Tuesday, December 20, 2016

US Antarctic Program/CTSC Report Identifies InfoSec Opportunities

CTSC and the National Science Foundation’s Office of Polar Programs have wrapped up an engagement focused on the United States Antarctic Program (USAP) processes and policies relevant to polar science information security. CTSC produced a report focused on the present state of infosec integration and opportunities for improvements, entitled “Integrating Information Security into USAP’s Science Project Lifecycle”. During the course of the engagement, CTSC reviewed over 110 artifacts and interviewed four representatives of polar science projects and facilities. Additionally, CTSC and USAP held 12 calls with NSF and Leidos staff.

This engagement presented a unique opportunity for CTSC to engage directly with the people and program that facilitates all US science in Antarctica. The CTSC team approached this engagement from the viewpoint of PIs, researchers, and grantee personnel, mapping their experience integrating with USAP’s processes and infrastructure. The report included a factual summary of information security information provided in various phases from proposal to deployment to the ice; opportunities for improvement; and potential areas for future collaborations. The opportunities ranged from event timing, clarification and usability, and improved information security for the science projects. CTSC provided appendices listing the artifacts reviewed, a detailed event timeline from the grantee point of view, and detailed comments on selected artifacts.

Antarctica is an incredibly important and challenging environment for science and the use of technology. Its remoteness and harsh environment stretches the boundaries of where the Internet and other utilities we take for granted can reach and function. The logistics of moving people and technology from hundreds of different institutions on and off the ice is challenging, indeed. CTSC engagement team was honored to have the opportunity to learn about the polar science process and talk to some of the people who make it happen. We hope the report is a valuable input.

In its immediate post-engagement evaluation, USAP selected the following areas where the engagement helped improve cybersecurity: “Communication of risks to decision-makers and stakeholders”; “Increased cybersecurity knowledge among staff and personnel.”

NSF manages the USAP to enable NSF-funded polar research carried out by grantees at colleges and universities nationwide. Within NSF Office of Polar Programs, the Antarctic Infrastructure and Logistics Section (AIL) manages the support systems for the field science, primarily through the Antarctic Support Contractor, Leidos. These functions include station operations, logistics, information technology, construction, and maintenance. USAP has a goal of maximizing grantees’ effective integration of information security planning and implementation into that lifecycle.

For more information regarding the engagement deliverables, please contact Tim Howard, USAP Information Security Manager, tghoward@nsf.gov.