Trusted CI welcomes Engagement and Performance Operations Center as new partner

Trusted CI is happy to welcome the Engagement and Performance Operations Center (EPOC) as a new Trusted CI partner. EPOC was recently established “as a collaborative focal point for operational expertise and analysis and is jointly lead by Indiana University (IU) and the Energy Sciences Network (ESnet). EPOC will enable researchers to routinely, reliably, and robustly transfer data through a holistic approach to understanding the full pipeline of data movement to better support collaborative science.”

Cybersecurity and networking performance often intersect in ways that will benefit from this collaboration. This partnership will allow us to bring expertise together when called for by the community.

EPOC joins a growing list of Trusted CI partners, leading projects and organizations, we collaborate with to serve the open science community:

• The Science Gateways Community Institute (SGCI) by advising gateway developers on cybersecurity issues and providing security reviews for existing gateways
• ESnet on developing a threat profile for open science
• EU Authentication and Authorisation for Research and Collaboration project on enabling use of identity federations for international research collaborations
• Open Science Grid, XSEDE, and REN-ISAC on situational awareness for NSF CI projects
• NSF CICI Regional Cybersecurity Collaboration projects: CORE, SAC-PA, SCEPTRE, and SouthEast SECURE

2018 NSF Cybersecurity Summit Agenda is now available

We're happy to announce that we have a tentative agenda for the 2018 NSF Cybersecurity Summit is available from the Summit webpage at https://trustedci.org/2018-nsf-cybersecurity-summit/  In the coming weeks we will be announcing a registration form for training sessions and make more detailed descriptions of plenary talks and training sessions available.

If you have not already registered for the summit, please do so here. You can book your hotel reservation for the conference here or go to the trustedci.org website and click on the link for the 2018 NSF Cybersecurity Summit and click on the link for The Westin Alexandria.  The deadline for the discounted hotel room block is Thursday, July 18th.

Trusted CI 5-year Vision and Strategy

The Trusted CI team is pleased to announce the publication of “The Trusted CI Vision for an NSF Cybersecurity Ecosystem”.  From the introduction:

This document establishes Trusted CI’s vision for a NSF Cybersecurity Ecosystem – a collection of people, knowledge, processes, and cyberinfrastructure – that is necessary to support cybersecurity across the diverse NSF community. Trusted CI is primarily responsible for bringing the vision of a NSF Cybersecurity Ecosystem to fruition. Hence, following Trusted CI’s vision is its mission statement and five-year strategic plan to fulfill that role.

This living document will guide our activities going forward and we welcome community feedback as to its content. As implied in the above paragraph, the vision is broader than any one project can accomplish and we will collaborate with others in the community to achieve this vision.

A full citation for the Vision document follows.  We’ll update the document with subsequent versions as required to keep abreast of progress, suggestions, and changes.

V. Welch, J. Basney, C. Jackson, J. Marsteller, and B. Miller, “The Trusted CI Vision for an NSF Cybersecurity Ecosystem And Five-year Strategic Plan (2019-2023),” Trusted CI, Apr. 2018 [Online]. Available: http://hdl.handle.net/2022/22178.

Trusted CI at PEARC`18

PEARC 18 (July 22-26) in Pittsburgh, PA, is just around the corner, and Trusted CI will be have a strong presence there. The conference is an all-inclusive event for scientists, engineers, scholars, artists, and educators who depend on efficient, secure, and reliable digital infrastructure. This year's theme is seamless creativity. 

Trusted CI staff will present workshops on both practical information security for science projects and guidance on building security into the development, packaging, distribution, and management of software in support of science and research. The first, entitled “Practical Cybersecurity Programs for Science Projects and Facilities,” delves into the foundational elements of a cybersecurity program necessary to provide a secure and safe environment for science, focusing on the four pillars of such a program: Alignment to Mission - identification of critical resources and processes; Resources - money, people; Governance - roles and responsibilities, risk management and acceptance, policies; Controls - selecting a good baseline control set, and will include guidance on maintaining and evaluating an established cybersecurity program. The latter, “Software Engineering Practice for Science, Research, and Scientific CI” will introduce the Software Engineering Guide which provides guidance and tools for building security into the development, packaging, distribution, and management of software in support of science and research -- participants will leave with a strategy for improving security in any performance computing or scientific CI project that uses or produces software, and a preview of new tools coming out of the NSF CCoE for software security programs.

Along with the two workshops, Trusted CI’s Von Welch will moderate a panel following Anita Nikolich’s keynote talk, Hacking Academia, that will strive to echo a “fireside question & answers” session with Ms. Nikolich, further exploring key concepts exposed in her keynote that will discuss the necessity of feedback loops between the academic community, cybersecurity operators and underground security researchers.

Finally, Trusted CI is proud to announce that this year it will be participating in PEARC’s Partner Program, and thus, will have a table in the exhibitor’s area to network. So, if you attend the conference, stop by and say hello.

CCoE Webinar July 23rd at 11am ET: Trustworthy Computing for Scientific Workflows

Mayank Varia and Andrei Lapets are presenting the talk "RSARC: Trustworthy Computing over Protected Datasets" on Monday July 23rd at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.

There has been an unprecedented increase in the quantity of research data available in digital form. Combining these information sources within analyses that leverage cloud computing frameworks and big data analytics platforms has the potential to lead to groundbreaking innovations and scientific insights. As developers and operators of the widely used Dataverse repository and the Massachusetts Open Cloud platform, we have been working to advance this innovative revolution by colocating datasets in common platforms, curating and tagging datasets with both functional and legal access policies, offering helper services such as search and easy citation to promote sharing, and providing on-demand computational platforms to ease analytics. Unfortunately, we observe that a certain segment of our scientific user base cannot enjoy the full transformative capacity achievable within our cyberinfrastructure. Due to concerns over the privacy and confidentiality of their data sources, or the potential of commercial exploitation of their raw data sets, these researchers are isolating themselves within siloed data repositories and well-protected computational enclaves rather than sharing their datasets with fellow scientists.

This talk will describe cryptographic technological enhancements that are ready to provide scientific researchers with mechanisms to do collaborative analytics over their datasets while keeping those datasets protected and confidential. Secure multi-party computation (MPC) is a cryptographic technology that allows independent organizations to compute an analytic jointly over their data in such a manner that nobody learns anything other than the desired output. Hence, MPC empowers organizations to make their data available for collective data aggregation and analysis while still adhering to pre-existing confidentiality constraints, legal restrictions, or corporate policies governing data sharing. Our new Conclave framework can connect to many existing backend stacks where the data already live, can automatically analyze a query to identify when a computation must cross data silos, and can leverage MPC in a scalable and usable manner when it is necessary to enable the computation.

In summary, while data sharing cyberinfrastructures today are intended to allow everyone to benefit from the initial cost of having one researcher collect data, privacy concerns (and the resulting breakdown of data sharing) transform this burden into a marginal cost that every researcher who wants access to the data must pay. We will describe how a holistic integration of secure MPC into a scientific computing infrastructure addresses a growing need in research computing: enabling scientific workflows involving collaborative experiments or replication/extension of existing results when the underlying data are encumbered by privacy constraints.

Mayank Varia is a research associate professor of computer science at Boston University and the co-director of the Center on Reliable Information Systems & Cyber Security (RISCS). His research interests span theoretical and applied cryptography and their application to problems throughout and beyond computer science. He currently directs an NSF Frontier project that addresses grand challenges in cloud security, aiming to design an architecture where the security of the system as a whole can be derived in a modular, composable fashion from the security of its components (bu.edu/macs). He received a Ph.D. in mathematics from MIT for his work on program obfuscation.

Andrei Lapets is Associate Professor of the Practice in Computer Science, Director of Research Development at the Hariri Institute for Computing, and Director of the Software & Application Innovation Lab at Boston University. His research interests include cybersecurity, formal methods and domain-specific programming language design, and data science. He holds a Ph.D. from Boston University, and A.B. and S.M. degrees from Harvard University.

Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Cyberinfrastructure Vulnerabilities 2018 Q2 Report

The Cyberinfrastructure Vulnerabilities team provides concise announcements on critical vulnerabilities that affect science cyberinfrastructure (CI) of research and education centers, including those threats which may impact scientific instruments. This service is available to all CI community members by subscribing to Trusted CI’s mailing lists.

We monitor a number of sources for software vulnerabilities of interest. For those issues which warrant alerts to the Trusted CI mailing lists, we also provide guidance on how operators and developers can reduce risks and mitigate threats. We coordinate with XSEDE and the NSF supercomputing centers on drafting and distributing alerts to minimize duplication of effort and benefit from community expertise.Some of the sources we monitor for possible threats to CI include:

• OpenSSL, OpenSSH, and Globus project and security announcements
• US-CERT advisories
• XSEDE announcements
• RHEL/EPEL advisories
• REN-ISAC Alerts and Advisories
• Social media, such as Twitter, and Reddit (/r/netsec and /r/security)
• News sources, such as The Hacker News, Threatpost, The Register, Naked Security, Slashdot, Krebs, SANS Internet Storm Center and Schneier

In 2Q2018 the Cyberinfrastructure Vulnerabilities team issued the following 4 vulnerability alerts to 91 subscribers:

• Container Runtime Vulnerability
• Multiple Vulnerabilities in PHP (MS-ISAC 2018-046)
• Drupal Remote Code Execution Vulnerability (CVE-2018-7602)
• SimpleSAMLphp Vulnerabilities (CVE-2018-7711/CVE-2018-7644/CVE-2018-6519)

If you wish to subscribe to the Cyberinfrastructure Vulnerability Alerts mailing list you may do so through https://list.iu.edu/sympa/subscribe/cv-announce-l. This mailing list is public and the archives are available through https://list.iu.edu/sympa/arc/cv-announce-l.

If you believe you have information on a cyberinfrastructure vulnerability, let us know by sending us an email at alerts@trustedci.org.

NSF Cybersecurity Summit lodging deadline approaching

We would like to remind everyone that the deadline for reserving a room for the 2018 NSF Cybersecurity Summit at the discounted conference rate is July 12th. The number of available rooms in our block is limited so please reserve your room as soon as possible. You can book your hotel reservation for the conference here or go to the trustedci.org website and click on the link for the 2018 NSF Cybersecurity Summit and click on the link for The Westin Alexandria.


Also, if you have not already registered for the summit, please do so here.