Wednesday, January 31, 2018

DEADLINE EXTENDED: Undergraduate Research Opportunity at IU

UPDATE:  We've extended the application deadline to February 18, 2018.  Please direct any questions to .

The NSF Cybersecurity Center of Excellence (CTSC) is seeking an undergraduate research assistant at Indiana University Bloomington to aid in the development of a software engineering security guide for NSF-funded science and research projects. The student will work under the supervision of Chief Security Analyst Susan Sons to through data on unusually high-impact vulnerabilities across many types of software, as well as on which vulnerabilities most commonly have impact, to and in drawing and explaining conclusions about which types of software weaknesses or development problems should be focused on in developer education and in the first security evaluations on software in an unknown security state.

The student’s work would be comprised of about 60% mining existing databases on software weaknesses and vulnerability reports, about 20% writing up results on that process, with a focus on the top vulnerabilities, and about 20% fleshing out the teaching materials by integrating feedback from outside reviewers and information gained from testing various software tools’ abilities to identify these selected top vulnerabilities.

The student will be appropriately credited, based on work completed, in the final publication.

Schedule and Compensation:

Work will commence in mid February (schedule flexible) with conclusion in May 2018. The student will be expected to work 20 hours per week on a flexible schedule for a $300/week stipend for up to 22 weeks. Primary place of work is the IU Innovation Center at 2719 E Tenth Street, with remote work possible.

Required skills:
  • Experience using an appropriate programming language (e.g. Python or Perl) to search text and database records for information.
  • Ability to take on moderately-sized technical writing tasks.
  • Excellent task management skills: ability to take on tasks or projects, keep track of relevant information, ask for help when needed, and provide consistent feedback on project status with attention to quality and deadlines.
  • Interest in cybersecurity (experience a plus but not required).

Application Process:

Applications will be reviewed by a committee from CTSC, with a decision to be made by February 9th. Candidates should email the following information to Susan Sons,, by 5pm Eastern on February 18th, 2018:
  1. University Transcripts
  2. Letter of Recommendation from a faculty member
  3. A 250-300 word essay answering “How will this experience benefit me?”
  4. A 250-300 word essay answering “What are my expectations for this experience?”
Applications will be reviewed by a panel of CTSC Analysts.

Tuesday, January 30, 2018

SGCI Webinar Feb. 14th at 1pm ET: Cybersecurity for the Modern Science Gateway.

CTSC's Von Welch and Mark Krenz are presenting the talk "Cybersecurity for the Modern Science Gateway" on February 14th at 1pm (Eastern) for the Science Gateway Community Institute's (SGCI) February Webinar.

Please register here.

  Science Gateways may be varied in their individual design and purpose, but can all benefit from a commonly used approach to Cybersecurity. Join security experts from the Center for Trustworthy Scientific Cyberinfrastructure (CTSC) as they present an easy to follow overview of the resources available to start or improve your gateway's cybersecurity program. From this presentation you will learn the three key cybersecurity aspects that science gateways share as well as the three goals your program should strive to achieve in cybersecurity program. An overview of techniques and tools will be shown to provide guidance to those not focused on cybersecurity, but wishing to address it's challenges.

This talk is presented by Von Welch and Mark Krenz. Von Welch is the Director and PI of the Center for Trustworthy Scientific Cyberinfrastructure and Director of the Center for Applied Cybersecurity Research at Indiana University. Mark Krenz is the Lead Security Analyst for the Center for Applied Cybersecurity Research at Indiana University.

Thursday, January 25, 2018

Cyberinfrastructure Vulnerabilities 2017 Q4 Report

The Cyberinfrastructure Vulnerabilities team provides concise announcements on critical vulnerabilities that affect science cyberinfrastructure (CI) of research and education centers, including those threats which may impact scientific instruments. This service is available to all CI community members by subscribing to CTSC's mailing lists.

We monitor a number of sources for software vulnerabilities of interest. For those issues which warrant alerts to the CTSC mailing lists, we also provide guidance on how operators and developers can reduce risks and mitigate threats. We coordinate with XSEDE and the NSF supercomputing centers on drafting and distributing alerts to minimize duplication of effort and benefit from community expertise.

Some of the sources we monitor for possible threats to CI include:

In 4Q2017 the Cyberinfrastructure Vulnerabilities team issued the following 3 vulnerability alerts to 87 subscribers:

If you wish to subscribe to the Cyberinfrastructure Vulnerability Alerts mailing list you may do so through This mailing list is public and the archives are available through

If you believe you have information on a cyberinfrastructure vulnerability, let us know by sending us an email at

Monday, January 15, 2018

CCoE Webinar Jan. 29th at 11am ET: Security Program at LSST

NCSA's Alex Withers is presenting the talk "Security Program at LSST" on January 29th at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.
The concept behind the Large Synoptic Survey Telescope (LSST) is simple: conduct a digital image-based survey over an enormous area of the sky and build an extensive astronomical catalogue over the course of ten years. LSST’s astronomical data is the ultimate deliverable to its users. This unique scientific computing environment presents many cyber security challenges. LSST has in place a cyber security program to facilitate its scientific mission: to protect its data access requirements and rights. We will discuss the beginnings of LSST’s cyber security program, adoption and experience with its risk management framework, existing and planned security operations at LSST sites, including the observatory site in Chile and the National Center for Supercomputing Operations (NCSA).

This talk is presented by Alex Withers. Alex is a Senior Cybersecurity Engineer at the National Center for Supercomputing Applications (NCSA). He is the Information Security Officer for the Large Synoptic Survey Telescope (LSST). He is also a PI and co-PI for a number of NSF-funded cybersecurity projects.
Presentations are recorded and include time for questions with the audience.

Join CTSC's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Thursday, January 4, 2018

CTSC Collaboration with NSF Campus Cyberinfrastructure and CyberTraining Projects

CTSC's Warren Raquel and Mark Krenz at the Great Plains Network & Greater Western Library Alliance training in June 2017
NSF's 2018 solicitation for Campus Cyberinfrastructure (CC*) projects states that the "Campus CI plan should address the campus-wide approach to cybersecurity in the scientific research and education infrastructure," and NSF's 2018 solicitation for CyberTraining projects highlights the need for "training and certification of CI Professionals in cybersecurity technology and management for advanced CI-enabled research."

CTSC resources and staff are available to assist Campus Cyberinfrastructure and CyberTraining projects with cybersecurity plans and training, via one-on-one engagements and other CTSC activities. For example, CTSC recently engaged with the University of New Hampshire Research Computing Center (funded in part by the NSF CC*DNI program).

Our cybersecurity program guide provides recommendations and templates for establishing and maintaining cybersecurity programs. Our online training materials and webinars cover many cybersecurity topics tailored to the NSF CI community. CTSC staff are available to participate in training events as our schedule and travel budget allows. We can also assist with disseminating announcements about training events and training materials to the community. Our annual cybersecurity summit provides a venue for training sessions for cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI community.

If you are preparing a Campus Cyberinfrastructure or CyberTraining proposal to address cybersecurity needs, please see our guidance on including CTSC in a proposal and don't hesitate to contact us to discuss how CTSC can help.