Wednesday, March 20, 2019

Jim Basney appointed as Trusted CI Deputy Director

I’m happy to announce that as of March 15th, Jim Basney is serving as Trusted CI’s Deputy Director. In this role, Jim will work closely with me to manage Trusted CI’s many activities as well as help with outreach to the research community. Jim has been with Trusted CI since its inception and has more than two decades of experience working with the research community. He is an internationally recognized leader in open science identity and access management, and leads the CILogon project.

It’s my pleasure to officially welcome Jim into this new role at Trusted CI.

Von Welch, Director, Trusted CI

Scripps Institution of Oceanography, Trusted CI, and CACR Launch Engagement

We are pleased to announce the start of an engagement with Scripps Institution of Oceanography at the University of California San Diego. Scripps Oceanography is supported by multiple NSF awards, including # 1327683, 1212770, and 1556466, as well as research awards from the Department of Defense and National Oceanographic and Atmospheric Administration (among others).

This engagement is in collaboration with the DOD-funded Principles-Based Assessment for Cybersecurity Toolkit (PACT) project. PACT is a methodology and tool set based on the Information Security Practice Principles and developed in collaboration by Trusted CI, the IU Center for Applied Cybersecurity Research, and Naval Surface Warfare Center Crane. Lessons learned from applying the methodology to Scripps Oceanography will be used to refine PACT.  Scripps Oceanography’s interest in engaging with Trusted CI and the PACT project presented a perfect opportunity to leverage Trusted CI’s expertise and knowledge of complex open science environments, while advancing a methodology with potential for very broad application.

Tuesday, March 19, 2019

Including Trusted CI in your NSF CSSI Proposal

Cybersecurity is an important element in every cyberinfrastructure project plan. For example, NSF's current Cyberinfrastructure for Sustained Scientific Innovation (CSSI) solicitation (Due Monday, April 8th) includes the following guidance:
The description of the CI architecture and processes should explain how security, trustworthiness, provenance, reproducibility, and usability will be addressed by the project and integrated into the proposed system and the engineering process, and how adaptability to new technologies and changing requirements will be addressed by the project and built into the proposed system, as appropriate.
It's often the case that while writing a proposal you will identify a cybersecurity challenge suited to a collaboration with Trusted CI. We offer the following suggestions to indicate your intent to engage with Trusted CI to solve the challenge, hence indicating in your proposal that you both recognize the challenge and take it seriously.

Identify and utilize Trusted CI resources. Our cybersecurity program guide provides recommendations and templates for establishing and maintaining cybersecurity programs. Our online training materials and webinars cover many cybersecurity topics tailored to the NSF CI community. Our annual cybersecurity summit provides a venue for training sessions for cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI community.

Indicate Your Intent to Approach the CCoE. We invite proposing NSF CI projects to indicate their intention to approach Trusted CI once they are funded. Trusted CI resources and staff are available to assist NSF projects with cybersecurity plans and training, via one-on-one engagements, and other Trusted CI activities. For example, Trusted CI recently engaged with the Environmental Data Initiative (EDI). Proposers are free to include language showing an awareness of cybersecurity of a specific issue and showing you are aware of Trusted CI, how we can help, and that you plan to approach us if funded to collaborate on addressing the issue. You can do this unilaterally without any commitment from Trusted CI (and please be aware it does not commit Trusted CI, we do our best to help all NSF projects, but are subject to our own resource availability). We ask that you let us know if you reference Trusted CI, this way to help us plan ahead.

Possible language to include in a proposal:
Our proposal team recognizes [that cybersecurity is important for the effort we are undertaking | we have a cybersecurity challenge with regards to XXX]. To address this issue we plan to approach the NSF-funded Cybersecurity Center of Excellence ( The Cybersecurity Center of Excellence (CCoE) engages projects such as the one we propose to help them address cybersecurity challenges and maintain the trustworthy nature of the computational science we support. We understand that engagements with CCoE are collaborative, and have budgeted resources in our project to work with CCoE on our challenge.
Trusted CI can also provide a letter of collaboration for your proposal using this template.

Include the CCoE in your Proposal. You can include one or more of the CCoE Partners (IU, Internet2, LBNL, NCSA, PSC, U. Wisconsin) via a subcontract on your proposal, a process that provides a firm commitment of our participation. Please contact us to discuss which partner would be most appropriate, whether the commitment would be exclusive for a given solicitation, and the level of effort that would be involved. In this case, we would provide a custom letter of collaboration indicating our agreement to the terms of the subcontract.

If you are preparing a CSSI proposal and would like additional assistance from Trusted CI, don't hesitate to contact us to discuss how Trusted CI can help.

Wednesday, March 13, 2019

Trusted CI presenting at the Great Plains Network Annual Meeting (May 21 - 23)

Members of Trusted CI will be presenting three training sessions at the Great Plains Network (GPN)'s Annual meeting  in Kansas City, Missouri (May 21st - 23rd).

Bob Cowles  and Mark Krenz are presenting, "Developing Cybersecurity Programs for NSF Projects." This tutorial describes Trusted CI's Framework for cybersecurity programs to protect science projects

Mark Krenz and Ishan Abhinit are presenting, "Security Log Analysis." Participants will learn how to collect and analyze system logs to help detect security incidents.
Anurag Shankar and Ryan Kiser are presenting, "Building NIST Risk Management Framework for HIPAA and FISMA." This session will familiarize participants with how to tackle HIPAA, FISMA, and NIST 800-171, US regulations that affect research computing.

More details about the conference will be posted here at it becomes available.

Monday, March 11, 2019

CCoE Webinar March 25th at 11am ET: The NSF CC-DNI SecureCloud Project

Casimer DeCusatis is presenting the talk "The NSF CC-DNI SecureCloud Project: Autonomic Cybersecurity for Zero Trust Cloud Computing" on Monday March 25th at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.
Cyberinfrastructure is undergoing a radical transformation as traditional data centers are replaced by cloud computing. Cloud hosted applications tend to have a poorly defined network perimeter, large attack surfaces, and pose significant challenges for network visibility, segmentation, and authentication.  We discuss research from the NSF SecureCloud project, which addresses the unique requirements of cloud security using an autonomic, zero trust architecture. We have created and tested original software using a first-of-a-kind cybersecurity test bed constructed at the New York State Cloud Computing & Analytic Center, Marist College. We developed the first honeypot for software defined network (SDN) controllers , and created honeypots for graph database APIs, SSH, and other applications.  These honeypots collect raw data telemetry, which is processed into actionable threat intelligence using our Lightweight Cloud Analytics for Real Time Security (LCARS), an SIEM that includes the G-Star graph database and hive plot visualizer.  We have built a threat intelligence database including attack patterns and orchestrated response recipes. We demonstrate dynamic reconfiguration using REST APIs for network appliances, while we cloak high risk applications using a combination of Transport Layer Access Control and First Packet Authentication.  Use cases include reconfiguration of trust levels in response to distributed denial of service (DDoS) and other attacks.
Speaker bio:

Casimer DeCusatis is an Assistant Professor at Marist College.  He is a Cisco Distinguished Speaker, Fellow of IEEE, OSA, SPIE, and recipient of the following awards: IEEE Kiyo Tomiyasu, IEEE R1 Cybersecurity Education, Sigma Xi Walston Chubb, Mensa Copper Black, PSU Outstanding Alumnus, and IEEE/HKN OYEE.  He received his M.S.(1988) & Ph.D.(1990) from RPI and his B.S. from Penn State (1986).

Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Tuesday, March 5, 2019

Upcoming events featuring Trusted CI

Interested in the latest from Trusted CI? Want a chance to chat in person with us? Members of Trusted CI will be participating in a number of events over the next few months.

Internet2 Global Summit (March 5-8) in Washington, D.C.
The summit focuses on trust and identity; advanced networking; information security; and integrated solutions for research, scholarship and creativity. Von Welch will be presenting in the Executive Track on Tuesday on Cybersecurity for Open Science. On Friday Jim Basney and Von Welch will be co-presenting a talk with UC San Diego's Michael Corn "Strategies for Research Cybersecurity and Compliance from the Lab."

CENIC Annual Conference (March 18-20) in San Diego, CA.
The Corporation for Education Network Initiatives in California (CENIC) is hosting its annual conference bringing together participants from all education segments, research universities, public libraries, private sector technology businesses, public policy and government, and R&E partners. Von Welch will be presenting a talk on the Trusted CI framework.

ISGC 2019 (March 31-April 5) in Taipei, Taiwan.
The International Symposium on Grids and Clouds (ISGC) 2019 & Soundscape Conference is built around the FAIR concept -- data must be Findable, Accessible, Interoperable and Re-usable. The conference will bring together individual communities and national representatives to address this challenge. Von Welch will be giving a keynote address, "FAIR in an unfair world: cybersecurity, data breaches, data integrity, and open science."

WE-RIT Women in Engineering at RIT and Cybersecurity Research TTP (April 2-3) in Rochester, NY.
Florence Hudson will be at speaking at Rochester Institute of Technology at the WE-RIT event on April 2, and meeting with Cybersecurity Researchers April 2-3 to discuss how to accelerate cybersecurity research transition to practice (TTP) including business model development.

SIG-ISM/WISE Meeting (April 16-18) in Kaunas, Lithuania. 
The G√ČANT Special Interest Group - Information Security Management (SIG-ISM) group and the Wise Information Security for Collaborating e-Infrastructures (WISE) are hosting joint meeting in Lithuania. The meeting aims to enhance the collaboration among large e-infrastructures and NRENs and their communities on handling security information. The groups will discuss their activities in the past few years, share the results and outcomes and tackle challenges together. Bob Cowles will be giving a talk on the new Trusted CI Framework.

IU Internet of Things Wearables in Motion Symposium (April 25-26) in Bloomington, IN.
The Indiana University School of Informatics, Computing, and Engineering, Innovate Indiana, IU Research and Technology Corp., The Mill and Indiana IoT Lab, will host academic and industry experts to discuss wearables and the Internet of Things (IoT) including novel sensors and actuators, scalable and secure cyberinfrastructures, and more. Florence Hudson will be presenting with Mitch Parker from IU Health on Protecting Health Wearables from Cyber Attack.

EDUCAUSE Security Professional Conference 2019 (May 13-15) in Chicago, IL.
EDUCAUSE brings higher education security professionals together to network and discuss information security and privacy trends and current issues with peers and solution providers. Anurag Shankar is presenting a talk on securing workflows. Also, Trusted CI's partner project, the ResearchSOC, will be presenting a talk on helping security professionals support sponsored research projects.

The Great Plains Network (GPN) Annual Meeting (May 21-23) in Kansas City, MO.
The meeting brings together advanced network and cyberinfrastructure users, information technology staff, network engineers, faculty members, researchers, and graduate students from leading Midwestern universities and higher education networks. Mark Krenz, Bob Cowles, Ishan Abhinit, Anurag Shankar, and Ryan Kiser will be presenting talks on security log analysis, developing cybersecurity programs, and the NIST framework for HIPAA and FISMA compliance. 

Trusted CI's Technology Transition to Practice (TTP) Workshop (June 19) in Chicago, IL.
The Cybersecurity TTP workshop is an opportunity for Cybersecurity researchers and practitioners to discuss the needs and gaps we can fill with cybersecurity research, and enjoy co-creation of plans on accelerating this valuable research to practice. Florence Hudson and fellow members of Trusted CI will be hosting the workshop. Apply to request an invitation here.

PEARC19 in (July 28 - August 1) in Chicago, IL.
PEARC19 will explore the current practice and experience in advanced research computing including modeling, simulation, and data-intensive computing. Abstracts are still under review. Trusted CI intends to present many things at this year's conference and will update the community as more information is available.

The 2019 NSF Cybersecurity Summit (October 15 - 17) in San Diego, CA.
The Summit is hosted by Trusted CI and welcomes cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI Community, as well as key stakeholders and thought leaders from the broader scientific and information security communities. The Summit includes training sessions, plenary session, and opportunities to network and socialize with peers.

Whether you are an operational security pro, high speed networking researcher, NSF PI, or identity management specialist; the coming months present some interesting opportunities to network and collaborate. We look forward to seeing you at these events.

Monday, February 25, 2019

Trusted CI Begins Engagement with REED+

The Research Ecosystem for Encumbered Data (REED+) at Purdue University (, funded under the Office of Advanced Cyberinfrastructure (OAC #1840043), has the vision to implement a cost-effective ecosystem to manage regulated data that meets the compliance requirements found in a campus environment, e.g., protecting Controlled Unclassified Information (CUI).

REED+’s approach will integrate NIST SP 800-171 and other related NIST publications into its foundation. This will serve as a standard for campus IT to align with security regulations and best practices. The goal is to create a single process for intake and contracting, and to facilitate easy mapping of controlled research to cyberinfrastructure (CI) resources for the sponsored programs office, human subjects office, and export control office.

With the use of student-developed training materials and instruction, the approach will enable researchers, administrators, and campus IT to better understand previously complicated data security regulations affecting research projects. The goal is that the ecosystem developed from REED+ will enable new partnerships with government agencies and industry partners from the defense, aerospace, and life science sectors.

Trusted CI will engage with REED+ to review its strategic vision in providing CUI compliance across their institution’s CI. To achieve this, Trusted CI and REED+ will first inventory proposed components. Trusted CI will then analyze the components, assess them against other implementations, and provide recommendations. Finally, Trusted CI and REED+ will explore appropriate solutions for security awareness that can facilitate the plan.

The engagement began January, 2019 is scheduled to run to the end of June, 2019.

Comments on NSF's Major Facilities Guide from Trusted CI

Trusted CI has submitted the following comments in response to section 6.3 of

We are pleased to see NSF publish cybersecurity guidance for Major Facilities. In our experience working closely with Large Facilities via the Large Facility Security Team (LFST), one-on-one engagements, and at community events like the NSF Cybersecurity Summit, we know many cybersecurity and information technology practitioners at facilities have eagerly anticipated more guidance on cybersecurity expectations. Since 2014, we have collaborated with the Large Facilities Office to provide eight drafts of suggested content for this cybersecurity section of the Large Facility Manual (now Major Facilities Guide). We vetted the most recent Trusted CI drafts with the LFST.  While the published draft provides less detail and specificity than our most recent drafts, we believe much of the content is well-aligned with Trusted CI’s advice and experience working with the community. This MFG section will be well-aligned with the Trusted CI Framework and the companion Trusted CI Framework Implementation Guide for Providers of Scientific CyberInfrastructure we’re developing as a follow-on to our Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects.  That framework and its related products will provide explicit requirements for what it takes to stand up and maintain a competent cybersecurity program that supports open science missions.

The following are our detailed comments and suggested changes or additions.  The purpose of these suggestions is to aid in usability and readability, as well as alignment with Trusted CI’s guidance to the community.

Detailed comments:


Throughout the document

Suggested change: Replace “information security” with “cybersecurity” throughout or define them as being equivalent terms
Discussion: Cybersecurity and information security - both used but not explicitly described as equivalent.
Justification: Clarity and consistency


Throughout the document

Suggested change: Add page numbers to the document
Discussion: The lack of page numbers makes referencing or communicating about the text in the document more difficult.
Justification: Improve ease of communication about parts of the text.


6.3.1 Paragraph 1

Suggested change: Last sentence - strike “of the program”
Justification: redundant and awkward phrasing


6.3.2 Paragraph 1

Suggested paragraph replacement text:
A cybersecurity plan is a required element of the Project Execution Plan (PEP) per Section 3.4 of this Guide. Additionally, based on Uniform Guidance §200.303, to the extent the award recipient’s IT infrastructure is integral to internal controls, the relevant portion of the cybersecurity program should be compliant with guidance published by the Comptroller General or Committee of Sponsoring Organizations of the Treadway Commission (COSO).  Further, the Cooperative Agreement Supplemental Financial & Administrative Terms and Conditions (CA-FATC) for Recipients of Major Facilities or Federally Funded Research and Development Centers (FFRDC) requires an information security program and identifies a modest set of required components for the program. [add footnote references where appropriate]
Discussion: The first paragraph is confusing since it is an amalgam of requirements from different sources with different scopes. We suggest moving the sentence with the broadest scope (the requirement for the PEP to include a cybersecurity plan) to the start of the paragraph. Next would be the requirement on the internal controls but reworded to narrow applicability to cases when internal controls implemented through information technology. Finally, close with the Cooperative Agreement Supplement(s). Note: Uniform Guidance §200.303 does not actually include the phrase “including technology infrastructure and security management”.
Justification: The document now applies to more than Large Facilities or FFRDCs, so it adds clarity to state the requirements in order of scope. Also, clarifying the application of 200.303 to IT implementations of internal controls.


6.3.2 Paragraph 2

Suggest changing the sentence “The three pillars of a cybersecurity program which rest on this foundation are governance; resources; and controls.”
To read “ The four pillars of a cybersecurity program which rest on this foundation are mission alignment, governance; resources; and controls.
Discussion: While the “research mission and goals of the facility” are foundational, the actual alignment of the cybersecurity program is an additional pillar because the program elements there need to evolve in concert with the other pillars.
Justification: Adding the Mission alignment pillar will be consistent with the upcoming Trusted CI Framework.


6.3.2 Paragraph 3

Suggest changing the sentence: “This framework is based on the previously mentioned three pillars of information security programs: Governance, Resources, and Controls.”
To read: “This framework is based on the previously mentioned four pillars of cybersecurity programs: Mission Alignment, Governance, Resources, and Controls.”
Discussion: Alignment with changes suggested for paragraph 2
Justification: Consistent changes


6.3.2 Paragraph 4

Suggest inserting a new page formatting command
Suggest changing the sentence: “The three pillars of a cybersecurity program rely on a project-specific inventory of “information assets” to be protected.”
To read:
“6.3.3 Mission Alignment

The other three pillars of a cybersecurity program rely on a project-specific inventory of “information assets” to be protected.”
Note: Requires changing the numbering of subsequent sections and updating page headers/footers
Discussion: Add the Mission Alignment pillar
Justification: See above

8 Paragraph 3

Suggest changing: “In addition, most cybersecurity programs identify a senior security role …:
To read: “In addition, cybersecurity programs should have an identified senior security role …”
Discussion: Having an individual responsible for the cybersecurity program is important and should not be an undue burden. The task is not necessarily full-time but the core responsibility for the program should be centralized.
Justification: Strengthen the guidance to have individual primary program responsibility

9 Paragraph 1

Suggest changing: “Center for Trustworthy Scientific Cyberinfrastructure (CTSC)”
To read: “Trusted CI”
Discussion: CTSC has changed its name to Trusted CI.
Justification: Update organization name

10 Paragraph 1

Suggest changing: “... organizations are advised to plan for …”
To read: “ … organizations should plan for …”
Suggest changing: “ …  the project is encouraged to consider …”
To read: “... the project should include in the NSF review …”
Discussion: Given that NSF oversight will require a review of the cybersecurity program, the language in this paragraph should be strengthened.
Justification: Ensure the cybersecurity program undergoes periodic evaluation and review

11 Paragraph 3

Suggest changing: “In addition to technical skills…”
To read: “While technical skills are important …”
Discussion: The sentence is easily misread due to the comma-separated list.
Justification: Better separation of “technical skills” from the other listed items


6.3.5 Paragraph 1

Suggested paragraph replacement text: “Controls are tailored to the facility’s portfolio of information assets and aligned to protect confidentiality, integrity, and availability based on the corresponding information classification for those information assets.”
Discussion: The paragraph is poorly worded or contains redundant information.
Justification: Better wording for the point being made.

13 and

Suggested change: Move the two sections under the Mission Alignment pillar and renumber the Control Set section. Make appropriate page header/footer alterations.
Discussion: The subsections now belong under Mission Alignment and should be moved entirely under that pillar.
Justification: These topics are part of the Mission Alignment pillar.

Wednesday, February 20, 2019

Announcing Trusted CI's Open Science Cybersecurity Fellows Program (Applications due Mar. 13th)

Application Deadline: Wednesday, March 13th 2019. Apply here.
Updates and materials will be posted on our website


Trusted CI serves the scientific community as the NSF Cybersecurity Center of Excellence, providing leadership in and assistance in cybersecurity in the support of research. In 2019, Trusted CI is establishing an Open Science Cybersecurity Fellows program. This program will establish and support a network of Fellows with diversity in both geography and scientific discipline. These fellows will have access to training and other resources to foster their professional development in cybersecurity. In exchange, they will champion cybersecurity for science in their scientific and geographic communities, and communicate challenges and successful practices to Trusted CI.

About the program

The vision for the Fellows program is to identify members of the scientific community, empower them with basic knowledge of cybersecurity and the understanding of Trusted CI’s services, and then have them serve as cybersecurity liaisons to their respective community. They would then assist members of the community with basic cybersecurity challenges and connect them with Trusted CI for advanced challenges. 

Trusted CI will select six fellows each year.  Fellows will receive recognition, cybersecurity professional development consisting of training and travel funding. The Fellows’ training will consist of a Virtual Institute, providing 20 hours of basic cybersecurity training over six months. The training will be delivered by Trusted CI staff and invited speakers. The Virtual Institute will be presented as a weekly series via Zoom and recorded to be publicly available for later online viewing. Travel support is budgeted (during their first year only) to cover fellows’ attendance at the NSF Cybersecurity Summit, PEARC, and one professional development opportunity agreed to with Trusted CI. The Fellows will be added to an email list to discuss any challenges they encounter that will receive prioritized attention from Trusted CI staff. Trusted CI will recognize the Fellows on its website and social media. Fellowships are funded for one year, but will be encouraged to continue to participating in TrustedCI activities the years following their fellowship year.

After the Virtual Institute, Fellows, with assistance from the Trusted CI team, will be expected to help their science community with cybersecurity and make them aware of Trusted CI for complex needs. By the end of the year, they will be expected to present or write a short white paper on the cybersecurity needs of their community and some initial steps they will take (or have taken) to address these needs. After the year of full support, Trusted CI will continue recognizing the cohort of Fellows and giving them prioritized attention. Over the years, this growing cohort of Fellows will broaden and diversify Trusted CI’s impact.

Application requirements

  • A description of their connection to the research community. Any connection to NSF projects should be clearly stated, ideally providing the NSF award number.
    A statement of interest in cybersecurity
  • Two-page biosketch
  • Optional demographic info
  • A letter from their supervisor supporting their involvement and time commitment to the program
  • A commitment to fully participate in the Fellows activities for one year (and optionally thereafter)
The selection of Fellows would be made by the Trusted CI PIs and Senior Personnel based on the following criteria:
  1. Demonstrated connection to scientific research, with preference given to those who demonstrate a connection to NSF-funded science.
  2. Articulated interest in cybersecurity.
  3. Fellows that broaden Trusted CI’s impact across all seven NSF research directorates (Trusted CI encourages applications for individuals with connections to NSF directorates other than CISE), with connections to any of the NSF 10 Big Ideas, or Fellows that increase the participation of underrepresented populations.

Who should apply?   

  • Professionals and post-docs interested in cybersecurity for science, with evidence of that in their past and current role
  • Research Computing, Data, and IT technical or policy professionals interested in applying cybersecurity innovations to scientific research
  • Domain scientists interested in data integrity aspects of scientific research
  • Scientists from all across the seven NSF research directorates interested in how data integrity fits with their scientific mission
  • Researchers in the NSF 10 Big Ideas interested in cybersecurity needs
  • Regional network security personnel working across universities and facilities in their region
  • People comfortable collaborating and communicating across multiple institutions with IT / CISO / Research Computing and Data professionals
  • Anyone in a role relevant to cybersecurity for open science

More about the Fellowship

Fellows come from a variety of career stages, they demonstrate a passion for their area, the ability to communicate ideas effectively, and a real interest in the role of cybersecurity in research. Fellows are empowered to talk about cybersecurity to a wider audience, network with others who share a passion for cybersecurity for open science, and learn key skills that benefit them and their collaborators.

If you have questions about the Fellows program, please let us know by email us at

Application Deadline: Wednesday, March 13th 2019. Apply here.

Applicants will be notified by:  Wednesday, April 10th 2019

Tuesday, February 19, 2019

Engagement Applications Due April 3

Apply for a One-on-One Engagement with Trusted CI for Late 2019. Applications due April 3, 2019.

Trusted CI is accepting applications for one-on-one engagements to be executed in July- Dec 2019.  Applications are due April 3, 2019 (Slots are limited and in demand, so this is a hard deadline!)

To learn more about the process and criteria, and to complete the application form, visit our site:

During CTSC’s first 5 years, we’ve conducted more than 24 one-on-one engagements with NSF-funded projects, Large Facilities, and major science service providers representing the full range of NSF science missions.  We support a variety of engagement types including: assistance in developing, improving, or evaluating an information security program; software assurance-focused efforts; identity management; technology or architectural evaluation; training for staff; and more.  

As the NSF Cybersecurity Center of Excellence, CTSC’s mission is to provide the NSF community a coherent understanding of cybersecurity’s role in producing trustworthy science and the information and know-how required to achieve and maintain effective cybersecurity programs.

Wednesday, February 13, 2019

Trusted CI Begins Engagement with the American Museum of Natural History

The American Museum of Natural History (AMNH) is home to more than 200 scientists conducting scientific research spanning anthropology, astrophysics, biology, geosciences, and paleontology. Through the National Science Foundation's Campus Cyberinfrastructure (CC*) program (NSF OAC-1827153), AMNH is making major upgrades to its network with a priority on scientific data flows. Improvements include high-speed "science-access" switches for research departments, a new Science DMZ complete with data transfer nodes (DTNs) implementing high-speed transfer via Globus, network performance monitoring with perfSONAR, connections with regional (NYSERNet) and national (Internet2) high-speed networks, deployment of federated login with InCommon, and education and training for scientists and the broader research and education community.

Trusted CI's engagement with AMNH will focus on the following activities.
Trusted CI will document the activities of this engagement in a final report to be made available to the public. Additionally, AMNH intends to capture implementation and "best practices" security configuration of their new Science DMZ in a "how-to" document which can be used as an exemplar by other institutions of similar size and scope wishing to deploy their own Science DMZ.

The Trusted CI-American Museum of Natural History engagement began January 2019 and is scheduled to conclude by the end of June 2019.

Tuesday, February 12, 2019

Join the growing Cybersecurity Research Transition To Practice (TTP) Community

The Cybersecurity Research TTP (Transition To Practice) program led by Trusted CI enables us to work together as a community to advance the state of cybersecurity practice by identifying  gaps in cybersecurity technology , then matchmaking researchers with practitioners to transition cybersecurity research to practice to address the gaps.

Through a series of interviews with experts, a table top discussion at the cybersecurity Summit, and reviews of Trusted CI reports and engagements, we have identified cybersecurity gaps and are finding researchers who have viable research we can explore and eventually transition to operational environments. The top cybersecurity gaps identified include increasing the use of AI/ML for Cybersecurity, IoT/CPS (Internet of Things / Cyber Physical Systems) risk management, improving global integrated Federated Identity Management (FIM), and reducing phishing attacks. Increasing cybersecurity resources and the pipeline is another key need.

Please join us in this effort. If you have Cybersecurity needs and gaps to address, please email them to If you are or know a Cybersecurity researcher, let us know how we can help you, from matchmaking to business model coaching. Join our webinars and workshops to engage researchers and perhaps provide them with data to fuel their research, such as intrusion alert data .

Our next Cybersecurity research TTP community event is the Feb 25 Trusted CI webinar when Dr. Shanchieh (Jay) Yang from RIT will present his research on “Anticipatory Cyber Defense via Predictive Analytics, Machine Learning and Simulation”.

If you would like to participate in discussions one on one with the researchers to provide valuable input to their research, let us know. We are enabling researcher with practitioner matchmaking already to provide valuable insight and partnerships and would love to have you join us.

We invite you to request an invitation for the next in person Cybersecurity research TTP and co- creation workshop on June 19th 2019 in Chicago. You can meet the researchers, join  panel discussions on Cybersecurity needs and potential research solutions, and participate in co-creation breakouts such as AI/ML, IoT/CPS or others you bring forward.

Our goal is to build a dynamic collaborative cybersecurity community of practice, with researchers and practitioners working together to identify and address cybersecurity needs now  and into the future. We welcome you to join in.

Monday, February 11, 2019

CCoE Webinar February 25th at 11am ET: Anticipatory Cyber Defense via Predictive Analytics, Machine Learning and Simulation

Shanchieh (Jay) Yang is presenting the talk "Anticipatory Cyber Defense via Predictive Analytics, Machine Learning and Simulation" on Monday February 25th at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.
Cyberattacks on enterprise networks have moved into an era where both attackers and security analysts utilize complex strategies to confuse and mislead one another. Critical attacks often take multitudes of reconnaissance, exploitations, and obfuscation techniques to achieve the goal of cyber espionage and/or sabotage. The discovery and detection of new exploits, though needing continuous efforts, is no longer sufficient. Imagine a system that automatically extracts the ways the attackers use various techniques to penetrate a network and generates empirical models that can be used for in-depth analysis or even predict next attack actions. What if we can simulate synthetic attack scenarios based on characteristics of the network and adversary behaviors? Will publicly available information on the Internet be viable to forecast cyberattacks before they take place?
This talk will discuss advances that enable anticipatory cyber defense and open research questions. Specifically, this talk will present a suite of research efforts and prototypes: ASSERT integrates Bayesian-based learning with clustering to generate and refine attack models based on observed malicious activities; CASCADES explores how attackers discover vulnerabilities of the systems in the network to simulate potential attack progressions; CAPTURE overcomes limitations of imbalanced, insignificant, and non-stationary data to forecast cyberattacks before they happen using public domain signals. These ongoing research works provide much needed anticipatory capability for proactive cyber defense.

This talk will be at a sufficiently high level to describe the needs for anticipatory cyber defense and some capabilities. The intended audience ranges from researchers, practitioners, policy makers, and students who have some high level knowledge about cybersecurity.

Speaker bio:

Dr. S. Jay Yang received his BS degree in Electronics Engineering from National Chaio-Tung University in Taiwan in 1995, and MS and Ph.D. degrees in Electrical and Computer Engineering from the University of Texas at Austin in 1998 and 2001, respectively. He is currently a Professor and the Department Head for the Department of Computer Engineering at Rochester Institute of Technology. He also serves as the Director of Global Outreach in the Center of Cybersecurity at RIT, and a Co-Director of the Networking and Information Processing (NetIP) Laboratory. His research group has developed several pioneering machine learning, attack modeling, and simulation systems to provide predictive analysis of cyberattacks, enabling anticipatory or proactive cyber defense. His earlier works included FuSIA, VTAC, ViSAw, F-VLMM, and attack obfuscation modeling. More recently, his team is developing a holistic body of work that encompasses ASSERT to provide timely separation and prediction of critical attack behaviors, CASCASE to simulate synthetic cyberattack scenarios that integrates data-driven and theoretically grounded understanding of adversary behaviors, and CAPTURE to forecast cyberattacks before they happen using unconventional signals in the public domain. Dr. Yang has published more than sixty papers and worked on eighteen sponsored research projects. He has served on organizing committees for several conferences and as a guest editor and a reviewer for a number of journals and textbooks. He was invited as a keynote or panel speaker for several venues. He was a recipient of Norman A. Miles Outstanding Teaching Awards, and a key contributor to the development of two Ph.D. programs at RIT and several global partnership programs.

More information about Jay can be found at:

Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Thursday, January 31, 2019

Congratulations to Dana and Internet2

Congratulations to Dana Brunson, who recently joined the Trusted CI team, on her new role as Executive Director for Research Engagement at Internet2!

We’re happy that Dana intends to stay part of the Trusted CI team and continue to lead our soon-to-be announced Trusted CI Open Science Cybersecurity Fellows Program. We thank Internet2 for giving her the flexibility to continue working on this as we work with NSF to formally approve this.

Please continue to watch the Trusted CI blog and the Trusted CI announce email list for news of the Fellows Program.