Monday, September 9, 2019

CCoE Webinar September 23rd at 11am ET: Jupyter Security at LLNL with Thomas Mendoza

Thomas Mendoza is presenting the talk "Jupyter Security at Lawrence Livermore National Laboratory" on Monday September 23rd at 11am (Eastern).

Please register here. Check spam/junk folder for registration confirmation email.
Jupyter Notebooks have become tremendously popular for creating, sharing and reproducing science. While they are relatively easy to setup and use, there has (until recently) been little concern regarding the security implications of running these Notebooks. This presentation will cover the developments and practices used at Lawrence Livermore National Laboratory to secure notebooks running in multi-tenant, HPC environments.
Speaker Bio:
Thomas Mendoza is a staff Computer Scientist at LLNL working for Livermore Computing’s HPC center on web architecture and security.

Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Friday, September 6, 2019

Trusted CI Finishes Engagement with the American Museum of Natural History

The American Museum of Natural History (AMNH) conducts research and education activities spanning multiple branches of science. Through the National Science Foundation's Campus Cyberinfrastructure (CC*) program (NSF OAC-1827153), AMNH developed and installed a Science DMZ to enable high speed transfer of large data sets. Connections were deployed regionally via NYSERnet and nationally via Internet2. Additionally, AMNH's ADFS identity management system was federated with InCommon to give researchers access to Globus data transfer nodes (DTNs).

Trusted CI's engagement with AMNH initially focused on developing an information security program tailored to the new Science DMZ. This effort started by reviewing existing AMNH policies and procedures which might apply to the Science DMZ. After this initial examination, it was decided that the accelerated timeline for installation and configuration of both the Science DMZ and the ADFS federation with InCommon left little time for refinement of a few security policy documents. Instead, effort was focused on fine-tuning system configuration for the Science DMZ by consulting outside expertise from ESnet.

Trusted CI documented the activities of this engagement in a final report. AMNH intends to document the processes of installation and configuration of their Science DMZ and the federation of their ADFS identity management system with InCommon. This documentation may give other similarly sized institutions a good starting point for installation of a Science DMZ or ADFS integration with InCommon.

The Trusted CI-American Museum of Natural History engagement began January 2019 and finished June 2019.

Wednesday, September 4, 2019

Trusted CI begins engagement with SLATE



SLATE accelerates collaborative scientific computing through a secure container orchestration framework focused on the Science DMZ, enabling creation of advanced multi-institution platforms and novel science gateways.  The ATLAS collaboration at the CERN Large Hadron Collider has an R&D program utilizing SLATE to centrally operate a distributed data delivery network having service endpoints at multiple computing facilities in the U.S., CERN, the UK and Germany, and has evaluated a cache deployed using SLATE within the ESnet backbone.  Similar approaches are already in production (the Open Science Grid data federation which is implemented in part using the Pacific Research Platform and Internet2) supporting LIGO and other science domains but as yet lack a generalized trust framework.  While innovation of the  new trust model initially is occurring in the context of the OSG and the worldwide LHC computing grid (WLCG), trusted federated edge infrastructures enabling operation of advanced computing platforms will in future be necessary to sustain a wide range of data intensive science disciplines requiring shared national and international cyberinfrastructure.

The deployment and operation of software through containerized edge services raises issues of trust between many stakeholders with different perspectives. Resource providers require guarantees that services running within their infrastructure are secure and operated within site policies; platform service developers and operators require flexibility to continuously deliver and compose new cyberinfrastructure supporting their scientific collaborations; edge cluster administrators need visibility and operational awareness while delegating some of their traditional deploy and operate responsibilities to centralized platform teams, following a NoOps model; and finally, the application workloads from end-user science communities rely on the foundational capabilities implemented by platform services to realize the full potential of shared cyberinfrastructure.  This engagement will focus on developing SLATE’s cybersecurity program in a way that  balances these needs.

The Trusted CI-SLATE engagement began July 2019 and is scheduled to conclude by the end of December 2019.  For additional information on SLATE, please refer to the paper,  “Building the SLATE Platform,” published in PEARC18.  Trusted CI will document the activities of this engagement in a final report to be made available to the public.

Tuesday, September 3, 2019

Trusted CI co-PI Jim Marsteller heading to Penn State University

With both excitement and sadness, I share with the Trusted CI community that Jim Marsteller, one of Trusted CI’s founders and a long-time leader of the NSF Cybersecurity Summit Program Committee and the Large Facility Security Team, will be leaving Trusted CI as part of moving from PSC to Penn State in September.

We’re excited for Jim in his new role at Penn State and wish him all the best. We are very glad that he is staying in the higher education family that is so important to Trusted CI’s mission of supporting research and look forward to continuing to work with Jim in his new role.

Please stay tuned for more news on how Trusted CI will adapt to this change of leadership.

Von - Trusted CI PI and Director

Monday, August 26, 2019

Spotlight on the Trusted CI partnership with the Science Gateway Community Institute

The Science Gateway Community Institute (SGCI) is an NSF-funded initiative to provide services, resources, community support, and education to those seeking to create and sustain science gateways -- online interfaces that give researchers, educators, and students easy access to specialized, shared resources that are specific to a science or engineering discipline.

Trusted CI began its partnership with SGCI about three years ago. The partnership has developed into two main functions: to provide specialized engagements to gateway developers and operators seeking cybersecurity support, and to present on relevant cybersecurity topics during SGCI focus weeks (formerly called "bootcamps") and related events.

Trusted CI Engagements with Science Gateways

Below are a few examples of Trusted CI's contributions to science gateways
  • GISandbox: Reviewed their operational security and science gateway code
  • 'Ike Wai: Reviewed their identity and access management (IAM) implementation
  • EarthCube Data Discovery Studio: Reviewed the security of the project server and website
  • UC SanDiego's BRAIN Lab: Advised on using the cloud storage service, Box, for one of their projects
  • The Rolling Deck to Repository (R2R): Presented best practices in transferring and archiving data
  • SeedMeLab: Advised the project on using software penetration testing
  • cloudperm: Trusted CI has written an app that checks permissions on Google documents to identify potential sensitive material accessible to the public. This scan has been used by SGCI to review its own documents.

Resources offered by Trusted CI include:

  • Developing a Cybersecurity Program: a tractable method to build policies and procedures for cyberinfrastructure
  • Cybersecurity checkups: a tailored approach to accessing the maturity of a security program
  • Identity and Access Management: a collection of resources to improve authentication and authorization
  • Open Science Cyber Risk Profile: Providing risk profiles for common scientific assets.
  • Training: providing training on cybersecurity via Science Gateway focus weeks and webinars
  • Providing advice to the SGCI team on protecting their own internal information assets.

Upcoming events

The next SGCI focus week is September 9 - 13 in Chicago, IL. According to the website, a few spots are still available.
The Gateways 2019 Conference is September 23 - 25 in San Diego, CA.

Wednesday, August 14, 2019

Trusted CI Engagement Applications Due Oct 2 2019


Apply for a one-in-one engagement with Trusted CI for Early 2020.
 Applications due Oct 2, 2019.


Trusted CI is accepting applications for one-on-one engagements to be executed in Jan-June 2020.  Applications are due Oct 2, 2019 (Slots are limited and in demand, so this is a hard deadline!)

To learn more about the process and criteria, and to complete the application form, visit our site:


During Trusted CI’s first 5 years, we’ve conducted
 more than 24 one-on-one engagements with NSF-funded projects, Large Facilities, and major science service providers representing the full range of NSF science missions.  We support a variety of engagement types including: assistance in developing, improving, or evaluating an information security program; software assurance-focused efforts; identity management; technology or architectural evaluation; training for staff; and more.  

As the NSF Cybersecurity Center of Excellence, Trusted CI’s mission is to provide the NSF community a coherent understanding of cybersecurity’s role in producing trustworthy science and the information and know-how required to achieve and maintain effective cybersecurity programs.


Monday, August 12, 2019

PEARC19 wrap-up: Continuing our Commitment to Open Science

Jim Basney and Von Welch
Trusted CI had another successful presence at PEARC19. As noted in our pre-conference post, we presented our technical paper, a workshop, a panel, a poster, and exhibitor table; as well as attending and contributing to many other PEARC-related events.

A few highlights:
  • Von's panel, "Community Engagement at Scale: NSF Centers of Expertise," was attended at full capacity.
  • Our workshop, "Trustworthy Scientific Cyberinfrascture," was the first public debut of our Fellows. Matias Carrasco Kind, Jay Yang, Aunshul Rege, and Gabriella Perez shared their research backgrounds and discussed their specific cybersecurity needs.
  • Members of the NSF project Services Layer at the Edge (SLATE) met face to face with Trusted CI to discuss their upcoming engagement.
  • A series of lightning talks from Science Gateway operators during the Trusted CI workshop provided four gateway operators a chance to connect with the community on their cybersecurity issues.
  • A random lunch encounter between Trusted CI staff and people in the Jupyter community led to a lively discussion on Jupyter security and is expected to lead to an upcoming collaboration on providing a Jupyter security workshop at a future conference.
  • We presented at the AI4GOOD workshop regarding cybersecurity and ethics of artificial intelligence.
Von's Panel - Not a single open seat!
We thank the PEARC program committee for providing the opportunity to connect with members of our community and look forward to PEARC20.


Trusted CI Fellows at the workshop
Kay Avila, Mark Krenz, Florence Hudson
Anurag Shankar and Andrew Adams at the poster session

CCoE Webinar August 26th at 11am ET: Integrity Protection for Scientific Workflow Data: Motivation and Initial Experiences

Anirban Mandal and Mats Rynge are presenting the talk "Integrity Protection for Scientific Workflow Data: Motivation and Initial Experiences" on Monday August 26th at 11am (Eastern).

Anirban and colleagues are the recent recipient of PEARC's Phil Andrew's Award for most transformative contribution within its area of research.

Please register here. Check spam/junk folder for registration confirmation email.
With the continued rise of scientific computing and the enormous increases in the size of data being processed, scientists must consider whether the processes for transmitting and storing data sufficiently assure the integrity of the scientific data. When integrity is not preserved, computations can fail and result in increased computational cost due to reruns, or worse, results can be corrupted in a manner not apparent to the scientist and produce invalid science results. Technologies such as TCP checksums, encrypted transfers, checksum validation, RAID and erasure coding provide integrity assurances at different levels, but they may not scale to large data sizes and may not cover a workflow from end-to-end, leaving gaps in which data corruption can occur undetected.

In this talk, we will present our findings from the “Scientific Workflow Integrity with Pegasus” (SWIP) project by describing an approach of assuring data integrity - considering either malicious or accidental corruption - for workflow executions orchestrated by the Pegasus Workflow Management System (WMS). A key goal of SWIP is to provide assurance that any changes to input data, executables, and output data associated with a given workflow can be efficiently and automatically detected. Towards this goal, SWIP has integrated data integrity protection into a newly released version of Pegasus WMS by automatically generating and tracking checksums for both when inputs files are introduced and for the files generated during execution. We will describe how we validate our integrity protection approach by leveraging Chaos Jungle - a toolkit providing an environment for validating integrity verification mechanisms by allowing researchers to introduce a variety of integrity errors during data transfers and storage. We will also provide an analysis of integrity errors and associated overheads that we encountered when running production workflows using Pegasus.
Speaker Bios:

Anirban Mandal serves as the Assistant Director for network research and infrastructure group at Renaissance Computing Institute (RENCI), UNC-Chapel Hill. He leads efforts in science cyberinfrastructures. His research interests include resource provisioning, scheduling, performance analysis, and anomaly detection for distributed computing systems, cloud computing, and scientific workflows. Prior to joining RENCI, he earned his PhD degree in Computer Science from Rice University in 2006 and a Bachelor’s degree in Computer Science & Engineering from IIT Mumbai, India in 2000.

Mats Rynge is a computer scientist in the Science Automation Technologies group at the USC Information Sciences Institute. He is a developer on the Pegasus Workflow Management System and related projects. He is also involved in several national cyberinfrastructure deployments such as the Open Science Grid and XSEDE, for which he provides user support, software engineering and system administration. Previously, he was at the Renaissance Computing institute where he was the technical lead on the RENCI Science TeraGrid Gateway and the Open Science Grid Engagement activities. Before that he was a release manager on the NPACI NPACKage and NSF Middleware Initiative projects where he planned, created, and tested software middleware stacks for larger science communities.He also worked on improving grid software as part of Community Driven Improvement of Globus Software (CDIGS) and Coordinated TeraGrid Software and Services (CTSS) efforts.

Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Tuesday, July 23, 2019

Trusted CI begins engagement with the United States Academic Research Fleet

The United States Academic Research Fleet (ARF, funded by multiple NSF awards) consists of eighteen oceanographic research vessels organized by the University-National Oceanographic Laboratory System (UNOLS) that vary in size and capability from large Global Class vessels to Coastal Class vessels. As a large facility, the ARF is unique because its primary assets (research vessels) are owned by several different agencies and independently operated by fourteen different oceanographic research institutions. The ARF supports seagoing research for scientific disciplines which require access to the sea. It is vital to programs as small as single-PI nearshore projects and as large as global multi-PI expeditions. The ARF provides multi-institutional and multi-disciplinary shared research infrastructure to serve these research projects. This infrastructure helps to advance research and education across a wide variety of disciplines for a diverse community.

The US ARF faces unique cybersecurity challenges due to the remote nature of the platforms and the increasing use of operational technology on research vessels. The fact that the platforms are operated by different institutions with distinct standards and policies further compounds these issues. As the platforms serve the same customers, a unified CI solution that works across institutional requirements would provide a more consistent environment to all personnel coming aboard US ARF ships. The engagement between Trusted CI and ARF will work to establish a unified cyber infrastructure security plan that will both serve the evolving security needs of its community and prepare the ARF for operational cybersecurity requirements due to be enforced by the International Maritime Organization in 2021.  

This engagement began in July 2019 and is scheduled to conclude by the end of December 2019.

Thursday, July 11, 2019

Registration is now open for the 2019 NSF Cybersecurity Summit

It is our great pleasure to announce registration is now open for  the 2019 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure.  The event will take place Tuesday, October 15 thru Thursday, October 17, 2019, at the Catamaran Hotel, San Diego, CA.  Attendees will include cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI community, as well as key stakeholders and thought leaders from the broader scientific and cybersecurity communities.


Complete the online registration form by October 9, 2019: https://trustedci.org/2019-nsf-cybersecurity-summit


Tuesday, July 9, 2019

CCoE Webinar July 22nd at 11am ET: Ancile: Enhancing Privacy for Ubiquitous Computing with Use-Based Privacy

Vassar College's Jason Waterman is presenting the talk "Ancile: Enhancing Privacy for Ubiquitous Computing with Use-Based Privacy" on Monday July 22nd at 11am (Eastern).

Please register here. Check spam/junk folder for registration confirmation email.
The recent proliferation of sensors has created an environment in which human behaviors are continuously monitored and recorded. However, many types of this passively-generated data are particularly sensitive.  For example, locations traces can be used to identify shopping, fitness, and eating habits.  These traces have also been used to set insurance rates and to identify individual users in large, anonymized databases. To develop a trustworthy platform for ubiquitous computing applications, it will be necessary to provide strong privacy guarantees for the data consumed by these applications. Use-based privacy, which re-frames privacy as the prevention of harmful uses, is well-suited to address this problem.

This webinar introduces Ancile, a platform for enforcing use-based privacy for applications. Ancile is a run-time monitor positioned between applications and the data (such as location) they wish to utilize. Applications submit requests to Ancile; each request contains a program to be executed in Ancile’s trusted environment along with credentials to authenticate the application to Ancile.  Ancile fetches data from a data provider, executes the program, and returns any output data to the application if and only if all commands in the program are authorized. We find that Ancile is both expressive and scalable. This suggests that use-based privacy is a promising approach to developing a privacy-enhancing platform for implementing location-based services and other applications that consume passively-generated data.
Speaker Bio:  Jason Waterman is an Assistant Professor of Computer Science at Vassar College.  He received his Ph.D in Computer Science at Harvard University in the area of Coordinated Resource Management in Sensor Networks.  He has also worked as research staff at MIT's Computer Science & Artificial Intelligence Laboratory, where he helped to build a system for monitoring patients in disaster situations.

Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Monday, July 8, 2019

Trusted CI Completes REED+ Engagement

The Research Ecosystem for Encumbered Data (REED+) at Purdue University (https://www.rcac.purdue.edu/compute/reed), funded under the Office of Advanced Cyberinfrastructure (OAC #1840043), is a vision to implement a cost-effective ecosystem to manage regulated data. Researchers at Purdue, led by Preston Smith, Director of Research Services and Support, developed a strategic framework to address the compliance requirements for Controlled Unclassified Information (CUI) which is appearing in research sectors, e.g., defense and aerospace.

The foundation of the REED+ framework integrates NIST SP 800-171 and other related publications, including NIST’s Cybersecurity Framework (CSF) and the Big Ten Academic Alliance guidelines. It is intended to serve as a standard for campus IT to align with security regulations and best practices. Leveraging the framework, a single process for intake and contracting can be followed by the university’s Sponsored Programs Office (SPS), Human Research Protection Program (which oversees the IRB), Export Controls and Research Information Assurance (EC/IAO), and Information Technology at Purdue (ITaP) Research Computing division (formally the Rosen Center for Advanced Computing, or RCAC). Moreover, the framework also facilitates a tractable mapping of controlled research to cyberinfrastructure (CI) resources. The overarching goal of the REED+ framework is to enable researchers, administrators, and campus IT to better understand complicated data security regulations affecting research projects.

To assist in developing the framework, Trusted CI engaged with the REED+ team at Purdue from January through June of 2019. The initial step in the engagement was a review of existing documents and processes, followed by exploring proposed policies. Trusted CI found the flow of REED+ framework sound, and soon switched to working with Preston’s team in focusing on specific aspects of the process, e.g., providing controlled research ‘use cases’. The engagement proved especially rewarding, as both the REED+ researchers and Trusted CI came away from the engagement with a greater understanding in the nascent and vanguard processes involved in handling CUI compliance in the domain of research and education.

Sunday, July 7, 2019

Cyberinfrastructure Vulnerabilities 2019 Q2 Report

The Cyberinfrastructure Vulnerabilities team provides concise announcements on critical vulnerabilities that affect science cyberinfrastructure (CI) of research and education centers, including those threats which may impact scientific instruments. This service is freely available to all by subscribing to Trusted CI’s mailing lists (see below).

We monitor a number of sources for software vulnerabilities of interest, then determine which ones are of the most critical interest to the community. While it’s easy to identify issues that have piqued the public news cycle, we strive to alert on issues that affect the CI community in particular. These are identified using the following criteria: the affected technology’s or software’s pervasiveness in the CI community; the technology’s or software’s importance to the CI community; type and severity of potential threat, e.g., remote code execution; the threat’s ability to be remotely triggered; the threat’s ability to affect critical core functions; and if mitigation is available. For those issues which warrant alerts to the Trusted CI mailing lists, we also provide guidance on how operators and developers can reduce risks and mitigate threats. We coordinate with XSEDE, Open Science Grid (OSG), the NSF supercomputing centers, and the ResearchSOC on drafting and distributing alerts to minimize duplication of effort and maximize benefit from community expertise. Some of the sources we monitor for possible threats to CI include:


In 2Q2019 the Cyberinfrastructure Vulnerabilities team issued the following 10 vulnerability alerts to 133 subscribers:


If you wish to subscribe to the Cyberinfrastructure Vulnerability Alerts mailing list you may do so through https://list.iu.edu/sympa/subscribe/cv-announce-l. This mailing list is public and the archives are available at https://list.iu.edu/sympa/arc/cv-announce-l.

If you believe you have information on a cyberinfrastructure vulnerability, let us know by sending us an email at alerts@trustedci.org.

Wednesday, July 3, 2019

Trusted CI Completes Engagement with the Polar Geospatial Center

The Polar Geospatial Center (PGC) (NSF 1559691, NSF 1614673, NSF 1810976, NASA NNX16AK90G, and NASA 80NSSC18K1370) at the University of Minnesota provides geospatial support, mapping, and GIS/remote sensing solutions to researchers and logistics groups in the polar science community. The PGC supports U.S. polar scientists to complete their research goals in a safe, timely, and efficient manner by providing a service which most groups do not have the resources or expertise to complete. The mission of the PGC is to introduce new, state-of-the-art techniques from the geospatial field to effectively solve problems in the least mapped places on Earth. Trusted CI's engagement with PGC began in January 2019 and concluded in June 2019.

The primary goals for this engagement were to rapidly mature PGC’s cybersecurity program and develop a roadmap for future cybersecurity efforts at PGC. Trusted CI and PGC conducted a risk assessment of cyberinfrastructure assets, and then, driven by the results of the assessment, worked to build upon these results to improve PGC’s security program. The Trusted CI Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects and related materials were used to facilitate the effort.

NSF Community Cybersecurity Benchmarking Survey

It's time again for the NSF Community Cybersecurity Benchmarking Survey (“Community Survey”). We’ve appreciated all the great participation in the past, and look forward to seeing your responses again this year. The Community Survey, started in 2016, is a key tool used by Trusted CI to gauge the cybersecurity posture of the NSF science community. The twin goals of the Community Survey are: 1) To collect and aggregate information about the state of cybersecurity for NSF projects and facilities; and 2) To produce a report analyzing the results, which will help the community level-set and provide Trusted CI and other stakeholders a richer understanding of the community’s cybersecurity posture. To ensure the survey report is of maximum utility, we want to encourage a high level of participation, particularly from NSF Large Facilities. Please note that we are aggregating responses and minimizing the amount of project-identifying information we’re collecting, and any data that is released will be anonymized.

https://forms.gle/meVYfsxvbzEEYWAn6

Each NSF project or facility should submit only a single response to this survey. Completing the survey may require input from the PI, the IT manager, and/or the person responsible for cybersecurity (if those separate areas of responsibility exist). While answering specific questions is optional, we strongly encourage you to take the time to respond as completely and accurately as possible. If you prefer not to respond to or are unable to answer a particular question, we ask that you make that explicit (e.g., by using “other:” inputs) and provide your reason.

The response period closes July 31, 2019.

Thursday, June 20, 2019

2019 NSF Cybersecurity Summit Call For Participation - NOW OPEN - Deadline is Monday, August 12th


It is our pleasure to announce and invite you to the 2019 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure.  The event will take place Tuesday, October 15th through Thursday, October 17th, at the Catamaran Hotel in San Diego, CA. Attendees will include cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI community, as well as key stakeholders and thought leaders from the broader scientific and cybersecurity communities. Registration and hotel reservations details will be announced in the coming weeks. We are happy to announce the call for participation, community leadership recognition program, and student program are now open and we welcome your proposals.
Call for Participation (CFP)
Program content for the summit is driven by our community. We invite proposals for presentations, breakout and training sessions, as well as nominations for student scholarships. The deadline for CFP submissions is August 12th, 2019. To learn more about the CFP, please visit: https://trustedci.org/cfp2019


Nominations for the Community Leadership Recognition Program
The Summit seeks to recognize outstanding leadership in the cyberinfrastructure and cybersecurity field. These leaders have developed and established the processes and practices for building a trusting, collaborative community, and seriously addressing that community's core cybersecurity challenges in ways that remain relevant as research technologies and infrastructure evolve and change. The deadline for CFP submissions is August 12th, 2019. More information on the program and how to submit a nomination can be found here: http://trustedci.org/leadership2019
Student Program - Accepting Applications
Each year, the summit organizers invite several students to attend the summit. Students who are interested in cybersecurity and new, efficient, effective ways to protect information assets while supporting science will benefit from attending. Undergraduate and Graduate students may self-nominate or be nominated by a teacher or mentor. The deadline for applications is August 12th, 2019.. To learn more about the Student Program, please visit: https://trustedci.org/summit2019/students
On behalf of the 2019 NSF Cybersecurity Summit organizers and program committee, we welcome your participation and hope to see you in October.


More information can be found at https://trustedci.org/2019-nsf-cybersecurity-summit

Wednesday, June 19, 2019

Welcoming Michael Zentner to Advisory Committee and thank you to Nancy Wilkins-Diehr

With the retirement of Nancy Wilkins-Diehr, we thank her for her years of service on the Trusted CI Advisory Committee. Her guidance and the collaboration with the Science Gateways Community Institute (SGCI) she led have been instrumental to Trusted CI’s success.
Michael Zentner is succeeding Nancy as PI of SGCI, and we’re happy to announce that the collaboration between Trusted CI and SGCI will continue. Michael will be replacing Nancy on Trusted CI’s Advisory Committee and we extend a warm welcome to him. 
About Michael: Michael Zentner is the Director for Sustainable Scientific Software at the San Diego Supercomputer Center (SDSC), the Director of the HUBzero® project, , co-PI on the nanoHUB.org project (a science gateway serving over 1.4 million visitors annually), and is transitioning into the Director role of the SGCI.  In this combined role, Michael focuses on new innovations in cyberinfrastructure and science gateways, as well as sustainability models for such gateways and other scientific software.  Michael’s background consists of 9 years in academic settings advancing data analytics and cyberinfrastructure software, as well as 18 years of entrepreneurial experience in creating sustainable business models for software and applying technology based software solutions in Fortune 500 companies tor supply chain optimization, data analytics, and collaboration.  Michael holds a Ph.D. in Chemical Engineering from Purdue University and dual MBAs in International Business from Purdue University’s Krannert School of Management and the TIAS School for Business and Society in Tilburg, Netherlands.

Tuesday, June 18, 2019

Trusted CI at the 2019 annual Great Plains Networks All-Hands Meeting May 21-23

Ishan Abhinit conducting log analysis exercise at GPN AHM 2019
Following on the successful workshops Trusted CI staff provided at the 2017 Great Plains Network All-Hands Meeting, The Trusted CI staff was invited back to the event in 2019 by GPN staff. Five members of the Trusted CI staff presented a series of three workshops from May 21st - 23rd at the 2019 Great Plains Networks All-Hands Meeting. The workshops covered log analysis, risk management for regulated data, and developing information security programs for research projects and facilities.

Building a NIST Risk Management Framework for HIPAA and FISMA Compliance - Wednesday, May 22 (Anurag Shankar & Ryan Kiser)
Anurag Shankar and Ryan Kiser led a workshop to prepare attendees to effectively leverage NIST’s risk management guidelines as a tool to address the increasingly heavy demands of regulated data on research workflows. They provided an overview of the requirements for handling different types of regulated data such as PHI and CUI as well as a unified risk-based methodology for adhering to these requirements.

Security Log Analysis - Wednesday, May 22 (Mark Krenz & Ishan Abhinit)
Mark Krenz and Ishan Abhinit presented a half day workshop on Security Log Analysis including a 45 minute exercise developed by fellow Trusted CI colleague Kay Avila. The hands on exercise involved performing analysis on an Apache web server log file to find attacks at 6 levels of difficulty. The workshop also covered important aspects of collecting, organizing and analyzing log files as well as provided specific techniques for finding different types of attacks. Real time polling was utilized as a method of helping enguage with attendees as well as gaining insight into community practices.


A Practical Cybersecurity Framework for Open Science Projects and Facilities- Thursday, May 23 (Bob Cowles)
Bob conducted a workshop to give attendees a foundation in what it means to have a basic, competent cybersecurity program for open science projects. In addition to lively discussion from the participants, the four pillars of the Trusted CI Framework were presented along with the sixteen “musts” that compose the core framework requirements. Participants were provided with the tools for building a cybersecurity program and encouraged to use a set of rational, evidence-based controls as a component of their program.
Left to right: Bob, Anurag, Ishan, Michael, Mark, Ryan

Attending the conference also allowed Trusted CI staff to meeting and provide less formalized cybersecurity discussion and consultation during social events at the conference. While visiting Kansas City, the Trusted CI team also had the opportunity to meet with Michael Grobe, who is a member of the distributed computing community and co-developer of Lynx, one of the first popular web browsers.

The materials presented by Trusted CI at the conference as well as others can be found on the Trusted CI website.

Wednesday, June 12, 2019

Many opportunities to meet with Trusted CI at PEARC19

There are numerous opportunities to interact with members of Trusted CI at PEARC19, July 28th - August 1st, in Chicago. PEARC19, "will explore the current practice and experience in advanced research computing including modeling, simulation, and data-intensive computing."

We will update our PEARC19 page as more scheduling info involving Trusted CI becomes available. The full schedule has been posted on PEARC's site.

7/08 Note: Room assignments have been updated.

Trusted CI Workshop on Trustworthy Scientific Cyberinfrastructure

Tuesday July 30th at 11am - 5pm in the Water Tower room

Our workshop provides an opportunity for sharing experiences, recommendations, and available resources for addressing cybersecurity challenges in research computing. Presentations by Trusted CI staff and community members will cover a broad range of cybersecurity topics, including science gateways, transition to practice, cybersecurity program development, workforce development, and community engagement (e.g., via the Trusted CI Fellows program). Space is still available for lightning talks. Please contact jbasney@illinois.edu if you are interested in presenting at the workshop.

Panel: Community Engagement at Scale: NSF Centers of Expertise panel

Tuesday July 30th at 1:30pm - 3pm in the Atlanta room

This panel brings together the leaders of centers of expertise serving the CI and NSF communities to present what they wish everyone knew about their respective area and to explore the challenges and lessons learned with the cross-cutting topic of community engagement at scale. Panelists include:
  • Ruth Marinshaw — Moderator (Stanford University)
  • Daniel Crawford (MoISSI)
  • Ewa Deelman (CI CoE Pilot)
  • Jennifer Schopf (EPOC)
  • Von Welch (ResearchSOC, Trusted CI)
  • Nancy Wilkins-Diehr (SGCI)
  • Frank Wuerthwein (OSG)

Technical Papers

Our technical paper, “Trusted CI Experiences in Cybersecurity and Service to Open Science,” will be published in the proceedings. To read the pre-print copy, click here.

Trusted CI's paper will be presented on Wednesday July 31st at 11am - 12:30pm in the Wrigley room.

Another paper presentation that may be of interest is “Integrity Protection for Scientific Workflow Data: Motivation and Initial Experiences.” This paper describes the experiences of the Scientific Workflow Integrity Project in protecting data integrity.

SWIP's paper will be presented on Tuesday July 30th at 3:30 - 5pm in the Crystal C room.

AI4GOOD Workshop

Monday July 29th at 8:30am - 5pm in the Horner room

Trusted CI's Florence Hudson will be presenting in the AI4GOOD workshop on a panel about privacy, policies, security, and ethics regarding Artificial Intelligence. This workshop will provide a full-day of awareness, advocacy and hands-on training in basic skills needed by those who wish to employ or support artificial intelligence (AI) for accelerated research outcomes in a variety of domains. Biomedical advances, economic empowerment strategies, agricultural innovation and quality of life improvements for citizens in underserved regions will be emphasized.

Poster Reception

Tuesday July 30th at 6:30pm - 8:30pm in the Crystal Foyer and Crystal B rooms

Trusted CI is presenting a poster on our mission, how it can help your project, and the advances it is making in cybersecurity and resources for cybersecurity professionals.

The Exhibitors Hall

Trusted CI is a sponsor of PEARC19, and will have a table at the PEARC19 Exhibitors Hall. Meet members of our team and find out how we can provide cybersecurity support to your NSF project.

SIGHPC Systems Professionals Symposium19 [Added July 6th]

Von Welch will be speaking as part of the panel on HPC Cybersecurity from 10:30-11:30am on Monday at the SIGHPC Systems Professionals Symposium19.


Monday, June 10, 2019

CCoE Webinar June 24th at 11am ET: The Trusted CI Framework: Toward Practical, Comprehensive Cybersecurity Programs

Trusted CI's Craig Jackson and Bob Cowles are presenting the talk "The Trusted CI Framework: Toward Practical, Comprehensive Cybersecurity Programs" on Monday June 24th at 11am (Eastern).

Please register here. Check spam/junk folder for registration confirmation email.
In this presentation, we will present the motivations behind and structure for the Trusted CI Framework and related implementation guidance for research. We’ll field questions, as well as discuss opportunities for the community to get be involved.
The Framework team members are Craig Jackson, Bob Cowles, Kay Avila, Scott Russell, Von Welch, and Jim Basney.
Speaker bios:

Craig Jackson is Program Director at the Indiana University Center for Applied Cybersecurity Research (CACR), where his research interests include information security program development and governance, cybersecurity assessments, legal and regulatory regimes' impact on information security and cyber resilience, evidence-based security, and innovative defenses. He leads CACR's collaborative work with the defense community and an interdisciplinary assessment and guidance tem for the NSF Cybersecurity Center of Excellence. He is a co-author of Security from First Principles: A Practical Guide to the Information Security Practice Principles. Craig is a graduate of the IU Maurer School of Law, IU School of Education, and Washington University in St. Louis. In addition to his litigation experience, Craig's research, design, project management, and psychology background includes work at the IU Center for Research on Learning and Technology and the Washington University in St. Louis School of Medicine.

Robert (Bob) Cowles is principal in BrightLite Information Security performing cybersecurity assessments and consulting in research and education about information security and identity management. He served as CISO at SLAC National Accelerator Laboratory (1997-2012); participated in security policy development for LHC Computing Grid (2001-2008); and was an instructor at University of Hong Kong in information security (2000-2003). His CACR contributions include research for the XSIM project and the NSF Cybersecurity Center of Excellence.

Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Von Welch & Susan Sons to present at ESnet's CI Brownbag talk on Friday June 14 @2pm ET

Von Welch and Susan Sons will be presenting, "NSF Resources for Research Cybersecurity: Trusted CI and ResearchSOC," on Friday June 14th at 2pm ET. This presentation is part of ESnet's series of CI Brownbag talks.
Cybersecurity for research has a number of particular challenges including unusual instruments, high-performance infrastructure, and global collaboratioins. This talk will cover two NSF-funded community resources for cybersecurity for research: Trusted CI, the NSF Cybersecurity Center of Excellence, and ResearchSOC, a security operations center designed for research infrastructure. The presenters, Von Welch, Director of Trusted CI, and Susan Sons, Deputy Director of the ResearchSOC, will give an overview of cybersecurity challenges for research and then cover the offerings of Trusted CI and the ResearchSOC.
The meeting will be held in Zoom:
https://ESnet.zoom.us/j/804696793

One tap mobile
+16699006833,,804696793# US (San Jose)
+16465588656,,804696793# US (New York)

Dial by your location
        +1 669 900 6833 US (San Jose)
        +1 646 558 8656 US (New York)
Meeting ID: 804 696 793
Find your local number: https://zoom.us/u/aboUJCvWEZ

Join by SIP
804696793@zoomcrc.com

Join by H.323
162.255.37.11 (US West)
162.255.36.11 (US East)
221.122.88.195 (China)
115.114.131.7 (India)
213.19.144.110 (EMEA)
202.177.207.158 (Australia)
209.9.211.110 (Hong Kong)
64.211.144.160 (Brazil)
69.174.57.160 (Canada)
Meeting ID: 804 696 793

The talk will be recorded and posted to ESnet's GDrive archive when it is available.

Friday, June 7, 2019

Trusted CI Participates in ResearchSOC’s EDUCAUSE SPC Workshop

This blog post is cross-posted from the ResearchSOC blog. The ResearchSOC is a peer project of Trusted CI’s focused on providing operational cybersecurity services to the NSF community. It recently hosted a workshop at the 2019 EDUCAUSE Security Professionals Conference to which Trusted CI contributed.

--

“Securing and Supporting Research Projects: Facilitation Design Patterns” workshop

Posted on May 24, 2019 by toddston

In case you missed the above workshop at EDUCAUSE SPC (and you may well have missed it—the workshop filled up early, had a long wait list, and was almost standing room only), the slides from “Securing and Supporting Research Projects: Facilitation Design Patterns” are now available.

Presented by Michael Corn (CISO, UCSD) and Cyd Burrows-Schilling (Research Facilitator, UCSD), the workshop helped prepare security professionals to support sponsored research projects. It provided an overview of how research operates within Universities; taught facilitation skills for working with faculty; and provided guidance on how to develop a project specific security plan that meets the requirements of NSD, DoD, and other sponsoring organizations.

We were honored to have Professor Tanya Berger-Wolf from the University of Illinois at Chicago join us in person. The session with Professor Berger-Wolf was a highlight of the workshop, and helped attendees understand how cybersecurity professionals can work with researchers and learn to navigate the gap between the traditional top-down approach to security and the practicalities of everyday research lab infrastructures.

And she is doing some really cool research.

Claire Mizumoto, Director of Research IT Services at UCSD joined us remotely and gave a thought-provoking presentation on the hurdles researchers face in obtaining funding, preparing grants, and meeting the aggressive time demands of obtaining tenure.

Florence D. Hudson, who is Founder and CEO at FDHint, LLC and Special Adviser to our friends at Trusted CI, the NSF Cybersecurity Center of Excellence, gave an overview of three extremely useful tools: the NSF Cybersecurity Planning Guide, the Software Engineering Guide, and the Information Security Practice Principles. If you’re charged with providing cybersecurity for research projects of any size, these are pretty much required reading.

Vlad Grigorescu, Security Engineer at ESnet, led a deep dive into ScienceDMZ, which is an excellent network design pattern for data-intensive research projects.
We’re grateful to all our guests for their participation and incredibly useful information. If you need more information on any of the topics presented, contact us at rsoc@iu.edu.

The workshop was organized by the ResearchSOC project (researchsoc.iu.edu – NSF award 1840034).

  • Slide deck available here
  • Cyber Ambassadors case scripts available here
  • Intake Interview preparation example available here

Couldn’t make the workshop or hungry for more? No problem. Mark your calendar now for December 4-6, when we’ll present a full three-day workshop on the above topic. This hands-on workshop will be held on the University of California, San Diego campus. Details to follow.

The Research Security Operations Center (ResearchSOC) is a collaborative security response center that addresses the unique cybersecurity concerns of the research community. ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. For more information on the ResearchSOC, visit our website or email rsoc@iu.edu.