Monday, April 12, 2021

Trusted CI webinar: Arizona State's Science DMZ, Mon April 26th @11am Eastern

Members of Arizona State University are presenting on their Science DMZ on Monday April 26th at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.

Drawing upon its mission to enable access to discovery and scholarship, Arizona State University is deploying an advanced research network employing the Science DMZ architecture. While advancing knowledge of managing 21st-century cyberinfrastructure in a large public research university, this project also advances how network cyberinfrastructure supports research and education in science, engineering, and health.

Replacing existing edge network equipment and installing an optimized, tuned Data Transfer Node provides a friction-free wide area network path and streamlined research data movement. A strict router access control list and intrusion detection system provide security within the Science DMZ, and end-to-end network performance measurement via perfSONAR guards against issues such as packet loss.

Recognizing that the operation of the Science DMZ must not compromise the university’s network security profile, while at the same time avoiding the performance penalty associated with perimeter firewall devices, data access and transfer services will be protected by access control lists on the Science DMZ border router as well as host-level security measures. Additionally, the system architecture employs the anti-IP spoofing tool Spoofer, the Intrusion Detection System (IDS) Zeek, data-sharing honeypot tool STINGAR, traditional honeypot/darknet/tarpit tools, as well as other open-source software.

Finally, Science data flows are supported by a process incorporating user engagement, iterative technical improvements, training, documentation, and follow-up.

Speaker Bios:

Douglas Jennewein is Senior Director for Research Computing in the Research Technology Office at Arizona State University. He has supported computational and data-enabled science since 2003 when he built his first supercomputer from a collection of surplus-bound PCs. He currently architects, funds, and deploys research cyberinfrastructure including advanced networks, supercomputers, and big data archives. He has also served on the NSF XSEDE Campus Champions Leadership Team since 2016 and has chaired that group since 2020. Jennewein is a certified Software Carpentry instructor and has successfully directed cyberinfrastructure projects funded by the National Science Foundation, the National Institutes of Health, and the US Department of Agriculture totaling over $4M.

Chris Kurtz is the Senior Systems Architect for the Research Technology Office in the Office of Knowledge Enterprise at Arizona State University. Previously Chris was the Director of Public Cloud Engineering as well as the Splunk System Architect (and Evangelist) at ASU. He has been appointed as Splunk Trust Community MVP since its inception. Chris is a regular speaker on Splunk and Higher Education, including multiple presentations at Educause, Educause Security Professionals,  and Splunk’s yearly “.conf" Conference. Prior to architecting Splunk, he was the Systems Manager of the Mars Space Flight Facility at ASU, a NASA/JPL funded research group, where he supported numerous Mars Missions including TES, THEMIS, and the Spirit and Opportunity Rovers. Chris lives in Mesa, Arizona along with his wife, rescue dogs, and cat.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

 

Wednesday, April 7, 2021

Michigan State University Engages with Trusted CI to Raise Awareness of Cybersecurity Threats in the Research Community

Cybersecurity exploits are on the rise across university communities, costing valuable resources, and loss of productivity, research data, and personally identifiable information. In a DXC report, it was estimated that an average ransomware attack can take critical systems down for 16 days, and the overall worldwide cost of ransomware in 2020 was predicted to cost $170 billion.   Additional reputational impacts of cybersecurity attacks, although hard to measure, regularly weigh in the minds of scientists and researchers.

An event of this nature occurred at Michigan State University (MSU), which experienced a ransomware attack in May 2020. While many organizations attempt to keep the public from finding out about cyberattacks for fear of loss of reputation or follow-up attacks, MSU has decided to make elements of its attack public in the interests of transparency, to encourage disclosure of similar types of attacks, and perhaps more importantly, to educate the open-science community about the threat of ransomware and other destructive types of cyberattacks. The overarching goal is to raise awareness about rising cybersecurity threats to higher education in hopes of driving safe cyberinfrastructure practices across university communities. 

To achieve this, the CIO’s office at MSU has engaged with Trusted CI, the NSF Cybersecurity Center of Excellence, in a collaborative review and analysis of the ransomware attack suffered by MSU last year.  The culmination of the engagement will be a report focusing on lessons learned during the analysis; these ‘Lessons Learned’ would then be disseminated to the research community.  We expect the published report to be a clear guide for researchers and their colleagues who are security professionals to help identify, manage, and mitigate the risk of ransomware and other types of attacks.

Thursday, April 1, 2021

Trusted CI Engagement Application Deadline Extended

 

Trusted CI Engagement Application Deadline

 Extended till April 9, 2021

 

Apply for a one-in-one engagement with Trusted CI for early 2021

  

Trusted CI is accepting applications for one-on-one engagements to be executed in July-Dec 2021. Applications are due April 9, 2021

To learn more about the process and criteria, and to complete the application form, visit our site: 

http://trustedci.org/application


During Trusted CI’s first 5 years, we’ve conducted
 more than 24 one-on-one engagements with NSF-funded projects, Large Facilities, and major science service providers representing the full range of NSF science missions.  We support a variety of engagement types including: assistance in developing, improving, or evaluating an information security program; software assurance-focused efforts; identity management; technology or architectural evaluation; training for staff; and more.   

As the NSF Cybersecurity Center of Excellence, Trusted CI’s mission is to provide the NSF community a coherent understanding of cybersecurity’s role in producing trustworthy science and the information and know-how required to achieve and maintain effective cybersecurity programs.

Tuesday, March 30, 2021

Announcing the 2021 Trusted CI Annual Challenge on Software Assurance


The Trusted CI “Annual Challenge” is a year-long project focusing on a particular topic of importance to cybersecurity in scientific computing environments.  In its first year, the Trusted CI Annual Challenge focused on issues in trustworthy data.  Now, in its second year, the Annual Challenge is focusing on software assurance in scientific computing.

The scientific computing community develops large amounts of software.  At the largest scale, projects can have millions of lines of code.  And indeed, the software used in scientific computing and the vulnerabilities present in scientific computing can be similar to that used in other domains.  At the same time, the software developers have usually come from traditional scientific focused domains rather than traditional software engineering backgrounds.  And, in comparison to other domains, there's often less emphasis on software assurance.

Trusted CI has a long history in addressing the software assurance of scientific software, both through engagements with individual scientific software teams, as well as through courses and tutorials frequently taught at conferences and workshops by Elisa Heyman and Barton Miller, from University of Wisconsin-Madison.  This year’s Annual Challenge seeks to complement those existing efforts in a focused way, and leveraging a larger team.  Specifically, this year’s Annual Challenge seeks to broadly improve the robustness of software used in scientific computing with respect to security.  It will do this by spending the March–June  2021 timeframe engaging with developers of scientific software to understand the range of software development practices being used and identifying opportunities to improve practices and code implementation to minimize the risk of vulnerabilities.  In the second half of 2021, we will leverage our insights to develop a guide specifically aimed at the scientific software community that covers software assurance in a way most appropriate to that community,.  

We seek to optimize the impact of our efforts in 2021 by focusing our effort on software that is widely used, is situated in vulnerable locations, and is developed mostly by individuals who do not have traditional software engineering backgrounds and training.

This year’s Annual Challenge is supported by a stellar team of Trusted CI staff, including Andrew Adams (Pittsburgh Supercomputing Center), Kay Avila (National Center for Supercomputing Applications), Ritvik Bhawnani (University of Wisconsin-Madison), Elisa Heyman (University of Wisconsin-Madison), Mark Krenz (Indiana University), Jason Lee (Berkeley Lab/ NERSC), Barton Miller (University of Wisconsin-Madison), and Sean Peisert (Berkeley Lab; 2021 Annual Challenge Project Lead).

Monday, March 29, 2021

Trusted CI and the CI CoE Pilot Complete Identity Management Engagement with GAGE

 

The Geodetic Facility for the Advancement of Geoscience (GAGE), is operated by UNAVCO and funded by the NSF and NASA. The GAGE project’s mission is to provide support to the larger NSF investigator community for geodesy, earth sciences research, education, and workforce development. During the second half of 2020, GAGE and the Trusted CI/CI CoE Identity Management working group collaborated on an engagement to design a working proof of concept for integrating federated identity into GAGE’s researcher data portal.

The Cyberinfrastructure Center of Excellence Pilot (CI CoE) is a Trusted CI partner, specializing in providing expertise and active support to CI practitioners at the NSF major facilities in order to accelerate the data lifecycle and ensure the integrity and effectiveness of the CI upon which research and discovery depends. The Identity Management working group is a joint effort between the CI CoE and Trusted CI to provide subject matter expertise and advice to major facilities on trust and identity issues, best practices and implementation. The working group's target audience is NSF funded major facilities, but participation in the working group is open to anyone in higher education and IAM.

The engagement began in July 2020 with a month long series of interviews between working group members and GAGE department leadership. GAGE came into the engagement with a series of needs that had arisen from practice and with a request from NSF to collect information on how their research data was being used. The working group used the interviews to identify key systems and areas of impact in order to present GAGE with a design for integrating federated identity into their data portal using elements of InCommon’s Trusted Access Platform.

Over the next three months, the engagement team met with members of GAGE’s software development team, CILogon, and COmanage to finalize and implement the proof of concept design. This design used CILogon to consume federated identities from other InCommon member institutions and then used COmanage registry to store GAGE specific attributes for those identities to grant permission for accessing various data groups, membership in research projects, and home institutions. Identities and attributes stored in COmanage could then be passed to the GAGE data portal using OIDC claim tokens; granting permissions appropriately at the time of access and allowing GAGE to track which identities were requesting what permissions for their data.

The engagement culminated with a 15-page report delivered to GAGE in February 2021 containing detailed observations from interviews, alternate design configurations and tools for the proof of concept, lessons learned through the implementation process, and identification of future opportunities for investment and collaboration in IAM. Additionally, findings from this engagement will be included in an IAM cookbook that the working group plans to release in 2022. The Identity Management working group meets monthly on the second Monday at 2pm Eastern time. For more information about the Identity Management working group, please see the Trusted CI IAM page, the CI CoE working group directory, or join our mailing list to receive updates on working group meetings and products.

GAGE is funded by an NSF award managed by the Division of Earth Sciences (Award #1724794) and is operated by UNAVCO. The CI CoE Pilot is supported by a grant managed by the NSF Office of Advanced Cyberinfrastructure (Award #1842042) and is a collaboration between the University of Southern California, University of North Carolina at Chapel Hill, University of Notre Dame, University of Utah, and Indiana University. The working group would like to thank the following institutions and organizations for the collaboration and contributions to the engagement: Internet2 and InCommon, the CILogon team, the COmanage team, and the Globus team.




Announcing the 2021 NSF Community Cybersecurity Benchmarking Survey

It's time again for the NSF Community Cybersecurity Benchmarking Survey (“Community Survey”). We’ve appreciated all the great participation in the past and look forward to seeing your responses again this year. The Community Survey, started in 2016, is a key tool used by Trusted CI to gauge the cybersecurity posture of the NSF science community. The twin goals of the Community Survey are: 1) To collect and aggregate information about the state of cybersecurity for NSF projects and facilities; and 2) To produce a report analyzing the results, which will help the community level-set and provide Trusted CI and other stakeholders a richer understanding of the community’s cybersecurity posture. (To view the previous years’ reports, see 2019 Report, 2017 Report, and 2016 Report.) To ensure the survey report is of maximum utility, we want to encourage a high level of participation, particularly from NSF Major Facilities. Please note that we are aggregating responses and minimizing the amount of project-identifying information we’re collecting, and any data that is released will be anonymized.

Survey Link: https://docs.google.com/forms/d/e/1FAIpQLSeooNKQdKx-W5kRol0vTYq0oLogBaT5Sy0G2tG6LwGWSoLc3g/viewform?usp=sf_link

Each NSF project or facility should submit only a single response to this survey. Completing the survey may require input from the PI, the IT manager, and/or the person responsible for cybersecurity (if those separate areas of responsibility exist). While answering specific questions is optional, we strongly encourage you to take the time to respond as completely and accurately as possible. If you prefer not to respond to or are unable to answer a particular question, we ask that you make that explicit (e.g., by using “other:” inputs) and provide your reason.

The response period closes June 30, 2021.

Thank you.


Wednesday, March 24, 2021

Trusted CI’s Large Facilities Security Team Update Spring 2021


Trusted CI continues to address the cybersecurity needs of NSF’s Large Facilities (LFs) by coordinating the Large Facilities Security Team (LFST). The LFST comprises representatives from each of the LFs who are responsible for cybersecurity at their sites. The primary goal of the LFST is to encourage sharing of best practices, policies, and technologies among the team members to further cybersecurity at each of the LFs.

Communication among LFST participants is via a dedicated email list and monthly calls. Call format is either facilitated discussion of a pre-selected topic or a presentation followed by Q. and A. Topics during the past year included COVID-19 pandemic-related cybersecurity issues and response, a ResearchSOC overview, cybersecurity policy development, risk assessment, asset categorization, and supply chain vulnerability. The Trusted CI facilitators actively encourage input from all LFST members during these monthly calls, often producing informative insights on similarities and differences among site priorities and practices.

In service to the broader NSF cybersecurity community, input from the LFST was valuable to development of Trusted CI’s recently released Framework Implementation Guide for Research Cyberinfrastructure Operators. The team is reviewing NSF’s proposed revision to the Major Facilities Guide, which is currently open for comment.

We look forward to another year of learning and active cybersecurity collaboration among NSF’s Large Facilities!

For more information, or to join the LFST, email benninger@psc.edu or info@trustedci.org.


Tuesday, March 23, 2021

Trusted CI Begins Engagement with PATh

The Partnership to Advance Throughput and Computing (PATh) is a project funded by NSF’s OAC Campus Cyberinfrastructure (CC*) program and brings together the Center for High Throughput Computing (CHTC) and the Open Science Grid (OSG) in order to advance the nation’s campuses and science communities through the use of distributed High Throughput Computing. The PATh project offers technologies and services that enable researchers to harness through a single interface, and from the comfort of their “home directory”, computing capacity offered by a global and diverse collection of resources.

PATh is collaborating with Trusted CI on adapting and rewriting PATh’s security program. Through a pre-kickoff meeting and their proposed security program plan submitted to the NSF, we have prioritized their needs using a subset of tasks to outline the goals of the engagement, specifically:

  • Work on Trusted CI Information Security Program Evaluation in order to evaluate PATh’s understanding on their system
  • Assessing the existing security plan and current OSG policies
  • Revising relevant policies and superseding outdated policies with new documents reflecting the current and planned future operations of OSG and PATh
  • Alignment with the Trusted CI Framework 
  • Additional focus and emphasis on resiliency and availability of services, including; monitoring, backups, disaster recovery, and operational upgrades and redundancy

The engagement began in January 2021 and will run until the end of June 2021.

Thursday, March 18, 2021

PEARC21: Trusted CI Call For Proposals at the 5th Workshop on Trustworthy Scientific Cyberinfrastructure

Trusted CI has opened a call for proposals for its Fifth Workshop on Trustworthy Scientific Cyberinfrastructure at PEARC21.

The workshop represents an opportunity for sharing experiences, recommendations, and solutions for addressing cybersecurity challenges in research computing.

The half-day (3 hour) workshop provides a forum for information sharing and discussion among a broad range of attendees, including cyberinfrastructure operators, developers, and users.

The workshop is organized according to the following goals:

  • Increase awareness of activities and resources that support the research computing community's cybersecurity needs.
  • Share information about cybersecurity challenges, opportunities, and solutions among a broad range of participants in the research computing community.
  • Identify shared cybersecurity approaches and priorities among workshop participants through interactive discussions.

Implementing cybersecurity for open science across the diversity of scientific research projects presents a significant challenge. There is no one-size-fits-all approach to cybersecurity for open science that the research community can adopt. Even NSF Major Facilities, the largest of the NSF projects, struggle to develop effective cybersecurity programs. To address this challenge, practical approaches are needed to manage risks while providing both flexibility for project-specific adaptations and access to the necessary knowledge and human resources for implementation. This workshop brings community members together to further develop a cybersecurity ecosystem, formed of people, practical knowledge, processes, and cyberinfrastructure, that enables research projects to both manage cybersecurity risks and produce trustworthy science.

Submissions

Program content for the workshop is driven by the community. We invite submissions of proposals for a series of 30-minute workshop presentations (a 20 minute presentation followed by 10 minutes of discussion for each topic) in the form of one-page abstracts submitted by email to workshop-cfp@trustedci.org. Submissions should include name, affiliation, and email for the presenter(s) along with the title and short description of the topic to be presented.

Presentations will be selected by the program committee based on technical quality, novelty, and relevance to PEARC21 attendees. Presentation materials will be published at https://trustedci.org/pearc21-workshop for dissemination beyond the workshop attendees. Permission will be requested from all presenters to allow redistribution of slides and allow sharing of photos from the event. By submitting a proposal, presenters agree to allow redistribution of slides and allow sharing of photos from the event, if their proposal is accepted.

Presentations may be submitted to both this workshop and the NSF Cybersecurity Summit (https://trustedci.org/summit) for broader information sharing to attendees of both events.

Topics of interest for the workshop include but are not limited to:

  • cybersecurity program development for NSF projects and facilities
  • risk assessment results from NSF projects and facilities
  • identity and access management solutions for NSF projects and facilities
  • security challenges/experiences/solutions for science gateways
  • transition to practice of cybersecurity research
  • secure software development practices/experiences for research computing
  • developing compliance programs for research on campus
  • incident response lessons learned in the research computing community
  • new or emerging cybersecurity technologies applicable to research computing
  • cybersecurity outreach, education, and training in the research computing community
  • cybersecurity workforce development in the research computing community

Important Dates

Submission Deadline: Monday June 14th, 2021
Notification of Acceptance: Wednesday June 30th, 2021

Program Committee

Jim Basney (NCSA)
Kathy Benninger (PSC)
Dana Brunson (Internet2)
Barton Miller (UW-Madison)
Sean Peisert (LBNL)
Von Welch (Indiana University)

About the Workshop Series

This is the fifth workshop in the series. The workshop has been held previously at PEARC17 through PEARC20. There were 52 attendees at the workshop last year. Please visit https://trustedci.org/workshops for materials from prior workshops.

Wednesday, March 17, 2021

Trusted CI TTP Playbook v1.0 Released

We have published version 1.0 of the Trusted CI Transition to Practice Playbook at https://trustedci.org/ttp. The purpose of the playbook is to provide guidance on the use of tools and techniques (the “plays”) to enable researchers to advance their research for practical cybersecurity applications. The tools currently included in the playbook include:
  • The Transition to Practice TRL Assessment Tool, which is used to assess the maturity of a research prototype or product.
  • The Transition to Practice Canvas, which is a brainstorming tool which can be used to describe a model for developing and sustaining the technology.
  • A set of activity planning examples which can be used as a reference when filling out a canvas.
We will continue to work with the Trusted CI TTP cohort members to develop additional plays and to make refinements to existing plays. If you are a researcher who would like to be involved in the cohort or a security practitioner who is interested in the application of research to your security challenges, you can contact Ryan Kiser at rlkiser@iu.edu.

Monday, March 15, 2021

Trusted CI webinar: REED+ Purdue's Evolution From a CUI Environment to an Ecosystem to a Community, Mon Mar 29 @11am Eastern

Members of Purdue University are presenting the talk, REED+ Purdue's Evolution From a CUI Environment to an Ecosystem to a Community, on Monday March 29th at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.

Purdue has made giant leaps in the growth of their Regulated Research Program (REED+) in the past several years. Quite possibility the most bold, was the transition from a widely described NIST 800-171 AWS-GovCloud environment to an On-Prem HPC cluster. We’ll share what lead to this noteworthy redesign, and what lessons have been learned in the year since this transition.

The REED+ framework integrates NIST SP 800-171 and other related NIST publications as the foundation of the framework. This framework serves as a standard for campus IT to align with security regulations and best practices, and create a single process for intake, contracting, and facilitate easy mapping of controlled research to CI resources for the sponsored programs office, human subjects office, and export control office. The framework allows researchers to experience faster intake of new funded projects and be more competitive for research dollars. We’ll share our best practices and processes.

Looking beyond a single institution, Purdue REED+ has been leading a facilitated regulated research series of six small workshops. These have gathered expertise from around the country to discuss the challenges and successes within their Institution’s regulated research program. We’ll share how we’ve structured these workshops that are bringing together experience that largely still exists hidden at the institution.

Note: This presentation is a return visit for the REED+ team. Their 2019 presentation is available on YouTube.

Speaker Bios:

Carolyn Ellis is a Program Manager at Purdue University focusing in strengthening their Regulated Research Program. Over the last four years she grown the program from a single project to a thriving ecosystem handling various regulations such as HIPAA and NIST 800-171. Carolyn is passionate about efforts growing future leaders within CUI Community Development, and mentoring with both EDUCAUSE Women in IT and  WiCys (Women in Cybersecurity).

Dr. Baijian “Justin” Yang is currently an Associate Professor at the Department of Computer and Information Technology, Purdue University, West Lafayette. He served as a steering member of IEEE Cybersecurity Initiative from 2015 to 2017 and was a board director ATMAE from 2014-2016. His research interests include applied machine learning, big data and cybersecurity. He also holds several industry certifications, such as CISSP, MCSE, and Six Sigma Black Belt.

Preston Smith is the Executive Director of Research Computing at Purdue University. Supporting over 180 HPC faculty, and 550 labs using research data systems, Purdue's Community Cluster program is a pioneering program for delivering "condo-style" HPC. At Purdue, his organization designs, builds, and operates compute systems, and delivers advanced research support to the campus community.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

 

Thursday, March 11, 2021

Continuing Professional Education opportunities with Trusted CI

This year we began a project to distribute documentation of participation in Trusted CI activities to help community members manage their continuing professional education (often referred to as CPE or CPEs). This documentation may qualify for credit toward a security certification, course requirement, or professional development plan with an employer.

Trusted CI activities that may qualify for credit include:

  • Attending the Trusted CI NSF Cybersecurity Summit
  • Attending Trusted CI training events
  • Attending Trusted CI webinars
  • Collaboration with Trusted CI on a published report
  • Acceptance and participation in the Trusted CI Fellows program

Note: Trusted CI advises community members to seek approval from appropriate officials when submitting documentation to satisfy any certification, course requirement, or professional development program. For questions, contact cpe@trustedci.org.

What certifications are community members pursuing?

Based on a recent survey, community members are seeking certification in the following programs:

How do I receive credit for participating in Trusted CI activities?

Trusted CI uses Badgr to distribute badges to community members. These badges can be downloaded, exported as a certificate, or shared on social and professional media platforms. To view the badges that have been issued thus far, see Trusted CI’s Badgr page. For more information about Badgr, see the Badgr Knowledge Base. For questions about Trusted CI badges, contact us at cpe@trustedci.org.

We welcome your feedback.

This is a new project and we are learning as it progresses. If you have any questions or suggestions, contact us at cpe@trustedci.org. Updates to the program will be posted to our CPE webpage.
 

Monday, March 1, 2021

Published: The Trusted CI Framework Implementation Guide for Research Cyberinfrastructure Operators


On the behalf of Trusted CI, we are pleased and excited to announce the release of version 1.0 of the Trusted CI Framework Implementation Guide (FIG) for Research Cyberinfrastructure Operators (RCOs). This guide is the culmination of many years of accumulated experience conducting cybersecurity research, training, assessments, consultations, and collaborating closely with the research community. It has been reviewed and vetted by our Framework Advisory Board, a diverse collection of stakeholders from the research community. This launch of the first FIG represents a major step forward in advancing Trusted CI’s mission to enable trustworthy science through cybersecurity guidance, templates, and tools, empowering those projects to focus on their science endeavors. [1]

We also published a new Cybersecurity Program Strategic Plan template along with releasing significantly updated versions of the Incident Response Policy and Master Information Security Policy & Procedures templates.

Learn more about the Framework, download FIG v1.0, explore our templates and tools, offer feedback, and share your experiences by visiting https://www.trustedci.org/framework. [2]

About the Trusted CI Framework


The Trusted CI Framework is a tool to help organizations establish and refine their cybersecurity programs. In response to an abundance of guidance focused narrowly on cybersecurity controls, Trusted CI set out to develop a new framework that would empower organizations to confront cybersecurity from a mission-oriented, programmatic, and full organizational lifecycle perspective.

The Trusted CI Framework is structured around 4 Pillars which make up the foundation of a competent cybersecurity program: Mission Alignment, Governance, Resources, and Controls. 

Composing these pillars are 16 Musts that identify the concrete, critical requirements for establishing and running a competent cybersecurity program. The 4 Pillars and the 16 Musts combined make up the Framework Core, which is designed to be applicable in any environment and useful for any organization.

About the Framework Implementation Guide for Research Cyberinfrastructure Operators (RCOs)


This Framework Implementation Guide is designed for use by research cyberinfrastructure operators (RCOs). We define RCOs as organizations that operate on-premises, cloud-based, or hybrid computational and data/information management systems, scientific instruments, visualization environments, networks, and/or other technologies that enable knowledge breakthroughs and discoveries. These include, but are not limited to, major research facilities, research computing centers within research institutions, and major computational resources that support research computing. The chapters in this FIG provide RCOs with roadmaps for establishing mature cybersecurity programs, pointers to resources, and advice on overcoming potential challenges.

About the Framework Advisory Board (FAB)


As a product ultimately designed for use in the research and higher education communities, this Framework Implementation Guide was developed with significant input from stakeholders that represent a cross section of the target audience. This Framework Advisory Board (FAB) is a collection of 19 volunteers with diverse interests and roles in the research and education communities. From January 2020 through January 2021, Trusted CI’s Framework project team engaged the FAB on a monthly basis, conducting two meetings per month to accommodate the broad geographic distribution of all its members. The FAB provided substantial input, suggestions, questions, and critiques during the drafting of the FIG content. Based on this input from the FAB, the authors refined and published version 1.0.
 
The Framework Advisory Board is:

Kay Avila (NCSA); Steve Barnet (IceCube); Tom Barton (University of Chicago); Jim Basney (NCSA); Jerry Brower (NOIRLab, Gemini Observatory); Jose Castilleja (NCAR / UCAR); Shafaq Chaudhry (UCF); Eric Cross (NSO); Carolyn Ellis (Purdue U.); Terry Fleury (NCSA); Paul Howell (Internet2); Tim Hudson (NEON / Battelle / Arctic); David Kelsey (UKRI/WISE); Tolgay Kizilelma (UC Merced); Nick Multari (PNNL); Adam Slagell (ESnet); Susan Sons (IU CACR); Alex Withers (NCSA / XSEDE); Melissa Woo (Michigan State U.)

Thank you for your interest. We look forward to your feedback and hearing about your experiences with the Framework and FIG.

***

[1] A “Framework Implementation Guide” (FIG) is an audience-specific deep dive into how an organization would begin implementing the 16 Musts. FIGs provide detailed guidance and recommendations and are expected to be updated much more frequently than the Framework Core.

[2] This page now includes templates and tools from the “Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects” webpage. Visitors accessing the old “Guide” page will be redirected to the Framework webpage going forward. Finally, we are leveraging the Zenodo.org Trusted CI Community to archive FIG v1.0. Zenodo.org is a catch-all repository for open science and is funded by the European Commission via OpenAIRE (https://www.openaire.eu/about) and CERN (https://home.cern/about). 

Thursday, February 25, 2021

Trusted CI Engagement Application is now Open

    Trusted CI Engagement Application Period is Open

                        Applications Due April 2, 2021

                Apply for a one-in-one engagement with Trusted CI for early 2021

 

Trusted CI is accepting applications for one-on-one engagements to be executed in July-Dec 2021. Applications are due April 2, 2020 (Slots are limited and in demand, so this is a hard deadline!)


To learn more about the process and criteria, and to complete the application form, visit our site:

http://trustedci.org/application


During Trusted CI’s first 5 years, we’ve conducted
 more than 24 one-on-one engagements with NSF-funded projects, Large Facilities, and major science service providers representing the full range of NSF science missions.  We support a variety of engagement types including: assistance in developing, improving, or evaluating an information security program; software assurance-focused efforts; identity management; technology or architectural evaluation; training for staff; and more.  

 As the NSF Cybersecurity Center of Excellence, Trusted CI’s mission is to provide the NSF community a coherent understanding of cybersecurity’s role in producing trustworthy science and the information and know-how required to achieve and maintain effective cybersecurity programs.

   

Thursday, February 18, 2021

Trusted CI Announces The 2021 Fellows

 

Trusted CI, the NSF Cybersecurity Center of Excellence, is excited to announce the Trusted CI Open Science Cybersecurity Fellows. Eight individuals with professional interests in cybersecurity have been selected from a nationally competitive pool.  During the year of their Fellowship, they will receive recognition and cybersecurity professional development including training and travel funding to cybersecurity related events.


The 2021 Trusted CI Open Science Cybersecurity Fellows are:

Deb McCaffrey

Research Computing Facilitator at Michigan Medicine

Deb McCaffrey is a Research Computing Facilitator at Michigan Medicine, the University of Michigan's health system and medical school. She fell backwards into facilitation after completing a PhD in physical chemistry at UC Berkeley and has never looked back. She loves being involved in all the different research projects on campus and learning something new every day. Her long-term career goal is to get NIH and NSF to collaborate on cyberinfrastructure and provide NSF-like programs researchers with sensitive data."

 

 


Amiya Maji

Senior Computational Scientist at Purdue University

Amiya works as a Sr. Computational Scientist at Purdue University, where he collaborates with researchers from various scientific domains to streamline their scientific processes and reduce application ‎and data bottlenecks. He also leads the software build automation and testing efforts for Purdue's HPC clusters. Amiya’s research focuses on reliability and security of distributed computing systems; more specifically on vulnerability analysis and testing of mobile and cloud applications, and of IoT devices. Amiya and his colleagues have discovered several vulnerabilities in Android mobile applications and more recently in Wear OS. Amiya is also passionate about emerging socio-technological issues such as ethical AI and spread of misinformation in social networks.




Dr. Elie Alhajjar

Research Scientist at the Army Cyber Institute (ACI)

Dr. Elie Alhajjar is a research scientist at the Army Cyber Institute (ACI) and jointly an Assistant Professor in the Department of Mathematical Sciences at the United States Military Academy (USMA) in West Point, NY, where he teaches and mentors cadets from all academic disciplines. His research interests include mathematical modeling machine learning and network analysis, from a cybersecurity viewpoint. He has presented his research work in international meetings in North America, Europe, and Asia. Before coming to West Point, Dr. Elie Alhajjar had a research appointment at the National Institute of Standards and Technology (NIST) in Gaithersburg, MD. He holds a Master of Science and a PhD in mathematics from George Mason University, as well as master’s and bachelor’s degrees from Notre Dame  University.  

 

Matthew Peterson

Senior Faculty Research Assistant at Oregon State Univ.

Matthew is a Senior Faculty Research Assistant at Oregon State University's (OSU) Center for Genome Research and Biocomputing, where he is responsible for managing REDCap (Research Electronic Data Capture) platforms, assisting with health-related data management in the Cloud, and developing software pipelines for computational processing of genomics laboratory data. This past year, he has also been responsible for secure data management for the OSU TRACE-COVID-19 study that examines the prevalence of the novel coronavirus in communities. Matthew holds an M.S. in Applied Information Management from the University of Oregon and a Graduate Certificate in College and University Teaching from OSU. He is passionate about teaching and serves as an instructor for high performance computing and programming courses.

 


Mauricio Tavares

System and Network Administrator at RENCI

Mauricio Tavares has worked in the credit card and medical industry, which led to an interest in the behavioral aspect of data security and privacy.  He has published in topics ranging from aerospace engineering to computer automation and data privacy.  At RENCI he is a member of the FABRIC security working group helping craft the policies and procedures and advise IT staff to effectively protect this multinational research project."

 


Richard Wagner

Systems Integration Engineer at University of California, San Diego

Rick is part of the UCSD Research IT team, where he helps design and build cyberinfrastructure solutions for highly complex research projects that cut across the campus and beyond it. His career began with using cyberinfrastructure as a tool for research in astrophysics, solving data challenges in cosmology and supersonic turbulence. From there he worked in HPC at the San Diego Supercomputer and with Globus at the University of Chicago.



Shuyuan Mary Ho

Associate Professor at Florida State University

Shuyuan’s research focuses on trusted human-computer interactions, investigating issues of computer-mediated deception, disinformation, cyberbullying, hate speech, cloud forensics, cyber insider threat, and interactive cyber defense. She adopts heuristic approaches to coaching the next-gen cybersecurity workforce. Shuyuan is a sociotechnical behavioral scientist designing human-centered computing experiments that simulate complex trust interactions in cyberinfrastructure. Novel methodologies are invented to computationally model the defense of cyberspace, while addressing information ethics and privacy.




Michael Kyle

Scientific Applications Consultant at University of Delaware

Michael’s background is in Meteorology and has several years of experience as a scientific programmer. He currently works at the University of Delaware (UD) in the Information Technologies Research Cyberinfrastructure unit. In this role, Michael works directly with UD’s researchers and its partnering organizations to assist them in the best use of UD’s HPC resources. He is currently working on a Master’s in Cybersecurity at UD and wants to combine his passions for cybersecurity and research cyberinfrastructure to continue developing a safe, and secure computing environment for all types of research.


The Fellows will receive training consisting of a Virtual Institute, providing 20 hours of basic cybersecurity training over six months. The training will be delivered by Trusted CI staff and invited speakers. The Virtual Institute will be presented as a weekly series via Zoom and recorded to be publicly available for later online viewing. Travel support is budgeted (during their first year only) to cover fellows’ attendance at the NSF Cybersecurity Summit, PEARC, and one professional development opportunity agreed to with Trusted CI. The Fellows will be added to an email list to discuss any challenges they encounter that will receive prioritized attention from Trusted CI staff. Trusted CI will recognize the Fellows on its website and social media. Fellowships are funded for one year, after which the Trusted CI Fellows will be encouraged to continue participating in Trusted CI activities in the years following their fellowship year. After their training in the Virtual Institute, Fellows, with assistance from the Trusted CI team, are expected to help their science community with cybersecurity and make them aware of Trusted CI for complex needs. By the end of the year, they will be expected to present or write a short white paper on the cybersecurity needs of their community and some initial steps they will take (or have taken) to address these needs. After the Fellowship year Trusted CI will continue to recognize the cohort of Fellows and give them prioritized attention. Over the years, this growing cohort of Fellows will broaden and diversify Trusted CI’s impact.

 About the Trusted CI Fellows Program

Trusted CI serves the scientific community as the NSF Cybersecurity Center of Excellence, providing leadership in and assistance in cybersecurity in the support of research. In 2019, Trusted CI establish an Open Science Cybersecurity Fellows program. This program establish and support a network of Fellows with diversity in both geography and scientific discipline. These fellows will have access to training and other resources to foster their professional development in cybersecurity. In exchange, they will champion cybersecurity for science in their scientific and geographic communities and communicate challenges and successful practices to Trusted CI.

Fellows come from a variety of career stages. They demonstrate a passion for their area, the ability to communicate ideas effectively, and a real interest in the role of cybersecurity in research. Fellows are empowered to talk about cybersecurity to a wider audience, network with others who share a passion for cybersecurity for open science and learn key skills that benefit them and their collaborators.

Tuesday, February 16, 2021

Trusted CI Begins Engagement with Open OnDemand

 

Open OnDemand is funded by NSF OAC and is an open-source HPC portal based on the Ohio Supercomputer Center original OnDemand portal. The goal of Open OnDemand is to provide an easy way for system administrators to provide web access to their HPC resources.

Open OnDemand is now facing increased community adoption. As a result, it is becoming a critical production service for many HPC centers and clients. By improving the overall security of the project, we will ensure that it continues to be a trusted and reliable platform for the hundreds of centers and tens of thousands of clients that regularly utilize it. 

Open OnDemand has engaged with Trusted CI to support their efforts to further develop the project’s ability to produce secure software. Trusted CI previously conducted an in-depth vulnerability assessment applying the FPVA methodology to Open OnDemand software. The results of this prior assessment will help to inform the activities of this engagement. During the course of the prior FPVA assessment, Trusted CI staff worked directly to test Open OnDemand’s software to identify vulnerabilities with support from the Open OnDemand team. Trusted CI will now work with Open OnDemand to improve the project’s ability to maintain the security of their software as changes are made and to identify and mitigate future vulnerabilities.

Upon completion of the engagement, Trusted CI will produce a published report describing the work performed, potential impact to the open-science community, and areas Open OnDemand may find appropriate for future engagements.

Monday, February 15, 2021

Trusted CI Begins Engagement with FABRIC

FABRIC: Adaptive Programmable Research Infrastructure for Computer Science and Science Applications, funded under NSF grants 1935966 and 2029261, is a national scale testbed that connects to prior existing testbeds, such as PAWR, as well as the real Internet. FABRIC aims to expand its outreach, enabling new science applications, using a diverse array of networks, integrating machine learning, and preparing the next generation of computer science researchers.

The FABRIC project began in 2019 and reached out to Trusted CI for an engagement during this early phase of development. The engagement goals are focused on reviewing FABRIC's software development process, the trust boundaries in the FABRIC system, and the FABRIC security and monitoring architecture.

We will be publishing a report from the engagement when it concludes in June.

Monday, February 8, 2021

Trusted CI Webinar: CARE: Cybersecurity in Application, Research and Education Mon Feb 22 @11am Eastern

Temple University's Aunshul Rege is presenting the talk, CARE: Cybersecurity in Application, Research and Education on Monday February 22nd at 11am (Eastern)

Please register here. Be sure to check spam/junk folder for registration confirmation email.

In an era where big data, machine learning algorithms, and simulations are used to understand cyberattacks and cybersecurity, is there room for qualitative or 'thick' data? This talk shares a social scientist’s perspective on the relevance of thick data in understanding the ‘how’ and ‘why’ of adversarial behavior, movement, decision-making, adaptation to disruptions, and group dynamics. More specifically, it highlights potential for symbiotic relationships between social science methodologies, such as observations and focus groups, and technical methodologies, such as time series analysis, social network analysis, and machine learning and prediction. The talk will then share how social science students must be trained via discipline-specific education to effectively engage in the cybersecurity discourse. It details specific educational efforts via social engineering course projects and capture-the-flag competitions that not only cater to social science students, but also technical students, and how these efforts help break silos to foster multidisciplinary dialog.

Speaker Bio: Dr. Aunshul Rege is an Associate Professor with the Department of Criminal Justice. She is the Director of the CARE (Cybersecurity in Application, Research, and Education) Lab, which focuses on the human and social aspects of cyberattacks and cybersecurity. Dr. Rege is the recipient of numerous National Science Foundation grants, including the prestigious NSF CAREER award. Her research examines adversarial decision-making, adaptation and movement, and she has worked with Computer Scientists and Engineers in academia, industry and government. Dr. Rege and her team at the CARE Lab have generated a critical infrastructure ransomware incident dataset, which maps to the MITRE ATT&CK framework and is highly requested by organizations, governments, academics, and students from all over the world. Dr. Rege is also passionate about cybersecurity education and has designed several experiential social engineering learning projects, which have been mapped to the NICE cybersecurity workforce framework and downloaded worldwide by educators and businesses. A month ago, she hosted a purely social engineering capture the flag competition at Temple University, which featured professional social engineers as judges and six undergraduate student teams. This competition is the first cybersecurity capture-the-flag competition to emphasize the human factor that is grounded in the social sciences. Dr. Rege has received a new NSF education grant, which will allow her to pursue this endeavor starting 2021. Not only has Dr. Rege's work been published in well-regarded journals and peer-reviewed conference proceedings, but her efforts have also been recognized in highly regarded cybersecurity outlets like Security Week, Bleeping Computer, and Dark Reading. She hopes to continue to make the social sciences more mainstream and embedded in the cybersecurity discourse.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."