Trusted CI has posted a new success story on its collaboration with FABRIC, a national-scale testbed that is providing a new research infrastructure enabling scientists to share massive amounts of data. As FABRIC was being built in 2021, project leaders turned to Trusted CI, the NSF Cybersecurity Center of Excellence, to ensure they designed security into the project from the beginning. FABRIC continues its involvement with Trusted CI as a member of the Research Infrastructure Security Community. The cohort offers an opportunity to share challenges and solutions with others in the same research space.
Wednesday, July 17, 2024
Monday, July 15, 2024
Advancing the Cybersecurity of NSF Cyberinfrastructure: Trusted CI Graduates its Fifth Framework Cohort
Trusted CI’s fifth Framework Cohort, “Echo”, successfully completed the six-month program of training and workshop engagement focused on learning and applying the Trusted CI Framework. Cohort members entered the engagement with a commitment to adopting the Framework at their organizations. They then worked closely with Trusted CI to gather site information and create validated self-assessments of their facility’s cybersecurity programs based on the Framework. Each organization also emerged with a draft Cybersecurity Program Strategic Plan (CPSP) identifying priorities and directions for further refining their cybersecurity programs. Echo cohort included the following research cyberinfrastructure providers:
Advanced Simons Observatory (ASO)
Compact X-ray Free Electron Laser (CXFEL)
Inter-university Consortium for Political and Social Research (ICPSR)
National High Magnetic Field Laboratory
Security and Privacy Heterogeneous Environment for Reproducible Experimentation (SPHERE)
Thirty Meter Telescope International Observatory (TIO)
Compact X-ray Free Electron Laser (CXFEL)
Inter-university Consortium for Political and Social Research (ICPSR)
National High Magnetic Field Laboratory
Security and Privacy Heterogeneous Environment for Reproducible Experimentation (SPHERE)
Thirty Meter Telescope International Observatory (TIO)
The foundation of the cohort program is the Trusted CI Framework. The Framework was created as a minimum standard for cybersecurity programs. In contrast to cybersecurity guidance focused narrowly on cybersecurity controls, the Trusted CI Framework provides a more holistic and mission-focused standard for managing cybersecurity. For these organizations, the cohort was their first formal training in the Trusted CI Framework “Pillars” and “Musts” and how to apply these fundamental principles to assess their cybersecurity programs.
Feedback on the program from cohort participants has been strongly positive.
Jim Berhalter, Director of IT for the National High Magnetic Field Laboratory at Florida State University, said: “The Trusted CI cohort has been invaluable to our organization and I would highly suggest participating. While some of it can be daunting, it was a comprehensive way to structure a cybersecurity plan for our organization and made me think about things I would’ve never thought about for our cybersecurity infrastructure.”
Joe Saul, Privacy and Security Officer, Adjunct Research Assistant Professor for ICPSR at University of Michigan, said: “Participating in the Trusted CI cohort was a rare opportunity. You get to learn from others who are facing some of the same challenges you are, and share your own experiences. You get to work with the Trusted CI team, who have talked to a LOT of other groups in similar situations, and hear their read on how you’re doing. Maybe most importantly, they help you take a step back and evaluate your own program and where you’re going. All of this for free. If you get the chance, jump at it. It’s a lot of work, but you aren’t going to get this anywhere else. And certainly not for free.”
Concurrent with leading Echo, Trusted CI continued quarterly engagement with graduates of the four previous Framework cohorts through the Research Infrastructure Security Community (RISC). Trusted CI established RISC as a community of practice to provide a forum for cohort graduates to exchange cybersecurity experience, best practices, challenges, etc., within the NSF research cyberinfrastructure community.
Trusted CI plans to use the second half of 2024 to implement a number of cohort program improvements based on participant feedback and lessons learned during the previous five cohort engagements. The Framework Team plans to implement improvements that enhance cohort participants' experience and increase potential impacts.
For more information, please contact us at info@trustedci.org.
Labels: cybersecurity programs, framework, major facilities
Tuesday, July 9, 2024
Trusted CI Webinar: Automated Building and Deploy Testing — Using Zeek as an example, Monday July 22nd @ 11am Eastern
Please register here.
At ESnet, we pride ourselves on being cutting-edge, even if it causes a few scratches. Every new branch of Zeek is automatically built and tested in Gitlab CI. Then, every night, the latest successful 'master' build is deployed, along with all of our packages and scripts, to a test system via Ansible. As time permits, we roll out the latest build, in production, to over 40 servers.
Through this process we've both been able to provide early feedback to the Zeek project about potential bugs and give ourselves an early warning system when changes impact our production plugins and scripts.
Zeek is an open source network security monitoring tool. This does not focus on the use of Zeek itself, but rather the care and feeding of our installation footprint.
Speaker Bio: Michael “Dop” Dopheide has spent the majority of his career working in the R&E community specializing in systems engineering, security research, incident response, and network intrusion detection. He especially enjoys helping coworkers debug problems at the packet and protocol levels. In addition to his operational security role, Dop helps support the open source Zeek community and volunteers every year to beta test the SANS Holiday Hack challenge.
---
Join Trusted CI's announcements mailing list for information about upcoming
events. To submit topics or requests to present, see our call for
presentations. Archived presentations are available on our site under
"Past Events."
Monday, June 10, 2024
Trusted CI Webinar: The Transformative Twelve: Taking a Practical, Evidence-Based Approach to Cybersecurity Controls, Monday June 24th @ 11am Eastern
Please register here.
Controls aren’t everything, but they are an important rubber-meets-the-road component of your cybersecurity strategy and program. This webinar will help you will understand the role controls play in a competent cybersecurity program through the lens of the Trusted CI Framework. And, with help cutting through the noise of the many, many controls and control sets in the wild, it will introduce you to the Transformative Twelve, a small, highly prioritized, evidence-based set of cybersecurity controls.
Speaker Bio: Craig Jackson is Deputy Director at the Indiana University Center for Applied Cybersecurity Research, where his R&D interests include evidence-based approaches to security, cybersecurity fundamentals, and cybersecurity program development and governance. He leads collaborative work with critical infrastructure partners. His work includes the Trusted CI Framework, the Information Security Practice Principles, and the Cybertrack and USN’s PACT assessment methodologies. Craig’s education background is in law, education, psychology, and philosophy.
---
Join Trusted CI's announcements mailing list for information about upcoming
events. To submit topics or requests to present, see our call for
presentations. Archived presentations are available on our site under
"Past Events."
Wednesday, May 29, 2024
Now Open - 2024 NSF Cybersecurity Summit Call for Participation
It is our pleasure to announce that the 2024 NSF Cybersecurity Summit Call for Participation is now open! The Summit Program Committee seeks proposals for:
Plenary presentations
TLP:RED talks
Workshops
Trainings
Birds of a Feather (BoFs)
Project meetings
Poster session submissions
Last month, we asked the NSF cyberinfrastructure community which topics the Summit should address. Below are the top 10 results from the community poll. We strongly encourage proposals that address:
More detail and guidance on submitting proposals can be found here: https://www.trustedci.org/2024-cfp
The Summit provides a forum for National Science Foundation (NSF) funded scientists, researchers, cybersecurity, and cyberinfrastructure (CI) professionals and stakeholders to develop community and share best practices. The Summit will offer attendees training sessions and workshops with hands-on learning of security tools, security program development and compliance for research.
The deadline for proposal submissions is Jun 23, 2024
Thank you on behalf of the Program and Organizing Committees. We look forward to receiving your proposals and hope to see you in October in Pittsburgh!
Wednesday, May 8, 2024
Highlights from the 2024 NSF Research Infrastructure Workshop
The RIW officially began on a Tuesday, but Trusted CI held its quarterly Research Infrastructure Security Community (RISC) meeting the day before, taking advantage of a number of Framework cohort members traveling to Tucson to attend the RIW. The RISC meeting included a presentation from NSF’s Cybersecurity Advisor for Research Infrastructure, Mike Corn, to discuss the upcoming revision of the NSF Research Infrastructure Guide and potential changes related to cybersecurity. On Tuesday evening, Trusted CI’s “Secure by Design” team participated in the poster session. Their poster, “Cybersecurity Risks to Large Science Projects,” won second place in the poster competition.
Overall, the RIW program agenda emphasized topics that impact members of the Trusted CI community, notably the tracks on Cyberinfrastructure (Tuesday) and Cybersecurity (Thursday), as well as a plenary talk on Friday that covered a recent cybersecurity incident at one of the NOIRLab sites.
On Wednesday, in-person attendees were given the opportunity to join one of three different tours organized by the event committee: Kitt Peak National Observatory, Biosphere 2 or the Richard F. Caris Mirror Lab.
Trusted CI highly encourages members of the NSF cyberinfrastructure operations community to attend next year’s workshop and thanks the RIW organizers and co-hosts for another great event. Materials from this year's workshop will be posted soon to the NSF Research Infrastructure Knowledge Sharing Gateway.
Friday, May 3, 2024
Trusted CI Webinar: NSF's 2025 Research Infrastructure Guide: Information Assurance, Monday May 20th @ 11am Eastern
Please register here.
NSF's major facilities represent some of the most significant research facilities on the globe. The forthcoming revision to the Research Infrastructure Guide (or RIG) details NSF's guidance on securing these facilities and its expectations for cybersecurity programs at the major facilities. This presentation will explain how we approached shaping this guidance, the unique challenges we faced, and offer a peek at some of the resulting guidance the revised RIG will provide.Speaker Bio: Michael Corn has been a CISO at four institutions (UIUC, Illinois System, Brandeis University, and most recently UC San Diego). A regular author on a variety of privacy, cybersecurity and identity related topics, he is currently the Cybersecurity Advisor for Research Infrastructure in the Office of the Chief Officer for Research Facilities and additionally provides support to the Office of the Chief of Research Security Strategy and Policy within NSF. A recent online presentation on cybersecurity policy can be found at https://bit.ly/3JIpI8w.
---
Join Trusted CI's announcements mailing list for information about upcoming
events. To submit topics or requests to present, see our call for
presentations. Archived presentations are available on our site under
"Past Events."
Subscribe to:
Posts (Atom)