Tuesday, March 19, 2019

Including Trusted CI in your NSF CSSI Proposal

Cybersecurity is an important element in every cyberinfrastructure project plan. For example, NSF's current Cyberinfrastructure for Sustained Scientific Innovation (CSSI) solicitation (Due Monday, April 8th) includes the following guidance:
The description of the CI architecture and processes should explain how security, trustworthiness, provenance, reproducibility, and usability will be addressed by the project and integrated into the proposed system and the engineering process, and how adaptability to new technologies and changing requirements will be addressed by the project and built into the proposed system, as appropriate.
It's often the case that while writing a proposal you will identify a cybersecurity challenge suited to a collaboration with Trusted CI. We offer the following suggestions to indicate your intent to engage with Trusted CI to solve the challenge, hence indicating in your proposal that you both recognize the challenge and take it seriously.

Identify and utilize Trusted CI resources. Our cybersecurity program guide provides recommendations and templates for establishing and maintaining cybersecurity programs. Our online training materials and webinars cover many cybersecurity topics tailored to the NSF CI community. Our annual cybersecurity summit provides a venue for training sessions for cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI community.

Indicate Your Intent to Approach the CCoE. We invite proposing NSF CI projects to indicate their intention to approach Trusted CI once they are funded. Trusted CI resources and staff are available to assist NSF projects with cybersecurity plans and training, via one-on-one engagements, and other Trusted CI activities. For example, Trusted CI recently engaged with the Environmental Data Initiative (EDI). Proposers are free to include language showing an awareness of cybersecurity of a specific issue and showing you are aware of Trusted CI, how we can help, and that you plan to approach us if funded to collaborate on addressing the issue. You can do this unilaterally without any commitment from Trusted CI (and please be aware it does not commit Trusted CI, we do our best to help all NSF projects, but are subject to our own resource availability). We ask that you let us know if you reference Trusted CI, this way to help us plan ahead.

Possible language to include in a proposal:
Our proposal team recognizes [that cybersecurity is important for the effort we are undertaking | we have a cybersecurity challenge with regards to XXX]. To address this issue we plan to approach the NSF-funded Cybersecurity Center of Excellence (trustedci.org). The Cybersecurity Center of Excellence (CCoE) engages projects such as the one we propose to help them address cybersecurity challenges and maintain the trustworthy nature of the computational science we support. We understand that engagements with CCoE are collaborative, and have budgeted resources in our project to work with CCoE on our challenge.
Trusted CI can also provide a letter of collaboration for your proposal using this template.

Include the CCoE in your Proposal. You can include one or more of the CCoE Partners (IU, Internet2, LBNL, NCSA, PSC, U. Wisconsin) via a subcontract on your proposal, a process that provides a firm commitment of our participation. Please contact us to discuss which partner would be most appropriate, whether the commitment would be exclusive for a given solicitation, and the level of effort that would be involved. In this case, we would provide a custom letter of collaboration indicating our agreement to the terms of the subcontract.

If you are preparing a CSSI proposal and would like additional assistance from Trusted CI, don't hesitate to contact us to discuss how Trusted CI can help.