The National Center for Supercomputing Applications (NCSA) security team has produced “Building a Cybersecurity Program”—a 19-part online video tutorial series—as part of the Center for Trustworthy Scientific Cyberinfrastructure’s (CTSC) continuing
effort to improve the cybersecurity of NSF-funded computational science
and engineering projects. CTSC is a collaborative effort bringing
together expertise in cybersecurity from multiple internationally
recognized institutions, including NCSA, Indiana University, the
University of Wisconsin-Madison, the University of Wisconsin-Milwaukee,
and the Pittsburgh Supercomputing Center (PSC).
Science and engineering increasingly rely on
computing, digital data and interoperability for the success of their
education, collaboration and research efforts. Collaboration across
countries and between disciplines is characterized by its open nature,
use of unique instruments, large and complex data sets, and rich
ecosystems. Appropriate cybersecurity measures for scientific
cyberinfrastructure (CI) can therefore look very different from those of
commercial CI. Just evaluating and choosing technologies for identity
management, authentication, authorization, and auditing are major
challenges.
CTSC feels that cybersecurity should not
dictate how science is done; rather, it should support and enable the
workflows and technology choices made by science teams.
“CTSC grew from the understanding that these
teams want to focus on their research endeavors and collaborate across
campus and the across the country without having to worry about what
might hinder them doing so freely and openly,” says Randy Butler, Deputy
Director for CTSC, leader of CTSC Education, Outreach and Training,
NCSA Director of the Cybersecurity Directorate and Chief Security
Officer. To address that need, NCSA’s security team put together this
series of video tutorials, giving an overview of what cybersecurity
looks like for a scientific CI project and how to build it in. “We have
outlined a specific process, carefully tailored to the science
community’s needs. The new videos make that process easy to understand
and enact,” continues Butler.
“Many research projects don’t have the
dedicated information security expertise, time or resources to develop a
comprehensive information security program,” adds James Marsteller, PSC
Information Security Officer and member of the CTSC team. Marsteller
was one of the authors who developed the class materials that served as
the starting point for the video production process. “Researchers and
the general public can be assured these training resources were
developed by information security professionals who understand the needs
of the scientific CI community’s unique needs.”
Patrick Duda, Research Programmer for NCSA
Cybersecurity and producer of these CTSC video tutorials, says the team
is now looking to expand this original “how to get started” idea into a
full blown, one-stop resource for all things cybersecurity series, “It’s
looking at the community that we are working with and saying ‘what is
it that a lot of people are struggling with right now and focusing on
those particular topics over time.”
Duda imagines that, from here, the team will
begin to focus on writing and producing tutorials delving deeper into
passwords and password management as well as identity management. They
hope to have five new videos posted this summer.
Keep up on project happenings by following the CTSC blog and continue to be on the look out for new videos posted to the project’s online video tutorial space
