Trusted CI Co-authors Identity Management Cookbook for NSF Major Facilities

Trusted CI’s Josh Drake has co-authored a new document addressing many identity management (IdM) challenges present at NSF Major Facilities. Due to their size and collaborative missions, Major Facilities often have many users, across multiple organizations, all with different access permissions to a diverse collection of CI resources. The Federated Identity Management Cookbook aims to address these challenges by providing time-tested “recipes” for building IdM capabilities, as well as a primer on the topic of IdM itself.

“While operating the IdM working group and CI Compass, we had many opportunities to engage with major facilities on identity and access management issues facing researchers. We were able to explore a variety of options to help researchers integrate federated identities into their cyberinfrastructure,” said Josh Drake. “This cookbook represents the distilled version of months of engagement with the MF community and a primer to identity management concepts that we hope will be of use to research cyberinfrastructure operators everywhere.” Trusted CI’s Ryan Kiser and Adrian Crenshaw also participated in the engagements that contributed to the cookbook.

This work was created in partnership with Erik Scott (RENCI) and CI Compass. CI Compass provides expertise and active support to cyberinfrastructure practitioners at NSF Major Facilities in order to accelerate the data lifecycle and ensure the integrity and effectiveness of the cyberinfrastructure upon which research and discovery depend.

The cookbook is available in the CI Compass Resource Library  and on Zenodo. See CI Compass’s website to read the full press release.

Advancing the Cybersecurity of NSF Major Facilities: Trusted CI’s Inaugural Framework Cohort Successfully Completes Six-Month Program (June 2022)

Trusted CI’s first Framework Cohort has successfully completed its initial six-month period of workshops designed to improve NSF Major Facilities’ alignment to the Trusted CI Framework. Each cohort member adopted the Trusted CI Framework as the foundation for their cybersecurity program. Additionally, each cohort member worked closely with Trusted CI to produce 1) a validated self-assessment of their cybersecurity program’s alignment with the Trusted CI Framework; and 2) a draft Cybersecurity Program Strategic Plan identifying priorities and directions for further refining their cybersecurity programs.

The inaugural Cohort included the following NSF Major Facilities:

• Geodetic Facility for the Advancement of Geoscience (GAGE)
• Laser Interferometer Gravitational-wave Observatory (LIGO) 
• NOIRLab
• National Radio Astronomy Observatory (NRAO)
• National Solar Observatory (NSO)
• Ocean Observatories Initiative (OOI)

The success of the Framework Cohort is particularly notable as each of these facilities voluntarily adopted and rallied around the Trusted CI Framework as the foundation for their cybersecurity programs. 

The foundation of the Cohort program is the Trusted CI Framework, which was created as a minimum standard for cybersecurity programs. In contrast to cybersecurity guidance focused narrowly on cybersecurity controls, the Trusted CI Framework provides a more holistic and mission-focused standard for managing cybersecurity.

For GAGE, LIGO, NRAO, NSO, and OOI, the Cohort was their first formal training in the Trusted CI Framework’s “Pillars” and “Musts” and how to apply these fundamental principles to assess and strengthen their cybersecurity programs. NOIRLab contributed their experience as an early adopter of the Framework, having previously completed a one-on-one Framework engagement with Trusted CI.

Feedback from members of the first cohort on their experience has been strongly positive:

Eric Cross, Head of Information Technology, National Solar Observatory, said the following about his experience:

"The TrustedCI Framework Cohort was a valuable experience. The process required us to research and reflect on our internal cybersecurity policies and procedures. The Cohort provided a platform to meet with other facilities and work through challenges with feedback from peers. The experience resulted in formal documentation that provided our organization's leadership clear direction to improve our cybersecurity program with specific short-term and long-term goals. I highly recommend this exercise for all NSF facilities."

Craig Risien, CI Systems Project Manager, Ocean Observatories Initiative, said the following about his experience: 

“I found participating in Trusted CI’s first Framework Cohort to be exceptionally instructive and really enjoyed the opportunities to discuss cybersecurity challenges and lessons learned with Trusted CI and colleagues at other NSF Major Facilities. Working with Trusted CI on creating a validated self-assessment based on the Trusted CI Framework over the past six months has helped the Ocean Observatories Initiative (OOI) better understand the current state of its cybersecurity program. Being part of this cohort has also assisted the OOI with the development of a plan to fully implement the Trusted CI Framework and create a well-established and mature cybersecurity program. I look forward to the follow-on cohort sessions in the coming months.”

Trusted CI is continuing to support the first cohort through the end of 2022 by facilitating monthly workshops. Each facility will have the opportunity to lead a workshop in which they are encouraged to share their specific challenges and seek advice among the other cohort members.

Concurrently, Trusted CI is conducting its second cohort engagement leveraging the lessons learned from the first cohort. The second cohort includes the following organizations:

• Corporation for Education Network Initiatives in California (CENIC), a California research and education network
• International Ocean Discovery Program (IODP), an NSF Major Facility
• FABRIC, an NSF Mid-Scale Research Infrastructure Facility
• National Ecological Observatory Network (NEON), an NSF Major Facility
• Seismological Facility for the Advancement of GEoscience (SAGE), an NSF Major Facility

Trusted CI is excited to be working with these new facilities to advance their understanding and implementation of cybersecurity programs and best practices!

For more information, please contact us at info@trustedci.org.

Findings of the 2022 Trusted CI Study on the Security of Operational Technology in NSF Scientific Research

This year, Trusted CI is conducting a year-long effort on the security of operational technology in science. Operational technology (OT) encompasses broad categories of computing and communication systems that in some way interact with the physical world.  This includes devices that either have sensing elements or control elements, or some combination of the two.  Networked sensors and control systems are increasingly important in the context of science as they are critical in  operating scientific instruments.  Trusted CI is pleased to share its findings from this study, published in the following report:

Emily K. Adams, Daniel Gunter, Ryan Kiser, Mark Krenz, Sean Peisert, Susan Sons, and John Zage. “Findings of the 2022 Trusted CI Study on the Security of Operational Technology in NSF Scientific Research,” July 13, 2022. DOI: 10.5281/zenodo.6828675  https://doi.org/10.5281/zenodo.6828675

In support of this study, Trusted CI gratefully acknowledges the many individuals from the following NSF Major Facilities that contributed to this effort: IceCube Neutrino Observatory, NOIRLab, Ocean Observatories Initiative, and the United States Academic Research Fleet.

Now that Trusted CI has finished its examination of the current state of the security of OT in science, it will turn its focus to developing a roadmap of solutions to sustainably advance security of scientific operational technology, which will be published in late 2022.