Tuesday, August 9, 2016

Situational Awareness

As part of its service to the NSF cybersecurity community, CTSC provides situational awareness of current cybersecurity threats to the cyberinfrastructure (CI) of research and education centers, including those threats which may impact scientific instruments. This service is available to all CI community members by subscribing to CTSC’s mailing lists.

CTSC staff members monitor several sources for possible threats to CI, including:

CTSC staff filter these sources for software vulnerabilities which we believe may be of interest to CI operators and software developers. For those issues which warrant notification to the CTSC mailing lists, we also attempt to provide guidance on how operators and developers can reduce risks and mitigate threats.

CTSC cannot provide a one-size-fits-all severity rating and response recommendation for all NSF CI. Please contact us at http://trustedci.org/help for assistance with assessing the potential impact of a vulnerability in your environment or to provide feedback on our service (for example, on the sources we monitor or on the software of interest to your CI).

Monday, August 8, 2016

CCoE Webinar August 22nd 11am EDT: The Science DMZ as a Security Architecture

Energy Science Network's (ESnet) Michael Sinatra will be presenting the webinar, "The Science DMZ as a Security Architecture," on August 22nd at 11am (EDT). This webinar is an encore presentation of a talk that Sinatra will be presenting at the NSF Cybersecurity Summit earlier in the month. If you are unable to attend the summit, here is your opportunity to see one of the talks.

Please register here.

The Science DMZ architecture proposes a novel method of design for network segments optimized for large­ scale data transfer (LSDT) functionality. LSDT has special requirements, both in the security and functional arenas. Attempts to incorporate LSDT functionality into a more traditional perimeter security model can cause problems both with LSDT functionality, as well as weaken overall campus security. The Science DMZ attempts to solve this problem by segmenting the LSDT function away from the traditional campus security perimeter. However, insufficient attention has been paid thus far as to how the Science DMZ fits into a larger strategy of risk­-based segmentation and functional maximization of campus networks.
This presentation examines typical risk­ and control­-based security approaches and proposes a framework in which the Science DMZ, combined with a larger segmentation approach, actually improves the security of valuable campus information assets, while still maximizing LSDT function and security. It concludes with some examples as to how the security of the research enterprise can be vastly improved with a Science DMZ deployment that is carefully aligned with a segmentation strategy.

More information about this presentation and speaker bio are on the event page.

Presentations will be recorded and include time for questions with the audience.

Join CTSC's discuss mailing list for information about upcoming events. To submit topics or requests to present, contact us here. Archived presentations are available on our site under "Past Events."

Monday, August 1, 2016

CTSC Collaboration with Science Gateways Community Institute

On Friday, NSF announced $35 million in funding for two new Software Institutes to improve scientific software. We are excited that CTSC already has a collaboration established with one of the two institutes, the Science Gateway Community Institute (SGCI).

SGCI and CTSC are jointly funding one half of an analyst who will work as part of CTSC on security issues for the science gateway community and play a key consulting role in SGCI’s Incubator program by advising gateway developers on cybersecurity issues and providing security reviews for existing gateways.

Science gateways are used by a large portion of the science community and CTSC’s ability to impact cybersecurity for this key cyberinfrastructure component will allow us to increase the trustworthiness of a broad segment of science. We applaud SGCI’s leadership in cybersecurity by engaging with us when they wrote their proposal.

Congratulations to both of the new software institutes! We look forward to our collaboration with SGCI and also stand ready to help the Molecular Science Software Institute as we would any other NSF project through our application process.

You can read more about CTSC’s involvement in SGCI in the IU press release for the SGCI.