Friday, December 21, 2018

Report on the 2018 NSF Cybersecurity Summit

The 2018 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure, a platform where communities with interest in supporting NSF science projects collaborate to address core cybersecurity challenges, took place August 21st - August 23rd in Alexandria, VA. One hundred seventeen community individuals, representing fifty-five NSF-funded projects, attended the summit. A summary of the event, as well as a detailed account and the culmination of the community members’ collaborative ideas, were captured in Report of the 2018 NSF Cybersecurity Summit for Cyberinfrastructure and Large Facilities, now available at http://hdl.handle.net/2022/22588.

The summit serves as a valuable means for securing NSF scientific cyberinfrastructure (CI) and increasing trust in the science it supports by providing a forum for education, sharing of experiences, and community building. It presents an excellent opportunity to highlight cybersecurity challenges to NSF program officers, leadership, and stakeholders, along with providing basic cybersecurity awareness and education. The summit also presents an opportunity for Trusted CI to gain insight into the needs, concerns, and challenges facing the community.

In the course of the plenary, attendees at the summit, over half having not attended the summit in 2017, discussed and debated cybersecurity best practices. Within that process, future challenges for the NSF community were identified, including:

  • NSF Large Facilities and cyberinfrastructure members could benefit from stronger trust communities in order to share sensitive security information. This requires re-evaluating how current trust relationships are established, as well as how information is shared between community members.
  • The human factor in security events is still continually overlooked. The community needs to better understand the interaction between humans and security, and to explore the possibility of users taking a larger role in security solutions.
  • Cybersecurity needs positive or proactive metrics, as opposed to presenting negative events and the risks associated with the lack of cybersecurity. Historically, the efficacy of security mechanisms has been presented in terms of attacks thwarted, e.g., the firewall has blocked n malicious packets, rather than in terms of positive productivity, e.g., n users accessed the database without complications. 

Along with the plenary, which consisted of two days of presentations, panels, and keynotes that focused on the security of cyberinfrastructure projects and Large Facilities, a full day of training was held on the first day. The summit’s training day featured focused workshops, including a full day workshop by the WISE (Wise Information Security for collaborating E-infrastructures) Community (https://wise-community.org/).

Based on the received summit evaluations and feedback, the attendees expressed overwhelmingly positive and constructive feedback. Stay tuned for more information regarding future summits.

Thursday, December 20, 2018

What Do Research Computing and Information Security Leaders Have in Common?

In September, Trusted CI and Internet2 co-hosted the “Enabling Trustworthy Campus Cyberinfrastructure for Science” workshop at the University of Maryland. This workshop brought together 37 invited leaders in research computing and information security from 18 institutions to explore challenges that exist between research computing and information security groups.

A blog post on the outcomes of that workshop is now available on the Internet2 blog: https://www.internet2.edu/blogs/detail/16960

Thursday, December 13, 2018

Save the Date:2019 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure-Oct 15-17, 2019

Please mark your calendar for the 2019 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure, planned for October 15-17, 2019, in San Diego, CA.

Stay tuned for more information by following the Trusted CI Blog (http://blog.trustedci.org/) & Twitter feed:  https://twitter.com/trustedci/

Information on prior summits is available at http://trustedci.org/summit/.


Tuesday, December 11, 2018

CCoE Webinar Series: Looking toward 2019, review of 2018

The 2018 season of the Trusted CI Webinar series has concluded and we are looking forward to the presentations scheduled in the next year.

The following topics and speakers have been booked in 2019:
(Webinars are scheduled the 4th Monday of the month at 11am Eastern time.)
  • January 28th: The Research Security Operations Center (ResearchSOC with Von Welch and RSOC leadership team
  • March 25th: SecureCloud with Casimer DeCusatis
  • April 22nd:  Supporting Controlled Unclassified Information with a Campus Awareness and Risk Management Framework with Justin Yang and colleagues
  • May 27th: Robust and Secure Internet Infrastructure for Scientific Collaboration with Amir Herzberg
  • June 24th: The Trusted CI Framework: An Architecture for Cybersecurity Programs with Trusted CI
  • July 22nd: Campus Infrastructure for Microscale, Privacy-Conscious, Data-Driven Planning with Jason Waterman
  • August 26th: Pegasus and IRIS with Anirban Mandal
  • December 9th: The DDIDD project with John Heidemann and colleagues
We still have openings for the months of February, September, and October.  See our call for presentations for more information.

In case you missed them, here are the webinars from 2018:
  • February: SMARTDATA Blockchain with Murat Kantarcioglu (Video)(Slides
  • March: Data Quality & Security Evaluation Framework Dev. with Leon Reznik & Igor Khokhlov (Video)(Slides)
  • April: Toward Security-Managed Virtual Science Networks with Jeff Chase and Paul Ruth (Video)(Slides)
  • May: General Data Protection Regulation (GDPR) with Scott Russell (Video)(Slides)
  • June: Security Program at LSST with Alex Withers (Video)(Slides
  • July: Trustworthy Computing for Scientific Workflows with Mayank Varia and Andrei Lapets (Video)(Slides)
  • August: NIST 800-171 Compliance Program at University of Connecticut with Jason Pufahl (Video)(Slides)
  • September: SCI Trust Framework with David Kelsey (Video)(Slides)
  • October: Urgent Problems and (Mostly) Open Solutions with Jeff Spies (Video)(Slides)
  • December: December ’18: Best Practices for Academic Cloud Service Providers with Rion Dooley (Video)(Slides)
Join CTSC's announcements mailing list for information about upcoming events. Our complete catalog of webinars and other presentations are available on our YouTube channel.