2019 NSF Cybersecurity Summit Call For Participation - NOW OPEN - Deadline is Monday, August 12th

It is our pleasure to announce and invite you to the 2019 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure.  The event will take place Tuesday, October 15th through Thursday, October 17th, at the Catamaran Hotel in San Diego, CA. Attendees will include cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI community, as well as key stakeholders and thought leaders from the broader scientific and cybersecurity communities. Registration and hotel reservations details will be announced in the coming weeks. We are happy to announce the call for participation, community leadership recognition program, and student program are now open and we welcome your proposals.

Call for Participation (CFP)

Program content for the summit is driven by our community. We invite proposals for presentations, breakout and training sessions, as well as nominations for student scholarships. The deadline for CFP submissions is August 12th, 2019. To learn more about the CFP, please visit: https://trustedci.org/cfp2019

Nominations for the Community Leadership Recognition Program

The Summit seeks to recognize outstanding leadership in the cyberinfrastructure and cybersecurity field. These leaders have developed and established the processes and practices for building a trusting, collaborative community, and seriously addressing that community's core cybersecurity challenges in ways that remain relevant as research technologies and infrastructure evolve and change. The deadline for CFP submissions is August 12th, 2019. More information on the program and how to submit a nomination can be found here: http://trustedci.org/leadership2019

Student Program - Accepting Applications

Each year, the summit organizers invite several students to attend the summit. Students who are interested in cybersecurity and new, efficient, effective ways to protect information assets while supporting science will benefit from attending. Undergraduate and Graduate students may self-nominate or be nominated by a teacher or mentor. The deadline for applications is August 12th, 2019.. To learn more about the Student Program, please visit: https://trustedci.org/summit2019/students

On behalf of the 2019 NSF Cybersecurity Summit organizers and program committee, we welcome your participation and hope to see you in October.

More information can be found at https://trustedci.org/2019-nsf-cybersecurity-summit

Welcoming Michael Zentner to Advisory Committee and thank you to Nancy Wilkins-Diehr

With the retirement of Nancy Wilkins-Diehr, we thank her for her years of service on the Trusted CI Advisory Committee. Her guidance and the collaboration with the Science Gateways Community Institute (SGCI) she led have been instrumental to Trusted CI’s success.
Michael Zentner is succeeding Nancy as PI of SGCI, and we’re happy to announce that the collaboration between Trusted CI and SGCI will continue. Michael will be replacing Nancy on Trusted CI’s Advisory Committee and we extend a warm welcome to him. 

About Michael: Michael Zentner is the Director for Sustainable Scientific Software at the San Diego Supercomputer Center (SDSC), the Director of the HUBzero® project, , co-PI on the nanoHUB.org project (a science gateway serving over 1.4 million visitors annually), and is transitioning into the Director role of the SGCI.  In this combined role, Michael focuses on new innovations in cyberinfrastructure and science gateways, as well as sustainability models for such gateways and other scientific software.  Michael’s background consists of 9 years in academic settings advancing data analytics and cyberinfrastructure software, as well as 18 years of entrepreneurial experience in creating sustainable business models for software and applying technology based software solutions in Fortune 500 companies tor supply chain optimization, data analytics, and collaboration.  Michael holds a Ph.D. in Chemical Engineering from Purdue University and dual MBAs in International Business from Purdue University’s Krannert School of Management and the TIAS School for Business and Society in Tilburg, Netherlands.

Trusted CI at the 2019 annual Great Plains Networks All-Hands Meeting May 21-23

Ishan Abhinit conducting log analysis exercise at GPN AHM 2019

Following on the successful workshops Trusted CI staff provided at the 2017 Great Plains Network All-Hands Meeting, The Trusted CI staff was invited back to the event in 2019 by GPN staff. Five members of the Trusted CI staff presented a series of three workshops from May 21st - 23rd at the 2019 Great Plains Networks All-Hands Meeting. The workshops covered log analysis, risk management for regulated data, and developing information security programs for research projects and facilities.

Building a NIST Risk Management Framework for HIPAA and FISMA Compliance - Wednesday, May 22 (Anurag Shankar & Ryan Kiser)
Anurag Shankar and Ryan Kiser led a workshop to prepare attendees to effectively leverage NIST’s risk management guidelines as a tool to address the increasingly heavy demands of regulated data on research workflows. They provided an overview of the requirements for handling different types of regulated data such as PHI and CUI as well as a unified risk-based methodology for adhering to these requirements.

Security Log Analysis - Wednesday, May 22 (Mark Krenz & Ishan Abhinit)
Mark Krenz and Ishan Abhinit presented a half day workshop on Security Log Analysis including a 45 minute exercise developed by fellow Trusted CI colleague Kay Avila. The hands on exercise involved performing analysis on an Apache web server log file to find attacks at 6 levels of difficulty. The workshop also covered important aspects of collecting, organizing and analyzing log files as well as provided specific techniques for finding different types of attacks. Real time polling was utilized as a method of helping enguage with attendees as well as gaining insight into community practices.


A Practical Cybersecurity Framework for Open Science Projects and Facilities- Thursday, May 23 (Bob Cowles)
Bob conducted a workshop to give attendees a foundation in what it means to have a basic, competent cybersecurity program for open science projects. In addition to lively discussion from the participants, the four pillars of the Trusted CI Framework were presented along with the sixteen “musts” that compose the core framework requirements. Participants were provided with the tools for building a cybersecurity program and encouraged to use a set of rational, evidence-based controls as a component of their program.

Left to right: Bob, Anurag, Ishan, Michael, Mark, Ryan

Attending the conference also allowed Trusted CI staff to meeting and provide less formalized cybersecurity discussion and consultation during social events at the conference. While visiting Kansas City, the Trusted CI team also had the opportunity to meet with Michael Grobe, who is a member of the distributed computing community and co-developer of Lynx, one of the first popular web browsers.

The materials presented by Trusted CI at the conference as well as others can be found on the Trusted CI website.

Many opportunities to meet with Trusted CI at PEARC19

There are numerous opportunities to interact with members of Trusted CI at PEARC19, July 28th - August 1st, in Chicago. PEARC19, "will explore the current practice and experience in advanced research computing including modeling, simulation, and data-intensive computing."

We will update our PEARC19 page as more scheduling info involving Trusted CI becomes available. The full schedule has been posted on PEARC's site.

7/08 Note: Room assignments have been updated.

Trusted CI Workshop on Trustworthy Scientific Cyberinfrastructure

Tuesday July 30th at 11am - 5pm in the Water Tower room

Our workshop provides an opportunity for sharing experiences, recommendations, and available resources for addressing cybersecurity challenges in research computing. Presentations by Trusted CI staff and community members will cover a broad range of cybersecurity topics, including science gateways, transition to practice, cybersecurity program development, workforce development, and community engagement (e.g., via the Trusted CI Fellows program). Space is still available for lightning talks. Please contact jbasney@illinois.edu if you are interested in presenting at the workshop.

Panel: Community Engagement at Scale: NSF Centers of Expertise panel

Tuesday July 30th at 1:30pm - 3pm in the Atlanta room

This panel brings together the leaders of centers of expertise serving the CI and NSF communities to present what they wish everyone knew about their respective area and to explore the challenges and lessons learned with the cross-cutting topic of community engagement at scale. Panelists include:

• Ruth Marinshaw — Moderator (Stanford University)
• Daniel Crawford (MoISSI)
• Ewa Deelman (CI CoE Pilot)
• Jennifer Schopf (EPOC)
• Von Welch (ResearchSOC, Trusted CI)
• Nancy Wilkins-Diehr (SGCI)
• Frank Wuerthwein (OSG)

Technical Papers

Our technical paper, “Trusted CI Experiences in Cybersecurity and Service to Open Science,” will be published in the proceedings. To read the pre-print copy, click here.

Trusted CI's paper will be presented on Wednesday July 31st at 11am - 12:30pm in the Wrigley room.

Another paper presentation that may be of interest is “Integrity Protection for Scientific Workflow Data: Motivation and Initial Experiences.” This paper describes the experiences of the Scientific Workflow Integrity Project in protecting data integrity.

SWIP's paper will be presented on Tuesday July 30th at 3:30 - 5pm in the Crystal C room.

AI4GOOD Workshop

Monday July 29th at 8:30am - 5pm in the Horner room

Trusted CI's Florence Hudson will be presenting in the AI4GOOD workshop on a panel about privacy, policies, security, and ethics regarding Artificial Intelligence. This workshop will provide a full-day of awareness, advocacy and hands-on training in basic skills needed by those who wish to employ or support artificial intelligence (AI) for accelerated research outcomes in a variety of domains. Biomedical advances, economic empowerment strategies, agricultural innovation and quality of life improvements for citizens in underserved regions will be emphasized.

Poster Reception

Tuesday July 30th at 6:30pm - 8:30pm in the Crystal Foyer and Crystal B rooms

Trusted CI is presenting a poster on our mission, how it can help your project, and the advances it is making in cybersecurity and resources for cybersecurity professionals.

The Exhibitors Hall

Trusted CI is a sponsor of PEARC19, and will have a table at the PEARC19 Exhibitors Hall. Meet members of our team and find out how we can provide cybersecurity support to your NSF project.

SIGHPC Systems Professionals Symposium19 [Added July 6th]

Von Welch will be speaking as part of the panel on HPC Cybersecurity from 10:30-11:30am on Monday at the SIGHPC Systems Professionals Symposium19.

CCoE Webinar June 24th at 11am ET: The Trusted CI Framework: Toward Practical, Comprehensive Cybersecurity Programs

Trusted CI's Craig Jackson and Bob Cowles are presenting the talk "The Trusted CI Framework: Toward Practical, Comprehensive Cybersecurity Programs" on Monday June 24th at 11am (Eastern).

Please register here. Check spam/junk folder for registration confirmation email.

In this presentation, we will present the motivations behind and structure for the Trusted CI Framework and related implementation guidance for research. We’ll field questions, as well as discuss opportunities for the community to get be involved.

The Framework team members are Craig Jackson, Bob Cowles, Kay Avila, Scott Russell, Von Welch, and Jim Basney.

Speaker bios:

Craig Jackson is Program Director at the Indiana University Center for Applied Cybersecurity Research (CACR), where his research interests include information security program development and governance, cybersecurity assessments, legal and regulatory regimes' impact on information security and cyber resilience, evidence-based security, and innovative defenses. He leads CACR's collaborative work with the defense community and an interdisciplinary assessment and guidance tem for the NSF Cybersecurity Center of Excellence. He is a co-author of Security from First Principles: A Practical Guide to the Information Security Practice Principles. Craig is a graduate of the IU Maurer School of Law, IU School of Education, and Washington University in St. Louis. In addition to his litigation experience, Craig's research, design, project management, and psychology background includes work at the IU Center for Research on Learning and Technology and the Washington University in St. Louis School of Medicine.

Robert (Bob) Cowles is principal in BrightLite Information Security performing cybersecurity assessments and consulting in research and education about information security and identity management. He served as CISO at SLAC National Accelerator Laboratory (1997-2012); participated in security policy development for LHC Computing Grid (2001-2008); and was an instructor at University of Hong Kong in information security (2000-2003). His CACR contributions include research for the XSIM project and the NSF Cybersecurity Center of Excellence.

Presentations are recorded and include time for questions with the audience.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Von Welch & Susan Sons to present at ESnet's CI Brownbag talk on Friday June 14 @2pm ET

Von Welch and Susan Sons will be presenting, "NSF Resources for Research Cybersecurity: Trusted CI and ResearchSOC," on Friday June 14th at 2pm ET. This presentation is part of ESnet's series of CI Brownbag talks.

Cybersecurity for research has a number of particular challenges including unusual instruments, high-performance infrastructure, and global collaboratioins. This talk will cover two NSF-funded community resources for cybersecurity for research: Trusted CI, the NSF Cybersecurity Center of Excellence, and ResearchSOC, a security operations center designed for research infrastructure. The presenters, Von Welch, Director of Trusted CI, and Susan Sons, Deputy Director of the ResearchSOC, will give an overview of cybersecurity challenges for research and then cover the offerings of Trusted CI and the ResearchSOC.

The meeting will be held in Zoom:
https://ESnet.zoom.us/j/804696793

One tap mobile
+16699006833,,804696793# US (San Jose)
+16465588656,,804696793# US (New York)

Dial by your location
        +1 669 900 6833 US (San Jose)
        +1 646 558 8656 US (New York)
Meeting ID: 804 696 793
Find your local number: https://zoom.us/u/aboUJCvWEZ

Join by SIP
804696793@zoomcrc.com

Join by H.323
162.255.37.11 (US West)
162.255.36.11 (US East)
221.122.88.195 (China)
115.114.131.7 (India)
213.19.144.110 (EMEA)
202.177.207.158 (Australia)
209.9.211.110 (Hong Kong)
64.211.144.160 (Brazil)
69.174.57.160 (Canada)
Meeting ID: 804 696 793

The talk will be recorded and posted to ESnet's GDrive archive when it is available.

Trusted CI Participates in ResearchSOC’s EDUCAUSE SPC Workshop

This blog post is cross-posted from the ResearchSOC blog. The ResearchSOC is a peer project of Trusted CI’s focused on providing operational cybersecurity services to the NSF community. It recently hosted a workshop at the 2019 EDUCAUSE Security Professionals Conference to which Trusted CI contributed.

--

“Securing and Supporting Research Projects: Facilitation Design Patterns” workshop

Posted on May 24, 2019 by toddston

In case you missed the above workshop at EDUCAUSE SPC (and you may well have missed it—the workshop filled up early, had a long wait list, and was almost standing room only), the slides from “Securing and Supporting Research Projects: Facilitation Design Patterns” are now available.

Presented by Michael Corn (CISO, UCSD) and Cyd Burrows-Schilling (Research Facilitator, UCSD), the workshop helped prepare security professionals to support sponsored research projects. It provided an overview of how research operates within Universities; taught facilitation skills for working with faculty; and provided guidance on how to develop a project specific security plan that meets the requirements of NSD, DoD, and other sponsoring organizations.

We were honored to have Professor Tanya Berger-Wolf from the University of Illinois at Chicago join us in person. The session with Professor Berger-Wolf was a highlight of the workshop, and helped attendees understand how cybersecurity professionals can work with researchers and learn to navigate the gap between the traditional top-down approach to security and the practicalities of everyday research lab infrastructures.

And she is doing some really cool research.

Claire Mizumoto, Director of Research IT Services at UCSD joined us remotely and gave a thought-provoking presentation on the hurdles researchers face in obtaining funding, preparing grants, and meeting the aggressive time demands of obtaining tenure.

Florence D. Hudson, who is Founder and CEO at FDHint, LLC and Special Adviser to our friends at Trusted CI, the NSF Cybersecurity Center of Excellence, gave an overview of three extremely useful tools: the NSF Cybersecurity Planning Guide, the Software Engineering Guide, and the Information Security Practice Principles. If you’re charged with providing cybersecurity for research projects of any size, these are pretty much required reading.

Vlad Grigorescu, Security Engineer at ESnet, led a deep dive into ScienceDMZ, which is an excellent network design pattern for data-intensive research projects.
We’re grateful to all our guests for their participation and incredibly useful information. If you need more information on any of the topics presented, contact us at rsoc@iu.edu.

The workshop was organized by the ResearchSOC project (researchsoc.iu.edu – NSF award 1840034).

• Slide deck available here
• Cyber Ambassadors case scripts available here
• Intake Interview preparation example available here

Couldn’t make the workshop or hungry for more? No problem. Mark your calendar now for December 4-6, when we’ll present a full three-day workshop on the above topic. This hands-on workshop will be held on the University of California, San Diego campus. Details to follow.

The Research Security Operations Center (ResearchSOC) is a collaborative security response center that addresses the unique cybersecurity concerns of the research community. ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. For more information on the ResearchSOC, visit our website or email rsoc@iu.edu.