstrable impact on improving the cybersecurity posture of many NSF Major Facilities.</p><p>In light of new and unprecedented challenges facing our community, Trusted CI is making a new strategic plan for the next five years, with a vision of secure operation of essential cyberinfrastructure enabling NSF’s vision of a nation that leads the world in scientific research and innovation. This plan will guide the creation of our renewal proposal.</p><p>We are seeking input on our strategic plan from key constituencies including our Advisory Committee and NSF Major Facilities representatives and welcome insights from the broader community as well. Please click the link below to view our five-year strategic plan covering 2024-2029 and provide feedback via email to kelshute@iu.edu. </p><p><a href="https://doi.org/10.5281/zenodo.8193607" target="_blank">https://doi.org/10.5281/zenodo.8193607 </a></p><p>Thank you in advance for your thoughtful feedback and insights!</p>Kelli Shutehttp://www.blogger.com/profile/08611415753623346274noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-16701675934273757972023-07-24T14:03:00.000-04:002023-07-24T14:03:04.845-04:00Updates on Trusted CI’s Efforts in Cybersecurity by Design of NSF Academic Maritime Facilities<p>As part of its <a href="https://blog.trustedci.org/2023/01/announcing-2023-trusted-ci-annual.html">“Annual Challenge” in 2023</a>, Trusted CI has been engaging with current and future NSF Major Facilities undergoing design or construction with the goal of building security into those Facilities from the outset. To date, this effort has focused on working with cyberinfrastructure operators in the the academic maritime domain, and has included support of the cybersecurity aspects of the acceptance testing process of the NSF-funded <a href="https://ceoas.oregonstate.edu/regional-class-research-vessel-rcrv">Research Class Research Vessels (RCRVs)</a> at Oregon State University as well as Scripps Institution of Oceanography’s design of the <a href="https://scripps.ucsd.edu/news/uc-san-diego-receives-35-million-state-funding-new-california-coastal-research-vessel">California Coastal Research Vessel (CCRV)</a>. These vessels are all expected to eventually become a part of the <a href="https://www.unols.org">U.S. Academic Research Fleet (ARF)</a>.</p><p>In 2022, Trusted CI studied <a href="https://blog.trustedci.org/2022/11/publication-of-trusted-ci-roadmap-for.html">cybersecurity issues in operational technology (OT) in science</a> and produced a <a href="https://doi.org/10.5281/zenodo.7327987">roadmap</a> to help lead to greater security of such systems, and thus Trusted CI’s efforts with security by design of Major Facilities this year are seeking to both refine and apply OT <a href="https://doi.org/10.5281/zenodo.6828675">insights</a> gained previously. The <a href="https://www.usap.gov/">U.S. Antarctic Program (USAP)’s</a> design of the <a href="https://www.nsf.gov/news/news_summ.jsp?cntn_id=305919&org=OPP">Antarctic Research Vessel (ARV)</a> has also been contributing to Trusted CI’s understanding of cybersecurity issues in operational technology Trusted CI has also benefited from insights from numerous conversations with domain experts in the academic maritime domain across a variety of ARF institutions, including IT personnel, marine technicians, oceanographers, ship captains, project leadership, and NSF Program Managers.</p><p>One of the highlights of this year's security-by-design efforts has been site visits to ships and facilities. The team has made site visits to the <a href="https://scripps.ucsd.edu/ships/sally-ride">R/V <i>Sally Ride</i></a> and Oregon State University’s <a href="https://hmsc.oregonstate.edu/">Hatfield Marine Science Center</a> in Newport, Oregon, where the <a href="https://ceoas.oregonstate.edu/sites/ceoas.oregonstate.edu/files/2021-07/taani_1920x1124.jpg">R/V <i>Taani</i></a> — one of the initial three RCRVs being constructed — will be based upon completion of its construction. These in-person visits, including extensive discussion with personnel involved with the facilities, have provided invaluable insight to supporting Trusted CI’s efforts.</p><p>In the second half of 2023, Trusted CI will continue working on security by design with the aforementioned organizations and will also be working with the NSF <a href="https://oceanobservatories.org">Ocean Observatories Initiative (OOI)</a> Major Facility, which is in the process of planning a refresh of its autonomous underwater vehicle (AUD) and glider fleets.</p><p>Recent site visit photographs:</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><img height="343" src="https://lh5.googleusercontent.com/V2DlZO5VuPiy1pnVlgdqgClxMoPt24KUUYrmbOLrk4G-KT80urUNoKh30LCIntqoFn7g4i9ScEabpr261QZaJi_4IAWkgn_jpjZd8L1OpjVHO0nwFsSp-XIAq37gNc0YnUF-FodORwBBKoHBpDbBZsQ" style="margin-left: auto; margin-right: auto; margin-top: 0px;" width="258" /></td></tr><tr><td class="tr-caption" style="text-align: center;">Trusted CI’s <a href="https://www.cs.ucdavis.edu/~peisert/">Sean Peisert</a>, <span id="docs-internal-guid-40dfedbe-7fff-4324-7c53-7d3e85142196"><span style="font-family: Calibri, sans-serif; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;">left,</span></span> in a crawlspace on the R/V <i>Sally Ride</i> examining operational technology systems.<span style="white-space: pre;"> </span><br /><br /></td></tr></tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><img height="338" src="https://lh3.googleusercontent.com/_E2R1GQLloHH5qu3aPl7OUe9HbPlED08pnOb_T50CaECyJn5wgzu9ITxG61gZ4YYwU5lB6hIMK0Q4cmu_3UNaQX4v4A7aheQfeeGDu4kN_OC0KzUVwIAPS99awi-KEowLAGvwozOfHBDciM4Zs5pKZ0" style="margin-left: auto; margin-right: auto; margin-top: 0px;" width="450" /></td></tr><tr><td class="tr-caption" style="text-align: center;">The R/V <i>Sally Ride</i>, docked in Alameda, CA.<span style="white-space: pre;"> </span></td></tr></tbody></table><p><br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><img height="301" src="https://lh3.googleusercontent.com/iaT2OOqTxk6RFCNTpqGtVCUEVZVZzJySAIH4wAzC3z0HaPhAUB6KvdEK1C-yAtpybZAjJ9Y3spGjG5TNwlZsGew7cnKOuC7xfRoV3qa_3Z2fG1zIOFfWAkzviFP3FdUliGI79H97pFKN89eHG9TOBW4" style="font-family: Calibri, sans-serif; font-size: 11pt; margin-left: auto; margin-right: auto; margin-top: 0px; white-space-collapse: preserve;" width="402" /></td></tr><tr><td class="tr-caption" style="text-align: center;">Trusted CI’s <a href="https://eta.lbl.gov/people/daniel-arnold">Dan Arnold</a>, left, conferring with marine technicians on the R/V Sally Ride.<span style="white-space: pre;"> </span></td></tr></tbody></table><p><br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><img height="350" src="https://lh4.googleusercontent.com/D9HMLhtkUfMGuRywHkRjftD9KY8G_uI5ttzGpADve7119QfqrnTij-c9FICONMm9KUJfCt3_lwe_R2u14C3kkMffh8R9Pm487MkH8JZRwD8FLUB9CyyOWhD-0T1eC4JSvx8zEDiUOi2Godg2LQJv0L8" style="font-family: Calibri, sans-serif; font-size: 11pt; margin-left: auto; margin-right: auto; margin-top: 0px; white-space-collapse: preserve;" width="464" /></td></tr><tr><td class="tr-caption" style="text-align: center;">Trusted CI’s John Zage, left, looks on as RCRV’s <a href="https://hmsc.oregonstate.edu/users/christopher-romsos">Chris Romsos</a>, right, explains some of the scientific instruments that will be part of the newly constructed ships at the RCRV’s offices at OSU, Corvallis, OR.<span style="white-space: pre;"> </span></td></tr></tbody></table><p><br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><img height="371" src="https://lh6.googleusercontent.com/LyAD1Qioz46z-ZMn4F1-JTYG85739V0YHlGiWiWrgNryAc6VOEZGhtbHxpY-ebW4YiMOXW6WdCbQ0ylp2h_yxb28ZYrbgSvX3ftW8fHzPuVRlPg13lZE-xtdzSeRK7b2a01WdeOJnQJBYuTZugZdtq4" style="font-family: Calibri, sans-serif; font-size: 11pt; margin-left: auto; margin-right: auto; margin-top: 0px; white-space-collapse: preserve;" width="494" /></td></tr><tr><td class="tr-caption" style="text-align: center;">Trusted CI’s John Zage left, and RCRV’s Chris Romsos, right, view part of the expansive warehouse of items and gear to outfit the new ships under construction. OSU, Corvallis, OR. </td></tr></tbody></table><p><br /></p>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-15223381686962438922023-07-18T16:17:00.001-04:002023-07-18T16:17:48.900-04:00Trusted CI releases updated guide to software security<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyWEySlEEMjSVuHOOD1JwKS-6vrxL8euATeorL6ujTiMhYceUgEbspIG4mwgiqbtTB1xpuKnX8-no9QwvV19Ua8KfPpSNeomLIW79W2899iP5yyEEDA42nPIunNr8v334yNup_1VcSuyH_MyVjIWAUHJRtYg0v-Of3VuNxmKIR2PfxjSCWaMzYai3nvC8/s1278/Screenshot%202023-07-18%20at%203.13.35%20PM.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="1278" data-original-width="994" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyWEySlEEMjSVuHOOD1JwKS-6vrxL8euATeorL6ujTiMhYceUgEbspIG4mwgiqbtTB1xpuKnX8-no9QwvV19Ua8KfPpSNeomLIW79W2899iP5yyEEDA42nPIunNr8v334yNup_1VcSuyH_MyVjIWAUHJRtYg0v-Of3VuNxmKIR2PfxjSCWaMzYai3nvC8/s320/Screenshot%202023-07-18%20at%203.13.35%20PM.png" width="249" /></a></div>As part of its ongoing efforts to support software assurance, Trusted CI has released a major update (version 2.0) of our <a href="https://doi.org/10.5281/zenodo.8137009">Guide to Securing Scientific Software</a>.<p></p><p>The first version of this guide provided concrete advice for anyone involved in developing or managing software for scientific projects. This new version of the guide expands both coverage and depth of the topics. This guide provides an understanding of many of the security issues faced when producing software and actionable advice on how to deal with these issues. New topics include approaches to avoiding software exploits (injection attacks, buffer overflows and overruns, numeric errors, exceptions, serialization, directory traversal, improper set of permissions, and web security); securing the software supply chain; secure design; software analysis tools; fuzz testing; and code auditing.</p><p>The new version of the guide is available at <a href="https://doi.org/10.5281/zenodo.8137009">https://doi.org/10.5281/zenodo.8137009</a>.</p><p>If you write code, this guide is for you. And if you write scientific software, your software is likely to be shared or deployed as a service. <i>Once that step happens, you and the people who use or deploy your software, will be confronted with software security concerns</i>.</p><p>To address these concerns, you will need a variety of skills. However, it may be daunting just to know what are the concerns to address and what are the skills that you need. The goal of this guide is to provide an introduction to these topics.</p><p>You can read this guide beginning-to-end as a tutorial to introduce you to the topic of secure software development, or you can read it selectively to help understand specific issues. In either case, this guide will introduce you to a variety of topics and then provide you with a list of resources to dive deeper into those topics.</p><p>It is our hope that our continued efforts in the area of software assurance will help scientific software projects better understand and ameliorate some of the most important gaps in the security of scientific software, and also to help policymakers understand those gaps so they can better understand the need for committing resources to improving the state of scientific software security. Ultimately, we hope that this effort will support scientific discovery itself by shedding light on the risks to science incurred in creating and using software.</p>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-10450371999652008722023-07-18T16:08:00.001-04:002023-07-18T16:20:03.693-04:00Trusted CI releases a new report on ransomware<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtD4Kj18YSjB9huSftm4PkKJpO50paZmEDOw9zMpTWFZDxm4puiliq6YJ6HtzFndhlTu1lRCNGxirQsjoAIFb1mGVYX7d66CglZMBLFYuDQpXMeqbKcgUmmuJ8e4u4L0q6tYEyDL4PAyRfUfdYYWO2gypjD5iiXAkOo1hWNK_FybxnWFNFwkv5C3PoItk/s1280/TrustedCI_webinar_logo_blue_.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="389" data-original-width="1280" height="97" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtD4Kj18YSjB9huSftm4PkKJpO50paZmEDOw9zMpTWFZDxm4puiliq6YJ6HtzFndhlTu1lRCNGxirQsjoAIFb1mGVYX7d66CglZMBLFYuDQpXMeqbKcgUmmuJ8e4u4L0q6tYEyDL4PAyRfUfdYYWO2gypjD5iiXAkOo1hWNK_FybxnWFNFwkv5C3PoItk/s320/TrustedCI_webinar_logo_blue_.jpg" width="320" /></a></div>As part of its ongoing efforts to support software assurance, Trusted CI has released a new report describing the current landscape of ransomware.<p></p><p>Ransomware has become a global problem, striking almost every sector that uses computers, from industry to academia to government.</p><p>Given that ransomware is a global problem, striking almost every sector that uses computers, from industry to academia to government, our report takes a detailed technical approach to understanding ransomware. Ransomware attacks affect the smallest businesses, the largest corporations, research labs, and have even shut down IT operations at entire universities.</p><p>We present a broad landscape of how ransomware can affect a computer system and suggest how the system designer and operator might prepare to recover from such an attack. In our report we are focused on detection, recovery, and resilience. As such, we are explicitly not discussing how the ransomware might enter a computer system. The assumption is that systems will be successfully attacked and rendered inoperative to some extent. Therefore, it is essential to have a recovery and continuity of operations strategy.</p><p>Some of the ransomware scenarios that we describe reflect attacks that are common and well understood. Many of these scenarios have active attacks in the wild. Other scenarios are less common and do not appear to have any active attacks. In many ways, these less common scenarios are the most interesting ones as they pose an opportunity to build defenses ahead of attacks. Such areas need more research into the possible threats and defenses against these threats.</p><p>We start with a discussion of the basic attack goals of ransomware and distinguish ransomware from purely malicious vandalism. We present a canonical model of a computing system, representing the key components of the system such as user processes, the file system, and the firmware. We also include representative external components such as database servers, storage servers, and backup systems. This system model then forms the basis of our discussion on specific attacks.</p><p>We then use the system model to methodically discuss ways in which ransomware can (and sometimes cannot) attack each component of the system that we identified. For each attack scenario, we describe how the system might be subverted, the ransom act, the impact on operations, difficulty of accomplishing the attack, the cost to recover, the ease of detection of the attack, and frequency in which the attack is found in the wild. We also describe strategies that could be used to detect these attacks and recover from them.</p><p>Based on our study, we present our major <b>takeaway</b> observations and <b>best practices</b> that can help make a system more resilient to attack and easier to recover after an attack. Our report is available at <span style="color: #0000ee;"><u>https://doi.org/10.5281/zenodo.8140464</u></span>.</p>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-1146112543531976852023-07-05T15:16:00.000-04:002023-07-05T15:16:13.978-04:00Trusted CI Webinar: The Technical Landscape of Ransomware: Threat Models and Defense Models, July 17th@11am EST<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNGAxim7Ic4mP_LSwJ2mO24tSazqywk4o2MDIf6iLMM0WfP1PDPHvRsNwM2vE1uX94RnypqCcQyiblauMs_QhXf7_UdKILmnDMKfUGQsf9UVfdl4oKcm2G1d_M_n1XIMwedPMrC1-fGHgDYU3u0MFux_foVIsBCDT7xQsv-WviFDqE2_lkEve8LycFQcI/s2282/B&E.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="1176" data-original-width="2282" height="165" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNGAxim7Ic4mP_LSwJ2mO24tSazqywk4o2MDIf6iLMM0WfP1PDPHvRsNwM2vE1uX94RnypqCcQyiblauMs_QhXf7_UdKILmnDMKfUGQsf9UVfdl4oKcm2G1d_M_n1XIMwedPMrC1-fGHgDYU3u0MFux_foVIsBCDT7xQsv-WviFDqE2_lkEve8LycFQcI/s320/B&E.png" width="320" /></a></div>Members of Trusted CI are presenting the talk,<i> The Technical Landscape of Ransomware: Threat Models and Defense Models</i>, July 17th at 11am (Eastern).<p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p>Please <a href="https://iu.zoom.us/webinar/register/WN_H9cYu0hzRLGalgVaeyJbcA">register here</a>.</p><blockquote><p class="x_MsoNormal" style="margin-bottom: 0px; margin-top: 0px;">Ransomware has become a global problem.<span style="border: 0px; color: inherit; font: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"> <span> </span></span>Given the reality that ransomware will eventually strike your system, we focus on recovery and not on prevention.<span style="border: 0px; color: inherit; font: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"> <span> </span></span>The assumption is that the attacker did enter the system and rendered it inoperative to some extent.</p><p>We start by presenting the broad landscape of how ransomware can affect a computer system, suggesting how the IT manager, system designer, and operator might prepare to recover from such an attack. <br /></p></blockquote><blockquote><p>We show the ways in which ransomware can (and sometimes cannot) attack each component of the systems. For each attack scenario, we describe how the system might be subverted, the ransom act, the impact on operations, difficulty of accomplishing the attack, the cost to recover, the ease of detection of the attack, and frequency in which the attack is found in the wild (if at all). We also describe strategies that could be used to recover from these attacks. <br /></p></blockquote><blockquote><p class="x_MsoNormal" style="margin-bottom: 0px; margin-top: 0px;">Some of the ransomware scenarios that we describe reflect attacks that are common and well understood. Many of these scenarios have active attacks in the wild. Other scenarios are less common and do not appear to have any active attacks. In many ways, these less common scenarios are the most interesting ones as they pose an opportunity to build defenses ahead of attacks. <br /></p></blockquote><p><b>Speaker Bios</b>:</p><p><b>Barton Miller</b> is the Vilas Distinguished Achievement Professor and the Amar & Belinder Sohi Professor in Computer Sciences at the University of Wisconsin-Madison. He is a co-PI on the Trusted CI NSF Cybersecurity Center of Excellence, where he leads the software assurance effort and leads the Paradyn Tools project, which is investigating performance and instrumentation technologies for parallel and distributed applications and systems. His research interests include software security, in-depth vulnerability assessment, binary and malicious code analysis and instrumentation, extreme scale systems, and parallel and distributed program measurement and debugging. In 1988, Miller founded the field of Fuzz random software testing, which is the foundation of many security and software engineering disciplines. In 1992, Miller (working with his thenstudent Prof. Jeffrey Hollingsworth) founded the field of dynamic binary code instrumentation and coined the term “dynamic instrumentation”. Miller is a Fellow of the ACM and recent recipient of the Jean Claude Laprie Award for dependable computing.<br /><br />Miller was the chair of the Institute for Defense Analysis Center for Computing Sciences Program Review Committee, member of the U.S. National Nuclear Safety Administration Los Alamos and Lawrence Livermore National Labs Cyber Security Review Committee (POFMR), member of the Los Alamos National Laboratory Computing, Communications and Networking Division Review Committee, and has been on the U.S. Secret Service Electronic Crimes Task Force (Chicago Area).</p><p><b>Elisa Heymann</b> is a Senior Scientist on TrustedCI, the NSF Cybersecurity Center of Excellence at the University of Wisconsin-Madison, and an Associate Professor at the Autonomous University of Barcelona. She co-directs the MIST software vulnerability assessment at the Autonomous University of Barcelona, Spain.<br /><br />She coordinates in-depth vulnerability assessments for NFS Trusted CI, and was also in charge of the Grid/Cloud security group at the UAB, and participated in two major Grid European Projects: EGI-InSPIRE and European Middleware Initiative (EMI). Heymann's research interests include software security and resource management for Grid and Cloud environments. Her research is supported by the NSF, Spanish government, the European Commission, and NATO. <br /></p><p></p><p><span style="font-size: small;">---<br /></span></p><span style="font-size: small;">Join Trusted CI's <a href="https://www.trustedci.org/trustedci-email-lists?rq=lists">announcements mailing list</a> for information about upcoming events. To submit topics or requests to present, see our <a href="https://trustedci.org/webinars-cfp">call for presentations</a>. Archived presentations are <a href="https://trustedci.org/webinars">available on our site</a> under "Past Events."</span>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-30568528925325721942023-06-13T10:02:00.006-04:002023-11-08T09:48:04.477-05:00Trusted CI Trains NSF ACCESS STEP Students in MiamiThrough an invitation by the <a href="https://access-ci.org/" target="_blank">NSF ACCESS</a> project (NSF grants #2138259, #2138286, #2138307, #2137603, and #2138296), Mark Krenz and Ishan Abhinit from Trusted CI visited <a href="https://www.fiu.edu/" target="_blank">Florida International University</a> in Miami on May 24th to conduct a security log analysis workshop for a group of students. The workshop was part of a two week long Student Training and Engagement Program (<a href="https://operations.access-ci.org/step" target="_blank">STEP</a>), which offers success workshops and specialized advising.<div><br />Mark and Ishan modified their regular half-day <a href="https://scholarworks.iu.edu/dspace/handle/2022/23213" target="_blank">security log analysis workshop</a> to fit into a 2 hour schedule. They also tailored their presentation content so that it would better fit the audience, which consisted of undergrad students from a variety of institutions. They also provided a brief introduction to cybersecurity careers and how they entered the field. The security log analysis workshop was attended by 15 students. Later that day, Mark and Ishan accompanied students to the next workshop given by FIU faculty on 'Sniffing and Password Cracking' where they assisted them in completing the exercises and providing additional insight. Mark was also able to provide one on one guidance and encouragement to students that had more specific concerns about entering the field of cybersecurity.</div><div><br /><div><span id="docs-internal-guid-1942b7ec-7fff-a971-70aa-8fbcc2fc22d0"><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhC4HTK5hBhp63f0AVrGB5eOG-LRRvx9SsHQI8WAS9aMa4q_yrU_MjF7XZpe8WI4-D6xqIWth-DbUwLGJD1W18WBjrtIyClcEXVCaiXsYUFfk473DwtPiCKj0pqc7M7WHJ6vibBjokY8ZYs_1PGl7esK67CvDuM3dAX-6vPIidytg3bsrM8470cCkP4/s2560/IMG-4812.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1387" data-original-width="2560" height="331" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhC4HTK5hBhp63f0AVrGB5eOG-LRRvx9SsHQI8WAS9aMa4q_yrU_MjF7XZpe8WI4-D6xqIWth-DbUwLGJD1W18WBjrtIyClcEXVCaiXsYUFfk473DwtPiCKj0pqc7M7WHJ6vibBjokY8ZYs_1PGl7esK67CvDuM3dAX-6vPIidytg3bsrM8470cCkP4/w554-h331/IMG-4812.jpg" width="554" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLKcbDHz70LCYyetDSYxzVBfKa9CwiRxP9w4oyr1QQCJvLMFDedJYPjyT2RBio-SIdaDVNLeO4f2XCCg3wFZXiyInHHRJhjHcQUFkgNt08qaSQjseddzitldB4oUzU6PnTLl4H3xMCHlXMjQ53XD5CU_JziSFKisaAcYZ_qrmUKOIQXl1w1TG3fGUq/s512/unnamed.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="331" data-original-width="512" height="316" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLKcbDHz70LCYyetDSYxzVBfKa9CwiRxP9w4oyr1QQCJvLMFDedJYPjyT2RBio-SIdaDVNLeO4f2XCCg3wFZXiyInHHRJhjHcQUFkgNt08qaSQjseddzitldB4oUzU6PnTLl4H3xMCHlXMjQ53XD5CU_JziSFKisaAcYZ_qrmUKOIQXl1w1TG3fGUq/w553-h316/unnamed.jpg" width="553" /></a></div><br /><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space-collapse: preserve;"><br /></span></div></span></div></div>Ishanhttp://www.blogger.com/profile/07790539472521825196noreply@blogger.comtag:blogger.com,1999:blog-7077496605849243532.post-22396189708171405512023-06-12T09:00:00.006-04:002023-06-12T09:00:00.129-04:00Trusted CI Webinar: SecureMyResearch at Indiana University: Effective Cybersecurity for Research, June 26th@11am EST<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9qVhxl8gUjAIXVojtxsV4OelC5OXGyG4OOfu-BaWpvrRxRkCnLjL4Fo21FKPEf7-kwTW7A3w2iISvs4fIIcawmYQCA5bfmEwxBTDWvdAIuKo4kcpBExeczlpYnKzmrUhMV_xL8WzYAiZSo5QhNqUczahWEzRm5EOHdfDF8mW3Uo-gFwoQUgJgGN3-/s1462/secmyres-group.png" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="768" data-original-width="1462" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9qVhxl8gUjAIXVojtxsV4OelC5OXGyG4OOfu-BaWpvrRxRkCnLjL4Fo21FKPEf7-kwTW7A3w2iISvs4fIIcawmYQCA5bfmEwxBTDWvdAIuKo4kcpBExeczlpYnKzmrUhMV_xL8WzYAiZSo5QhNqUczahWEzRm5EOHdfDF8mW3Uo-gFwoQUgJgGN3-/s320/secmyres-group.png" width="320" /></a></div>Members from Indiana University's Center for Applied Cybersecurity Research are presenting the talk,<i> SecureMyResearch at Indiana University: Effective Cybersecurity for Research</i>, June 26th at 11am (Eastern).<p></p><p></p><p></p><p></p><p></p><p></p><p></p><p>Please <a href="https://iu.zoom.us/webinar/register/WN_X6-vhW4lSauGTu4UREEmIg">register here</a>.</p><blockquote>The tension between research and cybersecurity has long hampered efforts to secure research. It has kept past institutional cybersecurity effort concentrated on the most sensitive research, but new threats to research integrity and recent federal initiatives such as NSPM-33 are now pointing to a future where securing research holistically is no longer optional. Indiana University launched a pilot in 2020 called <a href="https://cacr.iu.edu/projects/SecureMyResearch/index.html">SecureMyResearch</a> to expand to the entire campus a research cybersecurity model culminating from years of interaction with biomedical researchers in the School of Medicine. Turning the traditional approach on its head, it aimed to reduce the cybersecurity and compliance burden on the researcher by making cybersecurity invisible. It was laser-focused on the research mission and on accommodating the pace of research. Three years later, the results are showing great promise in breaking the research versus security impasse. Not only have we reached 80 percent penetration on campus, researchers are embracing the service voluntarily and research is being accelerated measurably. In this webinar we will share IU’s research cybersecurity journey and the SecureMyResearch implementation.<br /><a href="https://cacr.iu.edu/projects/SecureMyResearch/index.html"><br />https://cacr.iu.edu/projects/SecureMyResearch/index.html</a> <br /></blockquote><p><b>Speaker Bios</b>:</p><p>Anurag Shankar provides leadership at CACR in regulatory compliance
(HIPAA, FISMA, and DFARS/CMMC), research cybersecurity, and cyber risk
management. He developed and leads the SecureMyResearch effort at IU.
He has over three decades of experience conducting research, developing
and delivering research computing services, building HIPAA compliant
solutions for biomedical researchers, conducting cybersecurity
assessments, and providing consulting. He is a computational
astrophysicist by training (Ph.D. 1990, U. of Illinois). <br /></p><p>Will Drake is a senior security analyst, CISO at CACR, and the
SecureMyResearch lead. Will has worked in various IT roles with Indiana
University since 2012, including Operations Supervisor for UITS Data
Center Operations and Lead Systems Engineer for the Campus
Communications Infrastructure team where he was responsible for ensuring
the security of IU’s critical telecommunications infrastructure. Will
holds an Associate’s Degree in Computer Information Technology from Ivy
Tech and is currently pursuing a Bachelor’s Degree in Informatics with a
specialization in Legal Informatics from IUPUI’s School of Informatics
and Computing.</p><p>Tim Daniel is an information security analyst at CACR and a member of the SecureMyResearch team. Previously, Tim worked for a contract research organization carrying out phase 1 and pre-phase 1 clinical trials for veterinary medicine. He holds a bachelor’s degree in biology with a focus in chemistry, and an associate's degree in applied biotechnology. After high school, Tim worked for Stone Belt, a nonprofit that provides resources and supports for individuals with disabilities, where he learned patience and listening skills.<br /></p><p></p><p><span style="font-size: small;">---<br /></span></p><span style="font-size: small;">Join Trusted CI's <a href="https://www.trustedci.org/trustedci-email-lists?rq=lists">announcements mailing list</a> for information about upcoming events. To submit topics or requests to present, see our <a href="https://trustedci.org/webinars-cfp">call for presentations</a>. Archived presentations are <a href="https://trustedci.org/webinars">available on our site</a> under "Past Events."</span>Unknownnoreply@blogger.com