Wednesday, January 25, 2023

Announcing the 2023 Trusted CI Annual Challenge: Building Security Into NSF Major Facilities By Design

The Trusted CI Annual Challenge is a year-long project focusing on a cybersecurity topic of importance for scientific computing environments.  In its first year, the Trusted CI Annual Challenge focused on improving trustworthy data for open science.  In its second year, the Annual Challenge focused on software assurance in scientific computing.  In its third year, 2022, the Annual Challenge focused on the security of operational technology in science.  

The 2022 Annual Challenge on the Security of Operational Technology in NSF Scientific Research reinforced the notion that NSF Major Facilities, once constructed, can deploy operational technology that can have an operational lifetime of 15-30 years.  However, there are typically no cybersecurity requirements during acquisition and design.  In the 2023 Annual Challenge, Trusted CI staff will engage with NSF Major Facilities undergoing construction or refreshes in a hands-on way to build security into those Facilities from the outset.  Trusted CI will directly support the planning for facility refreshes and construction with respect to operational technology and will particularly focus on the academic maritime domain, including supporting the acceptance testing of the NSF-funded Research Class Research Vessels (RCRVs) at Oregon State University, supporting the U.S. Antarctic Program (USAP)’s design of the Antarctic Research Vessel (ARV), and Scripps Institution of Oceanography’s design of the California Coastal Research Vessel (CCRV).

This year’s Annual Challenge is supported by a stellar team of Trusted CI staff, including Andrew Adams (Pittsburgh Supercomputing Center), Daniel Gunter (Berkeley Lab), Ryan Kiser (Indiana University), Mark Krenz (Indiana University), Michael Simpson (Indiana University), John Zage (University of Illinois, Urbana-Champaign), and Sean Peisert (Berkeley Lab; 2023 Annual Challenge Project Lead).

Friday, January 13, 2023

Cyberinfrastructure Vulnerabilities 2022 Annual Report

The Cyberinfrastructure Vulnerabilities team provides concise announcements on critical vulnerabilities that affect science cyberinfrastructure (CI) of research and education centers, including those threats which may impact scientific instruments. This service is freely available by subscribing to Trusted CI's mailing list (see below).

We monitor a number of sources for vulnerabilities, then determine which ones are of critical interest to the CI community. While there are many cybersecurity issues reported in the news, we strive to alert on issues that affect the CI community in particular. These issues are identified using the following criteria:

  • the affected technology's or software's pervasiveness in the CI community
  • the technology's or software's importance to the CI community
  • the type and severity of a potential threat, e.g., remote code execution (RCE)
  • the threat's ability to be triggered remotely
  • the threat's ability to affect critical core functions
  • the availability of mitigations

For issues that warrant alerts to the Trusted CI mailing list, we also provide guidance on how operators and developers can reduce risks and mitigate threats. We coordinate with ACCESS, Open Science Grid (OSG), the NSF supercomputing centers, and the ResearchSOC on drafting and distributing alerts to minimize duplication of effort and maximize benefit from community expertise. Sources we monitor for possible threats to CI include the following:

In 2022 the Cyberinfrastructure Vulnerabilities team discussed 41 vulnerabilities and issued 29 alerts to 192 subscribers.

You can subscribe to Trusted CI's Cyberinfrastructure Vulnerability Alerts mailing list by sending email to cv-announce+subscribe@trustedci.org . This mailing list is public and its archives are available at https://groups.google.com/a/trustedci.org/g/cv-announce .

If you have information on a cyberinfrastructure vulnerability, let us know by sending email to alerts@trustedci.org .

Monday, January 9, 2023

Trusted CI Webinar: Improving the Security of Open-Source Software Infrastructure, January 23rd @11am EST

Gedare Bloom is presenting the talk, Improving the Security of Open-Source Software Infrastructure, January 23rd at 11am (Eastern).

Please register here.

Remote monitoring and control of industrial control systems are protected using firewalls and user passwords. Cyberattacks that get past firewalls have unfettered access to command industrial control systems with potential to harm digital assets, environmental resources, and humans in proximity to the compromised system. In this talk, I will discuss our approach to prevent and mitigate such harms in scientific industrial control systems by enhancing the security of open-source cyberinfrastructure: the open-source Real-Time Executive for Multiprocessor Systems (RTEMS) real-time operating system and the Experimental Physics and Industrial Control System (EPICS) software and networks. The RTEMS and EPICS software projects are widely used cyberinfrastructure for controlling scientific instruments. This talk will discuss security problems that we have explored with these communities, and examine the salient challenges and opportunities presented by working with open-source communities on their cybersecurity needs.

Speaker Bio:

Gedare Bloom received his Ph.D. in computer science from The George Washington University in 2013. He joined the University of Colorado Colorado Springs as an Assistant Professor of Computer Science in 2019 and Associate Professor in 2022. He was an Assistant Professor of Computer Science at Howard University from 2015-2019. His research expertise is computer system security with emphasis on real-time embedded systems. He has published over sixty peer reviewed articles, serves as a program committee member and technical referee for flagship conferences and journals, and is an associate editor for the IEEE Transactions on Vehicular Technology.

Since 2011 Dr. Bloom has been a maintainer for the RTEMS open-source hard real-time operating system, which is used in robotics frameworks, unmanned vehicles, satellites and space probes, automotive, defense, building automation, medical devices, industrial controllers, and more. Some of his key contributions to RTEMS include the first 64-bit architectural port of RTEMS, design and implementation of a modern thread scheduling infrastructure, support for running RTEMS as a paravirtualized guest for avionics hypervisors, and implementation of POSIX services required to be compliant with the FACE avionics standard. Additionally, he mentors and guides students around the world through learning about and developing with RTEMS. He co-authored the textbook “Real-Time Systems Development with RTEMS and Multicore Processors” published by CRC Press in 2020.

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Thursday, December 15, 2022

Trusted CI Webinar Series: Planning for 2023, review of 2022

The 2022 season of the Trusted CI Webinar series has concluded and we are looking forward to the presentations scheduled in the next year. 

The following topics and speakers have been booked in 2023 so far:  

  • January: Real-Time Operating System and Network Security for Scientific Middleware with Gedare Bloom (NSF Award #2001789)
  • February: Security Program for the NIH’s Common Fund Data Ecosystem with Rick Wagner 
  • March: Mutually Agreed Norms for Routing Security (MANRS) with Steven Wallace 
  • April: Advanced Cyberinfrastructure Coordination Ecosystem: Services and Support (ACCESS) with Derek Simmel and Alex Withers (NSF Award #2138296)
  • May: Deception Awareness and Resilience Training (DART) with Anita Nikolich (NSF Award #2230494)
  • September: Improving the Privacy and Security of Data for Wastewater-based Epidemiology with Stephanie Forrest and Ni Trieu (NSF Award #2115075)
  • October: Enhancing Integrity and Confidentiality for Secure Distributed Data Sharing (Open Science Chain) with Subhashini Sivagnanam (NSF Award #2114202)

In case you missed them, here are the webinars from 2022: 

  • January ‘22: EDUCAUSE HECVAT v3 and OSC engagement with Kyle Early and Charles Escue (Video)(Slides) 
  • February ‘22: The Results of the Trusted CI Annual Challenge on Software with Sean Peisert, Elisa Heymann, and Barton Miller (Video)(Slides) 
  • April ’22: Updates from the Trusted CI Framework Cohort with Scott Russell (Video)(Slides) 
  • June ‘22: Ransomware with REN-ISAC’s Sarah Bigham and Krysten Stevens (Video)(Slides) 
  • August ‘22: CIS Controls with Trusted CI (Video)(Slides) 
  • September ‘22: Lowering the Barrier to Entry for Regulated Research Through Community Building with Carolyn Ellis and Erik Deumens (Video)(Slides) 
  • December 5th: Science DMZ Engagement with University of Arkansas (Video)(Slides)

Join Trusted CI's announcements mailing list for information about upcoming events. Our complete catalog of webinars and other presentations are available on our YouTube channel. See our call for presentations to submit a request to present. For questions or feedback, email us at webinars@trustedci.org.

2022 NSF Cybersecurity Summit Report now available

NSF scientists, researchers, cybersecurity, and cyberinfrastructure professionals and stakeholders gathered once again for the 2022 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure. Trusted CI, NSF’s Cybersecurity Center of Excellence, celebrated the 10th anniversary of hosting the Summit. 

The 2022 Summit was held October 18-20 in person in Bloomington, IN with a virtual option available for Plenary 1 and 2. The 2022 Summit hosted 224 attendees, including 17 students, and 12 of 17 NSF Large Facilities. Framework adoption, Operational Technology, and preparing for AI were important themes at the Summit. 

The Trusted CI team looks forward to an in-person Summit in Berkeley, CA, October 23-27, 2023, along with a virtual attendance option, so we can continue to advance the mission of the NSF science community.


Click here to see the 2022 Summit report. 

Sunday, November 20, 2022

Trusted CI Webinar: Science DMZ Engagement with University of Arkansas, December 5th @11am EST

Mark Krenz and Don DuRousseau will be presenting the talk, Science DMZ Engagement with University of Arkansas, December 5th at 11am (Eastern).

Please register here.

A Science DMZ is a special network architecture designed to improve the speed at which large science data transfers can be made over the Internet while maintaining security of the assets. This webinar will provide an overview of the Science DMZ architecture, how to secure it, and cover use cases such as the statewide science network in Arkansas.

Speaker Bios:

Mark Krenz: Mark Krenz is the Chief Security Analyst at the Indiana University Center for Applied Cybersecurity Research and the Deputy CISO of Trusted CI. He is focused on cybersecurity operations, research and education. He has more than two decades of experience in system and network administration and has spent the last decade focused on cybersecurity.

Don DuRousseau: Don is Director of Research Technology at the University of Arkansas. He has over 20 years leadership experience in research technologies, cyberinfrastructures, cybersecurity, and informatics. He is an active researcher and contributor in areas of programmable networking, advanced computing, bioinformatics, and human systems engineering. He leads the NSF CC* CIRA: Shared Arkansas Research Plan for Community Cyberinfrastructure (SHARP) project in planning the statewide research cyberinfrastructure (RCI) operations and researcher training and support strategy for providing HPC and other research resources and services to all the universities and colleges in Arkansas.

Don was responsible for the operation and growth of the 100-G R&E Network (CAAREN) Capital Area Advanced Research and Education Network in Washington D.C. In addition, he led the operations of the HPC resources and distributed support services on campus and built the Capital Region Advanced Cyber Range (CRACR) through the NSF CICI: Regional: Substrate for Cybersecurity Education; a Path to Training, Research and Experimentation project carried out at The George Washington University.

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

 

Friday, November 18, 2022

Deadline extended until Friday Dec. 2- Trusted CI 2023 Fellows Program Application

 We are now pleased to announce the call for applications for our 2023 Trusted CI Fellows.

Another cohort of six Fellows will receive training from and work closely with Trusted CI to expand their own understanding of trustworthy science and further empower the NSF community to secure its own research.

Applications are now open for the 5th round of Trusted CI Fellows! You can learn more about our Fellows program by visiting our website..

The deadline for applications is Friday, Dec 2. Click here to apply for the program.
Trusted CI’s first three cohorts of Fellows have been an amazing success with twenty Fellows from various fields, including:

  • Research technologies
  • Astrophysics
  • Criminal justice
  • Network and combinatorial optimization 
  • and computer engineering. 

Click here to view our 201920202021, and 2022 Fellows