Monday, November 22, 2021

Trusted CI Webinar: Lessons learned from a real-world ransomware attack on researchers at MSU, Dec 6th @11am EST

Members of Trusted CI and MSU are presenting the talk, Lessons learned from a real-world ransomware attack on researchers at Michigan State University: What researchers need to know about the increased risk from ransomware attacks, on Monday December 6th at 11am (Eastern).

Please register here.

Cybercriminals are increasingly targeting researchers (along with hospitals, cities, schools, and utilities) because ransomware allows them to target a broader set of victims. Ransomware monetizes the attack by encrypting data and holding it ransom until victims pay, meaning victims no longer need to hold data of direct financial value. The proliferation of ransomware attacks has led to the U.S. Department of Justice calling it a growing national security threat.

The Physics and Astronomy department at Michigan State University (MSU) suffered a ransomware attack in 2020. The MSU Information Security Office partnered with Trusted CI, the NSF Cybersecurity Center of Excellence, to investigate the attack and produce a report for the research community on lessons learned.

This webinar by MSU CISO Tom Siu and Trusted CI, will present that report. MSU and Trusted CI will discuss the impact and lessons learned from the attack and offer cybersecurity mitigation strategies for protecting academic researchers. The webinar will conclude with a Q&A session. Audience members are encouraged to ask about their challenges engaging with researchers on the importance of information security.

Speaker Bios

Andrew Adams is the Principal Information Security Officer at Pittsburgh Supercomputer Center (PSC) under Carnegie Mellon University, and the Security Manager for the Bridges-2 supercomputer.  He also acts as the Chief Information Security Officer for Trusted CI, the NSF Cybersecurity Center of Excellence.  Andrew holds M.S. degrees in both computer science and information science (U. Pittsburgh), and has 20+ years of experience in computer networking research as a previous member of PSC’s Networking Group, including operational responsibilities in the 3ROX GigaPoP. In the field of security, he has designed and developed multiple security oriented systems, performed risk assessments, developed security policies, and has engaged with the open-science community 15+ times to improve their cybersecurity posture.  At present, his focus is on methods to keep HPC secure during the pandemic.

Tom Siu joined MSU IT in October 2020 as chief information security officer. As CISO, Tom leads the Security Engineering; Security Operations; Incident Response; and Governance, Risk and Compliance teams within the Information Security department and is responsible for the university-wide information security strategy.

Prior to arriving at MSU, Tom served as CISO for Case Western Reserve University (CWRU) for 14 years where he oversaw the development of the information security program. His notable achievements include the deployment of multifactor authentication and passphrases to all core services for all users, transition to default-deny network posture, creation and operation of a secure research computing enclave, and the development of a highly capable team of information assurance professionals. As a culmination of his time at CWRU, Tom’s team, in combination with colleagues from the Cleveland Clinic Foundation, worked to provide a secured operational IT environment for the first 2020 Presidential Debate.


Von Welch
is the associate vice president for Information Security and executive director for Cybersecurity Innovation at Indiana University, executive director for the OmniSOC, and the director of IU's Center for Applied Cybersecurity Research (CACR).

CACR has a unique focus - improve real world cybersecurity for organizations with missions that challenge traditional cybersecurity approaches. Examples include research and development, open science, and highly distributed collaborations. CACR project partners and funders include the US Department of Defense, National Science Foundation, Department of Homeland Security, as well as private sector organizations - and Von’s roles span research, development, operations, and leadership.

He specializes in cybersecurity for distributed systems, particularly scientific collaborations and federated identity. His current roles include serving as PI and director for the NSF Cybersecurity Center of Excellence (Trusted CI), a project dedicated to helping NSF science projects with their cybersecurity needs. He is also PI and director of the Research Security Operations Center (ResearchSOC), a collaborative security response center that addresses the unique cybersecurity concerns of the research community.

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Monday, November 1, 2021

Trusted CI at SFSCon 2021

SFSCon was on hiatus last year due to the pandemic, but it's back this year with a virtual format. SFSCon 2021, to be held November 5-7, will be the fourth annual cybersecurity training and professional development event organized by Cal Poly Pomona (CPP) for CyberCorps Scholarship for Service (SFS) students and alumni nationwide. This year SFSCon will use the U.S. Cyber Range for hands-on student training. Trusted CI will be providing Identity and Access Management training and Security Log Analysis training, as in previous years, with training materials updated for the virtual format.

Wednesday, October 20, 2021

Trusted CI Begins Engagement with OOI


The Ocean Observatories Initiative (OOI), funded by the NSF OCE Division of Ocean Sciences #1743430, is a science-driven ocean observing network that delivers real-time data from more than 800 instruments to address critical science questions regarding the world’s oceans. OOI data are freely available online to anyone with an Internet connection. 

The OOI provides an exponential increase in the scope and timescale of observations of the world’s oceans. Present and future educators, scientists, and researchers will draw conclusions about climatological and environmental processes based on these measurements, which sets a requirement for the data to be accurate, with a flawless pedigree. As a result, the OOI has a requirement to protect its data from being altered by any external agent.

To this end, OOI-CI (OOI Cyberinfrastructure) is seeking consultation from Trusted CI on evaluation of their current security program, along with guidance on reviewing and evaluating potential alternatives for an enhanced security posture. Through a kick-off meeting, Trusted CI and OOI discussed their concerns, questions, and goals, including: penetration testing; system and software vulnerability scanning and remediation; gaps in current policies and procedures; developing periodic security tasks; and identifying ‘unknowns’. These topics were refined and prioritized based on their needs using a subset of tasks outlining the goals of the engagement, specifically:

  1. Perform a review of OOI’s cyberinfrastructure using the Trusted CI Security Program Evaluation worksheet in order to assess the current state and target level of their cybersecurity.
  2. Review the 2015 Engagement final report and recommendations (covering OOI @Rutgers University) with the goal to see if any recommendations made at that time are still applicable and warranted.
  3. Using information documented in step 1., take initial steps towards adopting the Trusted CI Framework by developing a ‘master information security policies and procedures’ document (MISPP).
  4. Discuss and document missing policies and procedures from the Framework, including questions and concerns raised by OOI, and also unknowns discovered in above exercises.  
  5. Provide guidance on creating an asset inventory, applying a control set, and creating and maintaining a risk registry.

Additionally, broader impacts from this engagement can be realized as the OOI-CI is connected to several locations around the country. Lessons learned and recommendations from the engagement will be implemented at the other sites, which consist of Woods Hole Oceanographic Institute (WHOI) administration, and the three MIO’s (Marine Implementing Organizations) that provide data from Oregon State University, University of Washington, and WHOI.

The engagement will run from September 2021 to December 2021.

Monday, October 18, 2021

Announcing Trusted CI's Open Science Cybersecurity Fellows Program (Applications due Nov.12th)

Application Deadline: Friday, Nov. 12th  Apply here.

Overview

Trusted CI serves the scientific community as the NSF Cybersecurity Center of Excellence, providing leadership in and assistance in cybersecurity in the support of research. In 2019, Trusted CI is establishing an Open Science Cybersecurity Fellows program. This program will establish and support a network of Fellows with diversity in both geography and scientific discipline. These fellows will have access to training and other resources to foster their professional development in cybersecurity. In exchange, they will champion cybersecurity for science in their scientific and geographic communities and communicate challenges and successful practices to Trusted CI.

About the program

The vision for the Fellows program is to identify members of the scientific community, empower them with basic knowledge of cybersecurity and the understanding of Trusted CI’s services, and then have them serve as cybersecurity liaisons to their respective communities. They would then assist members of the community with basic cybersecurity challenges and connect them with Trusted CI for advanced challenges. 

Trusted CI will select six fellows each year.  Fellows will receive recognition, cybersecurity professional development consisting of training and travel funding. The Fellows’ training will consist of a Virtual Institute, providing 20 hours of basic cybersecurity training over six months. The training will be delivered by Trusted CI staff and invited speakers. The Virtual Institute will be presented as a weekly series via Zoom and recorded to be publicly available for later online viewing. Travel support is budgeted (during their first year only) to cover fellows’ attendance at the NSF Cybersecurity Summit, PEARC, and one professional development opportunity agreed to with Trusted CI. The Fellows will be added to an email list to discuss any challenges they encounter that will receive prioritized attention from Trusted CI staff. Trusted CI will recognize the Fellows on its website and social media. Fellowships are funded for one year but will be encouraged to continue to participate in TrustedCI activities the years following their fellowship year.

After the Virtual Institute, Fellows, with assistance from the Trusted CI team, will be expected to help their science community with cybersecurity and make them aware of Trusted CI for complex needs. By the end of the year, they will be expected to present or write a short white paper on the cybersecurity needs of their community and some initial steps they will take (or have taken) to address these needs. After the year of full support, Trusted CI will continue recognizing the cohort of Fellows and giving them prioritized attention. Over the years, this growing cohort of Fellows will broaden and diversify Trusted CI’s impact.

Application requirements

·   A description of their connection to the research community. Any connection to NSF projects should be clearly stated, ideally providing the NSF award number.
A statement of interest in cybersecurity

·   Two-page biosketch

·   Optional demographic info

·    A letter from their supervisor supporting their involvement and time commitment to the program

·    A commitment to fully participate in the Fellows activities for one year (and optionally thereafter)

The selection of Fellows would be made by the Trusted CI PIs and Senior Personnel based on the following criteria:

1.  Demonstrated connection to scientific research, with preference given to those who demonstrate a connection to NSF-funded science.

2.   Articulated interest in cybersecurity.

3.   Fellows that broaden Trusted CI’s impact across all seven NSF research directorates (Trusted CI encourages applications for individuals with connections to NSF directorates other than CISE), with connections to any of the NSF 10 Big Ideas, or Fellows that increase the participation of underrepresented populations.

Who should apply?   

·   Professionals and post-docs interested in cybersecurity for science, with evidence of that in their past and current role

·   Research Computing, Data, and IT technical or policy professionals interested in applying cybersecurity innovations to scientific research

·   Domain scientists interested in data integrity aspects of scientific research

·   Scientists from all across the seven NSF research directorates interested in how data integrity fits with their scientific mission

·   Researchers in the NSF 10 Big Ideas interested in cybersecurity needs

·   Regional network security personnel working across universities and facilities in their region

·   People comfortable collaborating and communicating across multiple institutions with IT / CISO / Research Computing and Data professionals

·    Anyone in a role relevant to cybersecurity for open science

More about the Fellowship

Fellows come from a variety of career stages, they demonstrate a passion for their area, the ability to communicate ideas effectively, and a real interest in the role of cybersecurity in research. Fellows are empowered to talk about cybersecurity to a wider audience, network with others who share a passion for cybersecurity for open science and learn key skills that benefit them and their collaborators.

If you have questions about the Fellows program, please let us know by emailing 
fellows@trustedci.org.




Monday, October 11, 2021

Trusted CI webinar: The Trusted CI Framework; Overview and Recent Developments, Oct 25th @11am Eastern

Trusted CI's Scott Russell will be presenting the talk, The Trusted CI Framework; Overview and Recent Developments, on Monday October 25th at 11am (Eastern).

Please register here.

The Trusted CI Framework is a tool to help organizations establish and refine their cybersecurity programs. In response to an abundance of guidance focused narrowly on cybersecurity controls, Trusted CI set out to develop a new framework that would empower organizations to confront cybersecurity from a mission-oriented, programmatic, and full organizational lifecycle perspective. The Trusted CI Framework recommends organizations take control of their cybersecurity the same way they would any other important business concern: by adopting a programmatic approach.

This webinar will provide an introduction to the Trusted CI Framework, including a walkthrough of the 16 “Musts” for establishing a competent cybersecurity program. Then we will go on to cover recent developments with the Trusted CI Framework, including: 
  1. The publication of the first “Framework Implementation Guide,” which provides in-depth guidance on how to implement each Framework Must;
  2. The experiences of NOIRLab (NSF Major Facility) as the first official Framework adopter; and
  3. The announcement of the “Framework Cohort” for 2022, an initiative to help Major Facilities adopt and implement the Framework.

Speaker Bio

Scott Russell is a Senior Policy Analyst at the Indiana University Center for Applied Cybersecurity Research. Scott was previously the Postdoctoral Fellow in Information Security Law & Policy. Scott’s work thus far has emphasized private sector cybersecurity best practices, data aggregation and the First and Fourth Amendments, and cybercrime in international law. Scott studied Computer Science and History at the University of Virginia and received his J.D. from the Indiana University, Maurer School of Law.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Wednesday, September 29, 2021

Findings Report of the 2021 Trusted CI Annual Challenge on Software Assurance Published

 As reported in this blog earlier this year, in 2021, Trusted CI is conducting our focused “annual challenge” on the assurance of software used by scientific computing and cyberinfrastructure

In July, the 2021 Trusted CI Annual Challenge team posted its initial findings in this blog.  The team is now pleased to share its detailed findings report:

Andrew Adams, Kay Avila, Elisa Heymann, Mark Krenz, Jason R. Lee, Barton Miller, and Sean Peisert. “The State of the Scientific Software World: Findings of the 2021 Trusted CI Software Assurance Annual Challenge Interviews,” September 2021.  https://hdl.handle.net/2022/26799

Now that the team has finished its examination of software assurance findings, it will turn its focus to solutions.  In accordance with that, later this calendar year, the Trusted CI team will be publishing a guide for recommended best practices for scientific software development.

For those interested in hearing more about the 2021 Annual Challenge, please (virtually) come to the team’s panel session at the 2021 NSF Cybersecurity Summit at 3:05 EDT on October 13, 2021: https://www.trustedci.org/2021-summit-program


Wednesday, September 22, 2021

SGCI Webinar: Security recommendations for science gateways, Sept 29th @ 1pm EDT

This webinar announcement was originally posted on SGCI's website.

Security recommendations for science gateways

Wednesday, September 29, 2021, 1 pm Eastern/10 am Pacific

Presented by Mark Krenz, Chief Security Analyst, Center for Applied Cybersecurity Research, Indiana University

Trusted CI has recently published a four-page document targeted at small team science gateways. This document provides a prioritized list of security recommendations to help reduce overall security risk. In this webinar Mark Krenz, from Trusted CI, will be providing an introduction and overview of the document, as well as a discussion of the lessons learned from the last few years of providing security consultations for science gateways.

See SGCI's webinars page for the Zoom link and password.