Friday, February 21, 2020

Mingling at the Dance (2020 Update): Cybersecurity and Science Cultures

The following is a blog from Von Welch, the full post can be read at EDUCAUSE Security Matters

The National Science Foundation's Cybersecurity Center of Excellence, led by Indiana University, continues to offer educational workshops and provide actionable guidance to help information security professionals have productive discussions about risk and data protection and successfully partner with scientists and researchers.

What has changed in the higher education cybersecurity landscape since my 2016 EDUCAUSE Review Security Matters blog post, and what has stayed largely the same?

Read Von’s EDUCAUSE Security Matters blog post >>

Trusted CI Begins Engagement with UC Berkeley

The Secure Research Data and Compute (SRDC) Platform at UC Berkeley is
funded by executive leadership as a condo-style research computing service. This
institutionally supported foundation for restricted data research will be professionally
managed and supported by Research IT staff from UC Berkeley and Lawrence
Berkeley National Lab, and researchers will contribute computation and storage
hardware to the platform using their research funds.

The SRDC Platform will bring together HPC nodes, virtual machines, and big
data storage for researchers working with highly sensitive data (e.g., PHI and PII)
across a range of domains, many of which are NSF-funded, including biology,
engineering, computer science, and a broad spectrum of social sciences and
professional schools such as business, public health, and law.

Trusted CI will engage with UC Berkeley to guide the design and implementation
of the SRDC Platform and a procedural framework that maintains a healthy balance
between usability and security.  To achieve this, Trusted CI and UC Berkeley will
first inventory the proposed architecture, workflows, and current policies and
procedures. Trusted CI will then analyze them, assess them against other
implementations, and provide recommendations.

The engagement began January 2020 and is scheduled to run to the end of June 2020.

Thursday, February 20, 2020

Trusted CI delivers final engagement report to US Academic Research Fleet

ARF comprises 18 vessels and the supporting infrastructure equipped to serve the needs of the oceanographic research community.  In the second half of 2019, Trusted CI and the US Academic Research Fleet (ARF) collaborated in an engagement to address the cybersecurity needs of ARF’s research vessels.

The engagement began by determining how the engagement should be scoped. ARF identified the most crucial security related issues they would like to address, including establishing  a unified cyberinfrastructure security plan that will both serve the evolving security needs of its community and prepare the ARF for operational cybersecurity requirements due to be enforced by the  International Maritime Organization 2021 cybersecurity regulations.

The first month was spent gathering information from ARF and policies and information from all ships in the fleet.  The Trusted CI engagement team visited four research vessels after the initial data gathering and presented an introduction to cybersecurity to the ARF personnel at the RVTEC meeting.
Trusted CI and ARF on the R/V Robert Gordon Sproul
The engagement culminated with Trusted CI delivering a 40-page final report to the ARF containing collected observations, a set of recommendations ordered by impact, and additional materials that could be used to enhance the budding cybersecurity efforts of the fleet. ARF plans to share this report with stakeholders within their community in order to help improve cybersecurity controls and practices.

During this engagement, Trusted CI staff worked with ARF to review policies and procedures, toured 4 different classes of research vessels, interviewed crew members of ships, and met with research vessel technology specialists at the research vessel technology (RVTEC) meeting in Alaska.

The Academic Research Fleet is funded by multiple NSF grants managed by the division of Ocean Sciences (Award # 1823600, 1824571, 1827383, 1827415, 1827444, 1822574, 1822670, 1824508, 1829214, 1830845, 1823566, 1822532, 1823567, 1823042, 1822954, 1827437, 1822905, 1827654, 1834650) and is a collaboration of multiple institutions.  Trusted CI would like to thank the following institutions and organizations for their collaboration in the engagement: Academic Research Fleet, Columbia University, Louisiana Universities Marine Consortium, Oregon State University, Scripps Institution of Oceanography, Skidaway Institute of Oceanography, University of Alaska Fairbanks, University of HawaiĘ»i, University of Miami, University of Minnesota, University of Rhode Island, University of Washington, University-National Oceanographic Laboratory System, and Woods Hole Oceanographic Institution.

Friday, February 14, 2020

Report on the 2019 NSF Cybersecurity Summit is now available

The Report of the 2019 NSF Cybersecurity Summit for Cyberinfrastructure and Large Facilities, is now available at http://hdl.handle.net/2142/105533. The report summarizes the annual Summit that was held October 15-17, 2019, in San Diego, CA. The Summit provides a valuable opportunity for cybersecurity training and information exchange among members of the cybersecurity, cyberinfrastructure, and research communities who support NSF science projects. This sharing of challenges and experiences raises the level of cybersecurity awareness and gives Trusted CI important insights into current and evolving issues within the constituent communities.

This year’s Summit workshops, plenary sessions, and table talks reiterated some observations from previous years such as:
  • The high value of community member interaction and knowledge share
  • The threat of social engineering to cybersecurity
Emerging areas of importance to the community were also highlighted. These included
  • Inherent vulnerabilities in AI/ML
  • Maintaining data integrity

Day 1 of the Summit was dedicated to half-day and full-day training workshops. Days 2 and 3 comprised plenary presentations, panels, and keynotes that focused on the security of cyberinfrastructure projects and NSF Large Facilities. This year’s attendance totaled 143 (up from 117 in 2018), representing 84 NSF projects, including 12 of the 20 NSF Large Facilities. Almost half (46%) of the attendees actively participated in the Summit through planning, presenting, responding to the CFP, leading a workshop, and/or leading a lunch table talk. Evaluation and feedback of the 2019 Summit was very positive and constructive. We look forward to the upcoming 2020 NSF Summit that will be held September 22-24, 2020, at the Monroe Convention Center in Bloomington, Indiana.

Tuesday, February 11, 2020

Trusted CI Webinar Feb 24th at 11am ET: FABRIC with Anita Nikolich


Illinois Tech's Anita Nikolich is presenting a talk on FABRIC, the Adaptive programmaBle networked Research Infrastructure for Computer science, on February 24
th at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.
Testbeds can be great for trying out new ideas and not taking down a production network, or they can be useless and impossible to figure out. FABRIC took the best of past testbeds and is creating a new, useful national research infrastructure to enable cutting-edge, exploratory research at-scale in computer networking, security, machine learning, distributed computing and applications.

It will be a nation-wide high-speed (100-1000 Gbps) network interconnecting major research centers and computing facilities that will allow researchers, operators and engineers to develop and experiment with new distributed application, compute and network architectures not possible today. FABRIC nodes can store and process information "in the network" in ways not possible in the current Internet, which will lead to completely new networking protocols, architectures and applications that address pressing problems with performance, security and adaptability in the Internet. Reaching deep into university campuses, FABRIC will connect university researchers and their local compute clusters and scientific instruments to the larger FABRIC infrastructure. The infrastructure will also provide access to public clouds, such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure. This experimental facility will allow multiple experiments to be conducted simultaneously, and is capable of incorporating real traffic and real users into experiments. For more information about FABRIC visit https://www.fabric-testbed.net.
Anita Nikolich is a Research Professor in Computer Science at Illinois Tech, Fellow at the Cyber Policy Initiative at the Harris School of Public Policy at The University of Chicago, co-organizer of the DEFCON AI Village, and ARIN Advisory Council member. She is Co-Director of FABRIC.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Monday, January 27, 2020

Trusted CI Concludes SLATE Engagement

In the second half of 2019, Trusted CI and Services Layer at the Edge (SLATE) collaborated in an engagement to address cybersecurity concerns for the SLATE system.

SLATE is funded by an NSF grant managed by the Office of Advanced Cyberinfrastructure (Award #1724821).  SLATE accelerates collaborative scientific computing through a secure container orchestration framework focused on the Science DMZ, enabling creation of advanced multi-institution platforms and novel science gateways.  Similar approaches are already in production supporting LIGO and other scientific collaborations but as yet lack a generalized trust framework.  While innovation of the new trust model is initially occurring in the context of the OSG and the worldwide LHC computing grid (WLCG), trusted federated edge infrastructures enabling operation of advanced computing platforms will be necessary in the future to sustain a wide range of data intensive science disciplines requiring shared, scalable national and international cyberinfrastructure.

In the Trusted CI SLATE engagement, we performed an overall security analysis of the SLATE platform, identified trust relationships and key user/administrator workflows, identified a set of needed security policy documents, and began drafting the security policies. We also evaluated container security tools, explored existing applicable OSG and WLCG security policies, and gathered community input on the SLATE security program, resulting in an initial consensus around the security policies and procedures needed to enable wider adoption of the SLATE platform.

Community-driven work on the SLATE security program continues through the WLCG Federated Operations Security Working Group, which is open to all who are interested. Visit https://trustedci.org/slate for pointers to current status of the working group and https://slateci.io/docs/security-and-policies/ for pointers to current SLATE security policies as they are developed.  Visit https://hdl.handle.net/2142/106019 for the Trusted CI Slate engagement final report.

Friday, January 24, 2020

Invitation to Join Trustworthy Data Working Group

In February 2020, Trusted CI will launch a new Trustworthy Data Working Group. With the recent renewal by NSF, Trusted CI is focusing each year on a new challenge to NSF science, and this working group represents our inaugural effort for 2020. The group will survey science projects to learn about data security concerns and practices. We will analyze the survey results and develop guidance for science projects and cyberinfrastructure developers, including references to existing resources. We will then publish the survey results, along with the analysis and guidance, as a freely-available report by the end of 2020, and we will share the results in a Trusted CI webinar and in other venues.

To form this working group, Trusted CI is collaborating with the four NSF Big Data Innovation Hubs, the NSF CI CoE Pilot, the Ostrom Workshop on Data Management and Information Governance, the NSF Engagement and Performance Operations Center (EPOC), the Indiana Geological and Water Survey, the Open Storage Network, and other interested community members. Participation in the working group is open to all.

To participate:
Any questions/comments? Join the discussion on the mailing list or contact the working group chair (Jim Basney).