Friday, December 21, 2018

Report on the 2018 NSF Cybersecurity Summit

The 2018 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure, a platform where communities with interest in supporting NSF science projects collaborate to address core cybersecurity challenges, took place August 21st - August 23rd in Alexandria, VA. One hundred seventeen community individuals, representing fifty-five NSF-funded projects, attended the summit. A summary of the event, as well as a detailed account and the culmination of the community members’ collaborative ideas, were captured in Report of the 2018 NSF Cybersecurity Summit for Cyberinfrastructure and Large Facilities, now available at http://hdl.handle.net/2022/22588.

The summit serves as a valuable means for securing NSF scientific cyberinfrastructure (CI) and increasing trust in the science it supports by providing a forum for education, sharing of experiences, and community building. It presents an excellent opportunity to highlight cybersecurity challenges to NSF program officers, leadership, and stakeholders, along with providing basic cybersecurity awareness and education. The summit also presents an opportunity for Trusted CI to gain insight into the needs, concerns, and challenges facing the community.

In the course of the plenary, attendees at the summit, over half having not attended the summit in 2017, discussed and debated cybersecurity best practices. Within that process, future challenges for the NSF community were identified, including:

  • NSF Large Facilities and cyberinfrastructure members could benefit from stronger trust communities in order to share sensitive security information. This requires re-evaluating how current trust relationships are established, as well as how information is shared between community members.
  • The human factor in security events is still continually overlooked. The community needs to better understand the interaction between humans and security, and to explore the possibility of users taking a larger role in security solutions.
  • Cybersecurity needs positive or proactive metrics, as opposed to presenting negative events and the risks associated with the lack of cybersecurity. Historically, the efficacy of security mechanisms has been presented in terms of attacks thwarted, e.g., the firewall has blocked n malicious packets, rather than in terms of positive productivity, e.g., n users accessed the database without complications. 

Along with the plenary, which consisted of two days of presentations, panels, and keynotes that focused on the security of cyberinfrastructure projects and Large Facilities, a full day of training was held on the first day. The summit’s training day featured focused workshops, including a full day workshop by the WISE (Wise Information Security for collaborating E-infrastructures) Community (https://wise-community.org/).

Based on the received summit evaluations and feedback, the attendees expressed overwhelmingly positive and constructive feedback. Stay tuned for more information regarding future summits.