US Antarctic Program/CTSC Report Identifies InfoSec Opportunities

CTSC and the National Science Foundation’s Office of Polar Programs have wrapped up an engagement focused on the United States Antarctic Program (USAP) processes and policies relevant to polar science information security. CTSC produced a report focused on the present state of infosec integration and opportunities for improvements, entitled “Integrating Information Security into USAP’s Science Project Lifecycle”. During the course of the engagement, CTSC reviewed over 110 artifacts and interviewed four representatives of polar science projects and facilities. Additionally, CTSC and USAP held 12 calls with NSF and Leidos staff.

This engagement presented a unique opportunity for CTSC to engage directly with the people and program that facilitates all US science in Antarctica. The CTSC team approached this engagement from the viewpoint of PIs, researchers, and grantee personnel, mapping their experience integrating with USAP’s processes and infrastructure. The report included a factual summary of information security information provided in various phases from proposal to deployment to the ice; opportunities for improvement; and potential areas for future collaborations. The opportunities ranged from event timing, clarification and usability, and improved information security for the science projects. CTSC provided appendices listing the artifacts reviewed, a detailed event timeline from the grantee point of view, and detailed comments on selected artifacts.

Antarctica is an incredibly important and challenging environment for science and the use of technology. Its remoteness and harsh environment stretches the boundaries of where the Internet and other utilities we take for granted can reach and function. The logistics of moving people and technology from hundreds of different institutions on and off the ice is challenging, indeed. CTSC engagement team was honored to have the opportunity to learn about the polar science process and talk to some of the people who make it happen. We hope the report is a valuable input.

In its immediate post-engagement evaluation, USAP selected the following areas where the engagement helped improve cybersecurity: “Communication of risks to decision-makers and stakeholders”; “Increased cybersecurity knowledge among staff and personnel.”

NSF manages the USAP to enable NSF-funded polar research carried out by grantees at colleges and universities nationwide. Within NSF Office of Polar Programs, the Antarctic Infrastructure and Logistics Section (AIL) manages the support systems for the field science, primarily through the Antarctic Support Contractor, Leidos. These functions include station operations, logistics, information technology, construction, and maintenance. USAP has a goal of maximizing grantees’ effective integration of information security planning and implementation into that lifecycle.

For more information regarding the engagement deliverables, please contact Tim Howard, USAP Information Security Manager, tghoward@nsf.gov.

CCoE Webinars: Wrapping up 2016 and preparing for 2017

This year we launched our new webinar series with the goal of delivering high-quality, actionable guidance regarding cybersecurity to the NSF community. We have built an impressive catalog so far and are excited to continue the program in 2017. Suggestions for future speakers and topics are welcome, you can contact us here.

If you missed any of our webinars, here's a list of our presentations from the past year:

• December: NSF CICI Regional Cybersecurity Collaboration Projects (Watch video Download slides)
• October: Science or Security by George Strawn (Watch video Download slides)
• September: Tragedy of the Commons by David Nalley (Watch video Download slides)
• August: The Science DMZ as a Security Architecture by Michael Sinatra, ESnet (Watch video Download slides)
• July: XSEDE Information Sharing with James Marsteller (Watch video Download slides)
• June: Risk Self-Evaluation with CTSC's Terry Fleury (Watch video Download slides)
• May: CCoE Webinar Series Kickoff (Watch video Download slides)

A few topics we have planned for early 2017 are:

• January 23rd: Open Science Cyber Risk Profile (OSCRP)
• February 27th: Cybersecurity Program for Small Projects
• March 27th: SDN and IAM Integration at Duke University

Join CTSC's discuss mailing list for information about upcoming events. Happy New Year.

CASC Brochure Features Cybersecurity, NSF Summit

The Coalition for Academic Scientific Computation (CASC) 2017 Brochure features a section on cybersecurity (p.8-9) with remarks from CTSC Director Von Welch and photos from the NSF Cybersecurity Summit.