Wednesday, February 13, 2019

Trusted CI Begins Engagement with the American Museum of Natural History

The American Museum of Natural History (AMNH) is home to more than 200 scientists conducting scientific research spanning anthropology, astrophysics, biology, geosciences, and paleontology. Through the National Science Foundation's Campus Cyberinfrastructure (CC*) program (NSF OAC-1827153), AMNH is making major upgrades to its network with a priority on scientific data flows. Improvements include high-speed "science-access" switches for research departments, a new Science DMZ complete with data transfer nodes (DTNs) implementing high-speed transfer via Globus, network performance monitoring with perfSONAR, connections with regional (NYSERNet) and national (Internet2) high-speed networks, deployment of federated login with InCommon, and education and training for scientists and the broader research and education community.

Trusted CI's engagement with AMNH will focus on the following activities.
Trusted CI will document the activities of this engagement in a final report to be made available to the public. Additionally, AMNH intends to capture implementation and "best practices" security configuration of their new Science DMZ in a "how-to" document which can be used as an exemplar by other institutions of similar size and scope wishing to deploy their own Science DMZ.

The Trusted CI-American Museum of Natural History engagement began January 2019 and is scheduled to conclude by the end of June 2019.

Tuesday, February 12, 2019

Join the growing Cybersecurity Research Transition To Practice (TTP) Community

The Cybersecurity Research TTP (Transition To Practice) program led by Trusted CI enables us to work together as a community to advance the state of cybersecurity practice by identifying  gaps in cybersecurity technology , then matchmaking researchers with practitioners to transition cybersecurity research to practice to address the gaps.

Through a series of interviews with experts, a table top discussion at the cybersecurity Summit, and reviews of Trusted CI reports and engagements, we have identified cybersecurity gaps and are finding researchers who have viable research we can explore and eventually transition to operational environments. The top cybersecurity gaps identified include increasing the use of AI/ML for Cybersecurity, IoT/CPS (Internet of Things / Cyber Physical Systems) risk management, improving global integrated Federated Identity Management (FIM), and reducing phishing attacks. Increasing cybersecurity resources and the pipeline is another key need.

Please join us in this effort. If you have Cybersecurity needs and gaps to address, please email them to ttp@trustedci.org. If you are or know a Cybersecurity researcher, let us know how we can help you, from matchmaking to business model coaching. Join our webinars and workshops to engage researchers and perhaps provide them with data to fuel their research, such as intrusion alert data .

Our next Cybersecurity research TTP community event is the Feb 25 Trusted CI webinar when Dr. Shanchieh (Jay) Yang from RIT will present his research on “Anticipatory Cyber Defense via Predictive Analytics, Machine Learning and Simulation”.

If you would like to participate in discussions one on one with the researchers to provide valuable input to their research, let us know. We are enabling researcher with practitioner matchmaking already to provide valuable insight and partnerships and would love to have you join us.

We invite you to request an invitation for the next in person Cybersecurity research TTP and co- creation workshop on June 19th 2019 in Chicago. You can meet the researchers, join  panel discussions on Cybersecurity needs and potential research solutions, and participate in co-creation breakouts such as AI/ML, IoT/CPS or others you bring forward.

Our goal is to build a dynamic collaborative cybersecurity community of practice, with researchers and practitioners working together to identify and address cybersecurity needs now  and into the future. We welcome you to join in.

Monday, February 11, 2019

CCoE Webinar February 25th at 11am ET: Anticipatory Cyber Defense via Predictive Analytics, Machine Learning and Simulation

Shanchieh (Jay) Yang is presenting the talk "Anticipatory Cyber Defense via Predictive Analytics, Machine Learning and Simulation" on Monday February 25th at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.
Cyberattacks on enterprise networks have moved into an era where both attackers and security analysts utilize complex strategies to confuse and mislead one another. Critical attacks often take multitudes of reconnaissance, exploitations, and obfuscation techniques to achieve the goal of cyber espionage and/or sabotage. The discovery and detection of new exploits, though needing continuous efforts, is no longer sufficient. Imagine a system that automatically extracts the ways the attackers use various techniques to penetrate a network and generates empirical models that can be used for in-depth analysis or even predict next attack actions. What if we can simulate synthetic attack scenarios based on characteristics of the network and adversary behaviors? Will publicly available information on the Internet be viable to forecast cyberattacks before they take place? This talk will discuss advances that enable anticipatory cyber defense and open research questions. Specifically, this talk will present a suite of research efforts and prototypes: ASSERT integrates Bayesian-based learn
ing with clustering to generate and refine attack models based on observed malicious activities; CASCADES explores how attackers discover vulnerabilities of the systems in the network to simulate potential attack progressions; CAPTURE overcomes limitations of imbalanced, insignificant, and non-stationary data to forecast cyberattacks before they happen using public domain signals. These ongoing research works provide much needed anticipatory capability for proactive cyber defense.

This talk will be at a sufficiently high level to describe the needs for anticipatory cyber defense and some capabilities. The intended audience ranges from researchers, practitioners, policy makers, and students who have some high level knowledge about cybersecurity.

Speaker bio:

Dr. S. Jay Yang received his BS degree in Electronics Engineering from National Chaio-Tung University in Taiwan in 1995, and MS and Ph.D. degrees in Electrical and Computer Engineering from the University of Texas at Austin in 1998 and 2001, respectively. He is currently a Professor and the Department Head for the Department of Computer Engineering at Rochester Institute of Technology. He also serves as the Director of Global Outreach in the Center of Cybersecurity at RIT, and a Co-Director of the Networking and Information Processing (NetIP) Laboratory. His research group has developed several pioneering machine learning, attack modeling, and simulation systems to provide predictive analysis of cyberattacks, enabling anticipatory or proactive cyber defense. His earlier works included FuSIA, VTAC, ViSAw, F-VLMM, and attack obfuscation modeling. More recently, his team is developing a holistic body of work that encompasses ASSERT to provide timely separation and prediction of critical attack behaviors, CASCASE to simulate synthetic cyberattack scenarios that integrates data-driven and theoretically grounded understanding of adversary behaviors, and CAPTURE to forecast cyberattacks before they happen using unconventional signals in the public domain. Dr. Yang has published more than sixty papers and worked on eighteen sponsored research projects. He has served on organizing committees for several conferences and as a guest editor and a reviewer for a number of journals and textbooks. He was invited as a keynote or panel speaker for several venues. He was a recipient of Norman A. Miles Outstanding Teaching Awards, and a key contributor to the development of two Ph.D. programs at RIT and several global partnership programs.

More information about Jay can be found at: https://www.camlis.org/shanchieh-jay-yang

Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Thursday, January 31, 2019

Congratulations to Dana and Internet2


Congratulations to Dana Brunson, who recently joined the Trusted CI team, on her new role as Executive Director for Research Engagement at Internet2!

We’re happy that Dana intends to stay part of the Trusted CI team and continue to lead our soon-to-be announced Trusted CI Open Science Cybersecurity Fellows Program. We thank Internet2 for giving her the flexibility to continue working on this as we work with NSF to formally approve this.

Please continue to watch the Trusted CI blog and the Trusted CI announce email list for news of the Fellows Program.

Monday, January 14, 2019

CCoE Webinar January 28th at 11am ET: Securing Scientific Cyberinfrastructure: The ResearchSOC

Von Welch and colleagues are presenting the talk "Securing Scientific Cyberinfrastructure: The Research Security Operations Center (ResearchSOC)" on Monday January 28th at 11am (Eastern). The ResearchSOC is a new project that was announced last fall.

Please register here. Be sure to check spam/junk folder for registration confirmation email.
The research and education (R&E) community faces particular challenges regarding cybersecurity: diversity of size and autonomy, the use of diverse infrastructure (scientific instruments, sensor networks, sequencers, etc.), the highly collaborative and dynamic nature of scientific communities, and the specialized expertise needed to support cybersecurity in the research context. This webinar provides an overview of the ResearchSOC, which provides the R&E community with cybersecurity services, training, and information sharing needed to make scientific cyberinfrastructure resilient to cyberattacks and capable of supporting trustworthy, productive research.  
The ResearchSOC leverages existing cybersecurity services from Indiana University, Duke University, and the Pittsburgh Supercomputing Center. It combines these operational services with the establishment of a community of practice for sharing best practices, lessons learned, and operational intelligence. The ResearchSOC couples these services with outreach and training, targeted at research projects and the higher education information security community, to educate them on information security for research.  
This webinar is ideal for technology managers supporting scientific research projects.
Speakers:
  • Von Welch: Director, Indiana University Center for Applied Cybersecurity Research and Director, Research Security Operations Center.
  • Richard Biever: Chief Information Security Officer, Duke University.
  • Michael Corn: Chief Information Security Officer at the University of California, San Diego.
  • Inna Kouper: Assistant Director, Data to Insight Center at Indiana University.
  • James Marsteller: Chief Information Security Officer of the Pittsburgh Supercomputing Center. Susan Sons: Chief Security Analyst at Indiana University Center for Applied Cybersecurity Research.
Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Tuesday, January 8, 2019

Trusted CI Completes Engagement with the Environmental Data Initiative

The Environmental Data Initiative (EDI) (NSF DBI-1565103, NSF DEB-1629233) is an NSF-funded project accelerating curation and archival of environmental data with emphasis on data from projects funded by the NSF Division of Environmental Biology. Trusted CI's engagement with EDI began August 2018 and concluded December 2018. The engagement report is available at https://hdl.handle.net/2142/101921.

The engagement focused on Identity and Access Management (IAM) issues associated with the data repository API software PASTA+ (Provenance Aware Synthesis Tracking Architecture - Plus). Authenticated access to the data repository is currently performed by binding username and password to an LDAP server. While the current LDAP authentication implementation is functional, authorization is tightly coupled to the user identifier rather than LDAP groups. EDI staff are interested in moving away from the current LDAP authn/authnz implementation toward a more modern solution, with an emphasis on maintaining the current access control rule schema.

With this goal in mind, Trusted CI staff spent considerable effort in examining the current authn/authz implementation and how it could be updated to use current standards such as OAuth 2.0 / OpenID Connect (OIDC). Trusted CI staff concluded the engagement by presenting four available OAuth2/OIDC providers, as well as two potential group management solutions which could be used for authorization. Step-by-step tutorials were written detailing how to configure each solution as well as sample implementation code in several programming languages.

The need for modern, standards-compliant authentication and authorization systems is common across cyberinfrastructure projects, so the tutorials developed during this engagement have been made available at https://trustedci.org/iam for broader community use.

Thursday, January 3, 2019

Cyberinfrastructure Vulnerabilities 2018 Q4 Report

The Cyberinfrastructure Vulnerabilities team provides concise announcements on critical vulnerabilities that affect science cyberinfrastructure (CI) of research and education centers, including those threats which may impact scientific instruments. This service is available to all CI community members by subscribing to Trusted CI’s mailing lists (see below).

We monitor a number of sources for software vulnerabilities of interest. For those issues which warrant alerts to the Trusted CI mailing lists, we also provide guidance on how operators and developers can reduce risks and mitigate threats. We coordinate with XSEDE and the NSF supercomputing centers on drafting and distributing alerts to minimize duplication of effort and benefit from community expertise.Some of the sources we monitor for possible threats to CI include:
In 4Q2018 the Cyberinfrastructure Vulnerabilities team issued the following 4 vulnerability alerts to 108 subscribers:
If you wish to subscribe to the Cyberinfrastructure Vulnerability Alerts mailing list you may do so through https://list.iu.edu/sympa/subscribe/cv-announce-l. This mailing list is public and the archives are available at https://list.iu.edu/sympa/arc/cv-announce-l.

If you believe you have information on a cyberinfrastructure vulnerability, let us know by sending us an email at alerts@trustedci.org.