CTSC's Year One Project Report has been submitted to NSF and is available at http://trustedci.org/reports/. The Executive Summary follows.
The Center for Trustworthy Scientific Cyberinfrastructure (CTSC) is transforming and improving the practice of cybersecurity and hence the trustworthiness of NSF scientific cyberinfrastructure (CI). CTSC is providing readily available cybersecurity expertise and services, as well as leadership in advancing the state of practice and coordination across a broad range of NSF scientific CI projects via a series of engagements with NSF CI projects and a broader ongoing education, outreach and training effort.
The vision of CTSC is an NSF CI community in which 1) each project knows where it fits in a coherent cybersecurity ecosystem and can assess its own needs; 2) each project has access to the tools and needed help to enact a basic cybersecurity program and tackle the project’s advanced challenges; 3) sharing of experiences and collaboration between projects is the norm; and 4) cybersecurity is greatly benefited by leveraging services, universities, I2, and broader community best practices.
Towards this vision, CTSC is organized by three thrusts: 1) Engagements with specific communities to address their individual challenges; 2) Education, Outreach and Training, providing the NSF scientific CI community with training, student education, best practice guides, and lessons learned documents; and 3) Cybersecurity Leadership, building towards a coherent, interoperable cybersecurity community and ecosystem.This report covers CTSC’s successful first year, in which it initiated seven engagements, completing three (LTER Network Office, LIGO, Pegasus), is in the process of finalizing three more (DataONE, IceCube, CyberGIS) and initiating a seventh (Globus Online).
Accomplishments include 1) developing a process for developing NSF CI Cybersecurity programs that incorporates well-known best practices and tackles NSF CI challenges of residing in a complicated, multi-institution ecosystem with unique science instruments and data; 2) re-starting and organizing the NSF Cybersecurity Summit along with an online Trusted CI Forum to foster an ongoing NSF community focused on NSF CI cybersecurity; and 3) delivering seven training sessions by leveraging prior training materials from the University of Wisconsin team and creating two new tutorials.
Educational activities include 1) creating a new education module on cybersecurity for CI that is being utilized in a class at the University of Illinois this Fall; 2) mentoring of a student in Indiana University’s Summer of Networking program; 3) and the ongoing membership of two graduate students in the CTSC team as research assistants. Our broader impacts include the publication of engagement products and three other papers to define community best practices.
Year two plans are described that continue the emphasis on these three thrusts and building the community working on cybersecurity with the Trusted CI Forum and a vision for continued CI and Large Facility Cybersecurity Summits.