Friday, February 21, 2020

Mingling at the Dance (2020 Update): Cybersecurity and Science Cultures

The following is a blog from Von Welch, the full post can be read at EDUCAUSE Security Matters

The National Science Foundation's Cybersecurity Center of Excellence, led by Indiana University, continues to offer educational workshops and provide actionable guidance to help information security professionals have productive discussions about risk and data protection and successfully partner with scientists and researchers.

What has changed in the higher education cybersecurity landscape since my 2016 EDUCAUSE Review Security Matters blog post, and what has stayed largely the same?

Read Von’s EDUCAUSE Security Matters blog post >>

Trusted CI Begins Engagement with UC Berkeley

The Secure Research Data and Compute (SRDC) Platform at UC Berkeley is
funded by executive leadership as a condo-style research computing service. This
institutionally supported foundation for restricted data research will be professionally
managed and supported by Research IT staff from UC Berkeley and Lawrence
Berkeley National Lab, and researchers will contribute computation and storage
hardware to the platform using their research funds.

The SRDC Platform will bring together HPC nodes, virtual machines, and big
data storage for researchers working with highly sensitive data (e.g., PHI and PII)
across a range of domains, many of which are NSF-funded, including biology,
engineering, computer science, and a broad spectrum of social sciences and
professional schools such as business, public health, and law.

Trusted CI will engage with UC Berkeley to guide the design and implementation
of the SRDC Platform and a procedural framework that maintains a healthy balance
between usability and security.  To achieve this, Trusted CI and UC Berkeley will
first inventory the proposed architecture, workflows, and current policies and
procedures. Trusted CI will then analyze them, assess them against other
implementations, and provide recommendations.

The engagement began January 2020 and is scheduled to run to the end of June 2020.

Thursday, February 20, 2020

Trusted CI delivers final engagement report to US Academic Research Fleet

ARF comprises 18 vessels and the supporting infrastructure equipped to serve the needs of the oceanographic research community.  In the second half of 2019, Trusted CI and the US Academic Research Fleet (ARF) collaborated in an engagement to address the cybersecurity needs of ARF’s research vessels.

The engagement began by determining how the engagement should be scoped. ARF identified the most crucial security related issues they would like to address, including establishing  a unified cyberinfrastructure security plan that will both serve the evolving security needs of its community and prepare the ARF for operational cybersecurity requirements due to be enforced by the  International Maritime Organization 2021 cybersecurity regulations.

The first month was spent gathering information from ARF and policies and information from all ships in the fleet.  The Trusted CI engagement team visited four research vessels after the initial data gathering and presented an introduction to cybersecurity to the ARF personnel at the RVTEC meeting.
Trusted CI and ARF on the R/V Robert Gordon Sproul
The engagement culminated with Trusted CI delivering a 40-page final report to the ARF containing collected observations, a set of recommendations ordered by impact, and additional materials that could be used to enhance the budding cybersecurity efforts of the fleet. ARF plans to share this report with stakeholders within their community in order to help improve cybersecurity controls and practices.

During this engagement, Trusted CI staff worked with ARF to review policies and procedures, toured 4 different classes of research vessels, interviewed crew members of ships, and met with research vessel technology specialists at the research vessel technology (RVTEC) meeting in Alaska.

The Academic Research Fleet is funded by multiple NSF grants managed by the division of Ocean Sciences (Award # 1823600, 1824571, 1827383, 1827415, 1827444, 1822574, 1822670, 1824508, 1829214, 1830845, 1823566, 1822532, 1823567, 1823042, 1822954, 1827437, 1822905, 1827654, 1834650) and is a collaboration of multiple institutions.  Trusted CI would like to thank the following institutions and organizations for their collaboration in the engagement: Academic Research Fleet, Columbia University, Louisiana Universities Marine Consortium, Oregon State University, Scripps Institution of Oceanography, Skidaway Institute of Oceanography, University of Alaska Fairbanks, University of HawaiĘ»i, University of Miami, University of Minnesota, University of Rhode Island, University of Washington, University-National Oceanographic Laboratory System, and Woods Hole Oceanographic Institution.

Friday, February 14, 2020

Report on the 2019 NSF Cybersecurity Summit is now available

The Report of the 2019 NSF Cybersecurity Summit for Cyberinfrastructure and Large Facilities, is now available at http://hdl.handle.net/2142/105533. The report summarizes the annual Summit that was held October 15-17, 2019, in San Diego, CA. The Summit provides a valuable opportunity for cybersecurity training and information exchange among members of the cybersecurity, cyberinfrastructure, and research communities who support NSF science projects. This sharing of challenges and experiences raises the level of cybersecurity awareness and gives Trusted CI important insights into current and evolving issues within the constituent communities.

This year’s Summit workshops, plenary sessions, and table talks reiterated some observations from previous years such as:
  • The high value of community member interaction and knowledge share
  • The threat of social engineering to cybersecurity
Emerging areas of importance to the community were also highlighted. These included
  • Inherent vulnerabilities in AI/ML
  • Maintaining data integrity

Day 1 of the Summit was dedicated to half-day and full-day training workshops. Days 2 and 3 comprised plenary presentations, panels, and keynotes that focused on the security of cyberinfrastructure projects and NSF Large Facilities. This year’s attendance totaled 143 (up from 117 in 2018), representing 84 NSF projects, including 12 of the 20 NSF Large Facilities. Almost half (46%) of the attendees actively participated in the Summit through planning, presenting, responding to the CFP, leading a workshop, and/or leading a lunch table talk. Evaluation and feedback of the 2019 Summit was very positive and constructive. We look forward to the upcoming 2020 NSF Summit that will be held September 22-24, 2020, at the Monroe Convention Center in Bloomington, Indiana.

Tuesday, February 11, 2020

Trusted CI Webinar Feb 24th at 11am ET: FABRIC with Anita Nikolich


Illinois Tech's Anita Nikolich is presenting a talk on FABRIC, the Adaptive programmaBle networked Research Infrastructure for Computer science, on February 24
th at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.
Testbeds can be great for trying out new ideas and not taking down a production network, or they can be useless and impossible to figure out. FABRIC took the best of past testbeds and is creating a new, useful national research infrastructure to enable cutting-edge, exploratory research at-scale in computer networking, security, machine learning, distributed computing and applications.

It will be a nation-wide high-speed (100-1000 Gbps) network interconnecting major research centers and computing facilities that will allow researchers, operators and engineers to develop and experiment with new distributed application, compute and network architectures not possible today. FABRIC nodes can store and process information "in the network" in ways not possible in the current Internet, which will lead to completely new networking protocols, architectures and applications that address pressing problems with performance, security and adaptability in the Internet. Reaching deep into university campuses, FABRIC will connect university researchers and their local compute clusters and scientific instruments to the larger FABRIC infrastructure. The infrastructure will also provide access to public clouds, such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure. This experimental facility will allow multiple experiments to be conducted simultaneously, and is capable of incorporating real traffic and real users into experiments. For more information about FABRIC visit https://www.fabric-testbed.net.
Anita Nikolich is a Research Professor in Computer Science at Illinois Tech, Fellow at the Cyber Policy Initiative at the Harris School of Public Policy at The University of Chicago, co-organizer of the DEFCON AI Village, and ARIN Advisory Council member. She is Co-Director of FABRIC.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."