Friday, February 19, 2016

Gemini Observatory-CTSC Engagement a High Point for Both Organizations.

Gemini Observatory and CTSC have wrapped up an intensive engagement that both trudged through the trenches of policy development and literally took CTSC personnel to new heights.  In the late Fall and early Winter of 2015/2016, CTSC and Gemini executed an engagement plan focused on core policy processes and documentation, as well as a close unified look at ICS/SCADA, technical, and physical controls at Gemini North.
The engagement’s policy work focused on initiating a draft Policy Development Protocol, and updating Gemini’s core policy documentation (e.g., beginning a Master Information Security Policy and revising Gemini’s AUP).  CTSC gave feedback on existing documentation, advice on the policy development lifecycle, and guidance on how best to utilize CTSC’s policy templates.  Gemini developed a priority list and timeline for the development/revision and implementation of these and additional policies.
CTSC staff performed a site visit to the Gemini North facility to inform detailed recommendations for improving the physical security and technical security of instrument and industrial control / SCADA systems critical for Gemini’s scientific mission. The visit included inspection tours of the base facility in Hilo, the mid-point facility at Hale Pohaku, and the actual telescope atop Maunakea at 14,000 feet. CTSC interviewed eight Gemini staff members concerning IT support, physical security, ICS/SCADA systems, MS Windows security, web application development, and operational application support. CTSC conducted a physical penetration test of the Base facility, which was thwarted an attentive Gemini staffer. The depth and breadth of this fact-finding mission enabled CTSC to produce a report providing detailed recommendations for enhancements to both physical security and cybersecurity from an on-the-ground point of view.
Gemini’s openness and commitment to this engagement made this a huge learning experience for CTSC.  We were able to closely observe how a facility can effectively incorporate security initiatives into long term project management processes. The site visit enabled fact gathering at a level of detail that allowed CTSC to produce one of its most specific, tailored reports to date.  We’ve learned a great deal from all our Large Facility engagements; this was a truly special hand’s on, collaborative experience.
The CTSC team deeply appreciates the time and effort Tim Minick and Chris Morrison dedicated to this engagement, as well as the welcoming and forthcoming attitudes of all the Gemini staffers who met with our team at Gemini North.