Trusted CI Blog

Monday, January 6, 2025

From Silos to Community: The Rapid Rise of RRCoP to Support Regulated Research

The research landscape is evolving rapidly and adding complexity with new cybersecurity compliance requirements. Researchers and research support departments now face a growing list of cybersecurity and compliance tasks that extend beyond individual projects, elevating these obligations to the institutional level. Built on principles of openness and collaboration, research institutions must navigate requests for compliance attestations on data handling, processing, sharing, and storage—areas often outside researchers’ expertise. Without robust training programs or a stable regulatory landscape, individuals are frequently left scrambling for current information. Individuals often also lack local colleagues to consult, making them feel isolated and uncertain. This fragmented approach, seen across individuals, departments, institutions, and the national level, inspired the formal creation of the Regulated Research Community of Practice (RRCoP) in 2021 after individuals led a series of workshops focusing on commonalities of challenges facing institutions supporting regulated research.

RRCoP brings together a rapidly growing network of professionals addressing the unique challenges of cybersecurity and compliance in academic research. Led by Trusted CI Co-PI Carolyn Ellis, Director of Research Cybersecurity and Compliance at Arizona State University, RRCoP fosters connections and builds expertise across institutions. Ellis co-founded the community while managing Purdue University’s research Controlled Unclassified Information (CUI) program, where she experienced firsthand the tensions between implementing complex compliance programs and maintaining the openness of academic research. “Today, RRCoP is more than a collection of resources or formal training,” Ellis explains. “We’ve built a community where professionals can learn from one another, collaborate, and tackle big challenges. This community is redefining how institutions support research subject to regulations.”

A map of the Regulated Research Community of Practice’s member locations. (Credit: Carolyn Ellis).

RRCoP informally began as a Slack channel in 2018 when Ellis, searching for ongoing conversations beyond conferences, came up empty. RRCoP has grown into a dynamic, fast-expanding network connecting over 1,100 members from 330 institutions, ranging from R1 universities to community colleges and international partners. Daily Slack interactions foster collaboration and act as early warning systems as members share insights from diverse information venues. This connectivity bridges many communities that contribute to the regulated research landscape.

RRCoP has also developed a wealth of resources, including a recorded monthly webinar series held on the second Wednesday of each month, co-located training seminars at conferences, mentoring opportunities, and an annual hands-on workshop designed to address the most pressing challenges in regulated research. In 2022, RRCoP facilitated a full-day workshop at the EDUCAUSE Cybersecurity Privacy Professionals Conference, where attendees collaboratively wrote responses to 43 controls in a System Security Plan. The 2023 workshop brought higher education professionals together with certified assessors for a cost-effective day of dialogue. All RRCoP resources are offered at no cost to the community and are accessible on their comprehensive website at regulatedresearch.org. Most recently, two leaders of the RRCoP community, Ellis and Erik Deumens, have collaborated on an article about the pressing need for compliance requirements in research in Communications of the ACM. Review the highlights of RRCoP’s 2024.

Trusted CI has expanded its mission to support regulated research by building on the expertise and resources developed by RRCoP. Trusted CI is able to sustain the valuable services RRCoP offers; Trusted CI’s team members will provide additional expertise, access to its extensive community, and established processes. Moving forward, RRCoP aims to use this collective voice to elevate the unique challenges faced by higher education to decision-makers. Additionally, extending Trusted CI’s established resources into the higher education community, which is supported by RRCoP, will strengthen both groups. Together, the Trusted CI and RRCoP communities will continue to grow by sharing services, expertise, and relationships, creating a stronger foundation for supporting regulated research across institutions.

The December 2024 RRCoP webinar featured a presentation titled Trusted CI & RRCoP’s Next Five Years, presented by Sean Peisert, Trusted CI Director and PI, Scott Russell, Trusted CI Deputy Director and Framework Lead, Carolyn Ellis, Trusted CI Co-PI and Regulated Research Lead.

Trusted CI Webinar: A Unified Monitoring Approach to Enhancing the Security and Resiliency of Hazard Workflows, Monday January 27th @12pm Central

Sudarsun Kannan and Ram Durairajan are presenting the talk, A Unified Monitoring Approach to Enhancing the Security and Resiliency of Hazard Workflows, on Monday January 27th at 12pm, Central time. (Note the time change)

Please register here.

In this talk, we will first discuss techniques to improve the resiliency of hazard monitoring systems. This includes optimizing machine learning training pipelines for wildfire detection to achieve faster, more accurate results while adapting to real-world constraints such as data variability and network latencies. We will also explore enabling multi-tenancy to maximize resource efficiency by allowing multiple hazard detection workflows to share infrastructure without compromising performance. Furthermore, we will present an in-depth analysis of power and energy consumption for edge devices deployed in remote and resource-constrained environments, emphasizing sustainable and scalable design choices that support long-term operation. Next, we will describe ongoing efforts to enhance the security of critical cyberinfrastructures. This includes developing techniques to prevent denial-of-service attacks that could disrupt hazard monitoring workflows and implementing secure data transmission mechanisms to safeguard information across distributed CI layers.

Speaker Bios:

Sudarsun Kannan is an Assistant Professor in the Computer Science Department at Rutgers University. His research focuses on operating system design and its intersection with computer architecture, distributed systems, and high-performance computing (HPC) systems. His work has been published in top venues such as ASPLOS, OSDI, and FAST, and he has received best paper awards at SOSP and ASPLOS, along with the Google Research Scholar award. He co-chaired the HotStorage'22 workshop and serves as an Associate Editor for ACM Transactions on Storage. Before joining Rutgers, he was a postdoctoral research associate at Wisconsin-Madison and graduated with an M.S. and Ph.D. from Georgia Tech.

Ramakrishnan (Ram) Durairajan is an Associate Professor in the School of Computer and Data Sciences, and co-directs the Oregon Networking Research Group (ONRG) at the University of Oregon. Ram earned his Ph.D. and M.S. degrees in Computer Sciences from the University of Wisconsin - Madison and his B.Tech. in Information Technology from the College of Engineering, Guindy (CEG), Anna University. He has published over 50 peer-reviewed papers in various conferences, journals, and workshops. His research has been recognized with several awards including the NSF CAREER award, NSF CRII award, Ripple faculty fellowship, UO faculty research award, best paper awards from ACM CoNEXT and ACM SIGCOMM GAIA, and has been covered in several fora (NYTimes, MIT Technology Review, Popular Science, Boston Globe, Gizmodo, Mashable, among others). Recently, his research on Internet topology has been named as "One of the 100 Greatest Innovations," has been cited in FCC's Spectrum Frontiers 2d Report and Order, and has won a number of awards including the "Best of What's New" (in security category) by the Popular Science Magazine.

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Tuesday, November 19, 2024

Students Praise the Summit for Networking, Collaboration, and Professional Development

Trusted CI welcomed 18 students to the 2024 NSF Cybersecurity Summit, nine more than attended in 2023. They enjoyed four days of hands-on training, talks, panels, networking, and mentoring.

Here’s what students had to say about their experiences at the Summit with networking, capture the flag, poster sessions, and Summit courses.

On Networking

Konstantin Metz - University of Central Florida, MS Cybersecurity and Privacy
“The event is unlike any other in the industry! It brings together industry professionals, faculty, and students from across the globe to learn, network, and collaborate on current and emerging cybersecurity issues. It gives students an unparalleled opportunity to learn and grow while showcasing some of their own work. I am honored to have been selected to present and cannot wait for next year!”

Abigail Whittle - Oregon State University, BS in Computer Science
“I had the opportunity to meet some incredibly interesting individuals. Overall, I would highly recommend this experience to other students in the future, as it was beneficial both professionally and educationally, and I took away a lot from it.”

Istiak Chowdhury - University of Alabama at Birmingham, PhD in Computer Science
“One of the highlights was the social event at the Carnegie Museum of Art and Natural
History, a memorable gathering that facilitated great networking opportunities in a relaxed setting.”

On Capture the Flag

Nana Sarfo Dwomoh - Sam Houston State University, MS Information Assurance & Cybersecurity
“The biggest Summit highlight was the Capture the Flag (CTF) challenge, where students worked in teams to solve cybersecurity puzzles by finding vulnerabilities and cracking systems.”

Dignora Castillo-Soto - Bay Path University, MS in Cyber Security
“The CTF session provided a hands-on experience that challenged my problem-solving skills. It was refreshing to participate in a group project, as collaboration helped me gain new insights that I wouldn’t have achieved working solo.”

Iwinosa Aideyan - Clemson University, PhD Computer Engineering
“Another part of the summit I thoroughly enjoyed was participating in the CTF challenges. It was informative and exciting as we researched, learned new things, and collaborated with our teammates. It was a fantastic opportunity to deepen my understanding of practical cybersecurity concepts while strengthening connections within the team.”

On the Poster Session

Nana Sarfo Dwomoh - Sam Houston State University, MS Information Assurance & Cybersecurity
“The 2024 NSF Cybersecurity Summit was a big, unforgettable platform for me as a Cybercorp Scholar, where I presented my poster, "Defending Electoral Integrity in the Age of Cyber Warfare," which gave me the chance to share my research on how digital disinformation, botnets, and deepfakes are impacting elections.”

Md Fazle Rabbi - Idaho State University, PhD in Computer Science
“I thoroughly enjoyed presenting my research poster. It was a great opportunity to receive constructive feedback from industry and academic experts. Their suggestions will undoubtedly help me refine my work and explore new avenues for future research.”

Riddhi Mahajan - University of Cincinnati, BS Information Technology
“I had the opportunity to present a poster showcasing my summer activities and ongoing projects, which was both exciting and rewarding. It was great to share my journey and hear about others’ experiences as well.”

On Summit Courses

Owen Seltzer - Northeastern University, MS Cybersecurity
“The talks and panel discussions were not only engaging but also thought-provoking, covering topics ranging from emerging threats to innovative protection strategies. As someone still exploring career paths in cybersecurity, I found the presentations particularly enlightening.”

Shameer Rao - Morgan State University, PhD Secure Embedded Systems
“The Summit was filled with engaging talks from top experts, which really broadened my understanding of the challenges we face in securing critical infrastructure. Overall, the Summit was an incredible mix of professional growth, hands-on activities, and connecting with like-minded individuals in the field.”

Dignora Castillo-Soto - Bay Path University, MS in Cyber Security
“What resonated with me most about the Cyberinsurance Challenges and Solutions session was the open and transparent dialogue. Having seasoned CISOs in the room added valuable perspective and fostered an honest conversation about the evolving landscape.”

On the Mentor Program

Sandra Darkson - University of New Haven, MS in Cybersecurity and Networks
“My mentor (Carolyn Ellis) is really one of a kind; she is among those few individuals who sees the potential in me and, at the same time, believes so much in me that this belief drives me to work harder, and strive for excellence. I am so fortunate enough to have her as my guide and mentor on my path.”

What’s Next for the Student Program

Going forward, there are plans to enhance the Trusted CI Student Program. The goal is to deepen engagement with students over a longer period and to bring more underrepresented groups into the cybersecurity workforce.

First, Hawa Naaata, the project lead for the Student Program, will gather feedback from current and past participants to assess program strengths, weaknesses, and areas for enhancement. Next, there will be more efforts to publicize the program.

More workshops and events will be added to impart practical skills and insights about cybersecurity. Also, there will be a sustained effort to facilitate attendance at the Summit, ensuring students gain exposure to industry discussions and professional development.

Finally, students will be encouraged to share insights, lessons learned, and personal success stories within their academic and professional networks.

Tuesday, October 29, 2024

Trusted CI Webinar: Privacy Preserving Aggregate Range Queries on Encrypted Multi-dimensional Databases, Monday November 11th @10am Central

Augusta University's Hoda Maleki presenting the talk, Privacy Preserving Aggregate Range Queries on Encrypted Multi-dimensional Databases, on November 18th at 10am, Central time.

Please register here.

Data-driven collaborations often involve sharing large-scale datasets in cloud environments, where adversaries may exploit server vulnerabilities to access sensitive information. Traditional approaches, such as Trusted Execution Environments, lack the scalability for parallel processing, while techniques like homomorphic encryption incur prohibitive computational overheads. ARMOR addresses these limitations by developing encrypted querying techniques that support a variety of scientific data types and queries, balancing efficiency with privacy. The project’s interdisciplinary team focuses on advancing encryption methods, improving query performance for multidimensional data, and rigorously evaluating security risks and overheads under real-world scenarios.

A recent research under ARMOR is the development of Secure Standard Aggregate Queries (SSAQ), a novel approach for secure aggregation on multidimensional sparse datasets stored on untrusted servers. Aggregation functions like SUM, AVG, COUNT, MIN, MAX, and STD are essential for scientific data analysis but pose privacy risks when performed on encrypted data. Existing methods using searchable encryption suffer from access pattern and volume leakage and are often limited to one-dimensional settings. SSAQ overcomes these challenges by employing d-dimensional segment trees to precompute responses for all possible query ranges, thus improving the efficiency of secure range queries.

To further reduce leakage, SSAQ integrates Oblivious RAM (ORAM) to conceal data access patterns during query execution. This combination ensures a higher level of security, making SSAQ suitable for complex scientific data scenarios where sensitive information needs to be safeguarded. The approach significantly extends the applicability of searchable encryption techniques, offering a scalable and efficient solution for secure data analytics in cloud environments while minimizing privacy risks.

Speaker Bio:

Dr. Hoda Maleki is an Assistant Professor in the School of Computer and Cyber Sciences at Augusta University, specializing in system security, applied cryptography, and blockchain technology. She earned her Ph.D. in Computer Science and Engineering from the University of Connecticut. Dr. Maleki's research addresses critical security challenges, including IoT security, secure data retrieval in encrypted databases, and privacy-preserving data access in cloud environments. Her work leverages the Universally Composable (UC) security framework to analyze complex systems and employs multi-dimensional searchable encryption to protect massive scientific datasets. With over $1 million in NSF funding, her research advances scalable, efficient cryptographic solutions that meet the security needs of modern data-driven applications.

---

Monday, October 7, 2024

Announcing the Publication of v2 of the Trusted CI OT Procurement Matrix & Companion Guide

Last year, the Secure by Design team announced the publication of the first version of the Trusted CI OT (Operational Technology) Procurement Matrix. After gathering feedback from maritime operational technology practitioners and some of their vendors, we have published an updated version of the Matrix and a companion Guide to further assist the OT community.

The Guide can be found here: https://doi.org/10.5281/zenodo.13743314

The purpose of the Matrix is to assist those in leadership roles during the procurement process. It’s meant to help formulate questions for vendors to discuss security controls on devices that will be used for maritime research. The Matrix includes a list of controls, requirements for the control, potential questions for vendors, tips, and real world examples justifying a given control.

The updates to v2 of the Matrix includes columns for ISO/IEC 27000 family and the ISA/IEC 62443 Series of Standards.

The updated version of the Matrix can be found here: https://doi.org/10.5281/zenodo.13830599

We have already seen positive impacts from this document. “Even at our project stage of construction, where a majority of OT procurements are complete and fulfilled, we find the OT Vendor Procurement Matrix to continue to be useful," Christopher Romsos, Datapresence Systems Engineer for the Regional Class Research Vessel (RCRV) said. "Despite having contracts in place and work well underway at the time the matrix was published, we realized that the OT Vendor Procurement Matrix could be leveraged as a discovery tool to inform our Cyber Risk Management Planning needs. We're in a more informed position now for our CRMP activities because the matrix provided us with something we could easily use in the field and that was designed to assess cyber risk in OT systems,” he said.

The Secure by Design team will be moderating a panel for in-person attendees later this week at the NSF Cybersecurity Summit. The Matrix will surely come up as a discussion topic.

Thursday, October 3, 2024

Cybersecurity Center of Excellence Receives Five-Year, $6M/Year Award From NSF

The U.S. National Science Foundation has awarded Trusted CI, the NSF Cybersecurity Center of Excellence, a five-year, $6-million per-year award to run through September 2029. Lawrence Berkeley National Laboratory (Berkeley Lab) will now serve as Trusted CI’s central steward.
Trusted CI empowers trustworthy discovery and innovation funded by NSF by partnering with cyberinfrastructure (CI) operators to build and maintain effective cybersecurity programs that secure the progress of NSF-funded research. The center started in 2012 and consists of a multi-institutional, cross-functional team that addresses the complex challenges facing the NSF’s cyberinfrastructure research ecosystem.

Monday, August 12, 2024

Trusted CI Webinar: JSON Web Tokens for Science: Hands on Jupyter Notebook tutorial, Monday August 26th @10am Central

SciAuth's Jim Basney and Derek Weitzel are presenting the talk, JSON Web Tokens for Science: Hands on Jupyter Notebook tutorial, on August 26th at 10am, Central time.

Please register here.

NSF cyberinfrastructure is undergoing a security transformation: a migration from X.509 user certificates to IETF-standard JSON Web Tokens (JWTs). This migration has facilitated a re-thinking of authentication and authorization among cyberinfrastructure providers: enabling federated authentication as a core capability, improving support for attribute, role, and capability-based authorization, and reducing reliance on prior identity-based authorization methods that created security and usability problems. In this webinar, members of the SciAuth project (https://sciauth.org/ - NSF award #2114989) will provide a short, hands-on tutorial for cyberinfrastructure professionals to learn about JWTs, including SciTokens (https://scitokens.org/ - NSF award #1738962). Participants will use Jupyter Notebooks to validate the security of JWTs and experiment with JWT-based authentication and authorization. Participants will gain an understanding of JWT basics suitable for understanding their security and troubleshooting any problems with their use.

Speaker Bios:

Dr. Jim Basney is a principal research scientist in the cybersecurity group at the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign. He is the Director and PI of Trusted CI. Jim received his PhD in computer sciences from the University of Wisconsin-Madison.

Dr. Derek Weitzel is a research assistant professor in the School of Computing at the University of Nebraska - Lincoln. He has been providing distributed computing solutions to the national cyberinfrastructures since 2009. He is a member of the OSG’s production operations team and leads the operations of the National Research Platform. His current areas of research involve distributed data management for shared and opportunistic storage, secure credential management, and network monitoring and analytics.

---