Tuesday, July 26, 2022

Advancing the Cybersecurity of NSF Major Facilities: Trusted CI’s Inaugural Framework Cohort Successfully Completes Six-Month Program (June 2022)

Trusted CI’s first Framework Cohort has successfully completed its initial six-month period of workshops designed to improve NSF Major Facilities’ alignment to the Trusted CI Framework. Each cohort member adopted the Trusted CI Framework as the foundation for their cybersecurity program. Additionally, each cohort member worked closely with Trusted CI to produce 1) a validated self-assessment of their cybersecurity program’s alignment with the Trusted CI Framework; and 2) a draft Cybersecurity Program Strategic Plan identifying priorities and directions for further refining their cybersecurity programs.

The inaugural Cohort included the following NSF Major Facilities:

The success of the Framework Cohort is particularly notable as each of these facilities voluntarily adopted and rallied around the Trusted CI Framework as the foundation for their cybersecurity programs. 

The foundation of the Cohort program is the Trusted CI Framework, which was created as a minimum standard for cybersecurity programs. In contrast to cybersecurity guidance focused narrowly on cybersecurity controls, the Trusted CI Framework provides a more holistic and mission-focused standard for managing cybersecurity.

For GAGE, LIGO, NRAO, NSO, and OOI, the Cohort was their first formal training in the Trusted CI Framework’s “Pillars” and “Musts” and how to apply these fundamental principles to assess and strengthen their cybersecurity programs. NOIRLab contributed their experience as an early adopter of the Framework, having previously completed a one-on-one Framework engagement with Trusted CI.

Feedback from members of the first cohort on their experience has been strongly positive:

Eric Cross, Head of Information Technology, National Solar Observatory, said the following about his experience:

"The TrustedCI Framework Cohort was a valuable experience. The process required us to research and reflect on our internal cybersecurity policies and procedures. The Cohort provided a platform to meet with other facilities and work through challenges with feedback from peers. The experience resulted in formal documentation that provided our organization's leadership clear direction to improve our cybersecurity program with specific short-term and long-term goals. I highly recommend this exercise for all NSF facilities."

Craig Risien, CI Systems Project Manager, Ocean Observatories Initiative, said the following about his experience: 

“I found participating in Trusted CI’s first Framework Cohort to be exceptionally instructive and really enjoyed the opportunities to discuss cybersecurity challenges and lessons learned with Trusted CI and colleagues at other NSF Major Facilities. Working with Trusted CI on creating a validated self-assessment based on the Trusted CI Framework over the past six months has helped the Ocean Observatories Initiative (OOI) better understand the current state of its cybersecurity program. Being part of this cohort has also assisted the OOI with the development of a plan to fully implement the Trusted CI Framework and create a well-established and mature cybersecurity program. I look forward to the follow-on cohort sessions in the coming months.”

Trusted CI is continuing to support the first cohort through the end of 2022 by facilitating monthly workshops. Each facility will have the opportunity to lead a workshop in which they are encouraged to share their specific challenges and seek advice among the other cohort members.

Concurrently, Trusted CI is conducting its second cohort engagement leveraging the lessons learned from the first cohort. The second cohort includes the following organizations:

Trusted CI is excited to be working with these new facilities to advance their understanding and implementation of cybersecurity programs and best practices!

For more information, please contact us at info@trustedci.org.