Monday, December 18, 2017

DKIST Data Center Wraps Up Engagement with CTSC

CTSC is pleased to announce our successful completion of a six month engagement with the DKIST Data Center.  The DKIST Data Center (NSF AST-0946422), located in Boulder on University of Colorado’s east campus, serves as the operations data management and processing center for the Daniel K. Inouye Solar Telescope (DKIST). When construction completes in 2019, DKIST will be the largest and most precise solar telescope to date, capable of “zooming in” on the sun to an area roughly the size of a county. Data volume is expected to average around 9 TB/day, spiking up to 64 TB/day during ideal viewing conditions. These scientific measurements and images will be continuously streamed from the telescope’s site in Haleakala on Maui, Hawai’i, to the DKIST Data Center. Recognizing their importance in protecting the integrity, availability, and confidentiality of the data and services supporting the telescope’s critical science mission, the DKIST Data Center reached out to CTSC for an engagement focused on kickstarting their newly-forming cybersecurity program.

After discussion about its needs, the DKIST Data Center staff and CTSC decided to focus primarily on the development of written policies and procedures, and secondarily on recommendations for staffing and discussions about security training resources. CTSC recommended developing, implementing, and maintaining written policies based on the CTSC Guide templates available on the CTSC website at These were used as a starting point after a review of the existing policies.

As a project of the National Solar Observatory (NSO), which is managed by the Association of Universities for Research in Astronomy (AURA), the DKIST Data Center is subject to policies inherited from two parent organizations. Further, as a tenant at the University of Colorado, the Data Center must also comply with all of the university’s security policies. During the engagement, CTSC reviewed security policies from all three organizations in order to advise the Data Center on how to meet the requirements. CTSC offered guidance on how to navigate conflicting policies, as well as advice on when to adopt parent policies as-is versus when to adopt a stricter stance.

During the engagement, the CTSC team had an opportunity to visit the DKIST Data Center offices and facilities. This face-to-face opportunity facilitated communication as we finalized the development process of the security policies and reviewed all the policies written during the term of the engagement. Additionally, CTSC performed a physical review of the data center and a co-located center, provided a tutorial on the risk analysis process, and guided the DKIST staff through a tabletop cybersecurity exercise. DKIST also presented their current network map and demonstrated their current installation and security compliance tools.

Engaging with CTSC early in the creation of their security program allowed DKIST Data Center to develop excellent foundational policies rather than needing to change their operations at a later date. We would like to thank DKIST Data Center staff for their participation in this engagement.