Sunday, November 20, 2022

Trusted CI Webinar: Science DMZ Engagement with University of Arkansas, December 5th @11am EST

Mark Krenz and Don DuRousseau will be presenting the talk, Science DMZ Engagement with University of Arkansas, December 5th at 11am (Eastern).

Please register here.

A Science DMZ is a special network architecture designed to improve the speed at which large science data transfers can be made over the Internet while maintaining security of the assets. This webinar will provide an overview of the Science DMZ architecture, how to secure it, and cover use cases such as the statewide science network in Arkansas.

Speaker Bios:

Mark Krenz: Mark Krenz is the Chief Security Analyst at the Indiana University Center for Applied Cybersecurity Research and the Deputy CISO of Trusted CI. He is focused on cybersecurity operations, research and education. He has more than two decades of experience in system and network administration and has spent the last decade focused on cybersecurity.

Don DuRousseau: Don is Director of Research Technology at the University of Arkansas. He has over 20 years leadership experience in research technologies, cyberinfrastructures, cybersecurity, and informatics. He is an active researcher and contributor in areas of programmable networking, advanced computing, bioinformatics, and human systems engineering. He leads the NSF CC* CIRA: Shared Arkansas Research Plan for Community Cyberinfrastructure (SHARP) project in planning the statewide research cyberinfrastructure (RCI) operations and researcher training and support strategy for providing HPC and other research resources and services to all the universities and colleges in Arkansas.

Don was responsible for the operation and growth of the 100-G R&E Network (CAAREN) Capital Area Advanced Research and Education Network in Washington D.C. In addition, he led the operations of the HPC resources and distributed support services on campus and built the Capital Region Advanced Cyber Range (CRACR) through the NSF CICI: Regional: Substrate for Cybersecurity Education; a Path to Training, Research and Experimentation project carried out at The George Washington University.

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

 

Friday, November 18, 2022

Deadline extended until Friday Dec. 2- Trusted CI 2023 Fellows Program Application

 We are now pleased to announce the call for applications for our 2023 Trusted CI Fellows.

Another cohort of six Fellows will receive training from and work closely with Trusted CI to expand their own understanding of trustworthy science and further empower the NSF community to secure its own research.

Applications are now open for the 5th round of Trusted CI Fellows! You can learn more about our Fellows program by visiting our website..

The deadline for applications is Friday, Dec 2. Click here to apply for the program.
Trusted CI’s first three cohorts of Fellows have been an amazing success with twenty Fellows from various fields, including:

  • Research technologies
  • Astrophysics
  • Criminal justice
  • Network and combinatorial optimization 
  • and computer engineering. 

Click here to view our 201920202021, and 2022 Fellows

 

Thursday, November 17, 2022

Student Program at the 2022 NSF Cybersecurity Summit

In October we hosted our annual NSF Cybersecurity Summit. This year’s Summit was a hybrid event hosted at the Monroe Convention Center in Bloomington, IN. It was our first Summit with a face-to-face component since 2019. Our student program welcomed ten students to attend the in-person training sessions, network with fellow attendees, and introduce themselves to our community. We also matched students with mentors to help facilitate networking opportunities.

We give special thanks to our mentors: Ishan Abhinit, Fatema Bannat Wala, Mark Krenz, and Jim Marsteller.

We asked the students to share their thoughts on their experiences at the Summit. Below is a selection of their responses. These statements have been lightly edited for clarity.

Jacob Abbott, Indiana University, PhD in Informatics


While at the 2022 NSF Cybersecurity Summit I attended the “Regulatory Compliance for Research,” and “Physical Security,” workshops that gave substantial information before the plenary sessions started. During the course of the event, I was able to meet Doug Ertz from UNAVCO and we realized that we have a mutual acquaintance in industry and we both have mentored students in partnership with the Center of Excellence for Women & Technology. Hearing discussions from professionals in different research areas and backgrounds, such as one presentation about all the facilities and requirements for high powered magnetic field generators, was very interesting and just shows how ubiquitous the issues of cybersecurity are for everyone.

Jessy Ayala, UC Irvine, PhD in Software engineering

At the 2022 NSF Cybersecurity Summit, I had the pleasure of networking with student peers from different universities, professors, and cybersecurity professionals. It was a great opportunity to have fruitful conversations with those who tackle security problems from a different perspective and overall learn about relevant issues we face today because of emerging, and pre-existing, technologies. I'm glad I can keep in touch with some of the people I met and look forward to any collaborations that may arise.

Tria Correll, Middle Georgia State U, Bachelor's in Information Technology

Besides the knowledge I gained from the pre-conference training, the biggest takeaway from attending the 2022 NSF Cybersecurity Summit was the opportunity to connect with fellow cybersecurity students and professionals. I learned a great deal about the importance of physical security and gained insight into why there are security risks when using a command line interface. I hope I'm able to attend next year's Summit in Berkeley, CA.

Xinyao Ma, Indiana University Bloomington, PhD in Security Informatics/Data Science

My research interests focus on usable security, and how to help people safely use the Internet from a user's angle. It was my first time attending such a great Summit and having the chance to meet so many people who are also working and researching in the cybersecurity field. I attended two very useful workshops, got to know many people that I haven't had a chance to meet, and learned a lot about what other cybersecurity people are doing. I'm a Ph.D. student in the usable security area, and most times, I have to work and study alone. Most connections come from my school and the lab. The Summit gave me a chance to get to know many other students and professors who also work in this area, and especially thanks to my mentor James Marsteller, who was really nice when I was afraid because I didn't know anyone before.

Rajvardhan Oak, UC Davis, PhD in Computer Science

The 2022 NSF Cybersecurity Summit was a great learning experience for me. It was an opportunity to learn cyber security skills through theory as well as hands-on exercises and keep up to speed with the latest in the field. It was also an excellent forum to network with industry professionals, fellow students and faculty. This has resulted in a fruitful collaboration for me; I am currently in touch with a fellow student and in the process of designing a research project in cyber security. I’m very fortunate that I was able to attend the Summit!

Harsh Parekh, Louisiana State University, PhD in Information Systems

2022 NSF Cybersecurity Summit's student program had an eclectic mix of students from diverse academic backgrounds. The Summit gave me immense networking opportunities with interdisciplinary researchers and practitioners in the cybersecurity space. I have already started some collaborative research projects through networking made possible through the Summit. Being a behavioral security researcher, I had a limited understanding of technical and developmental cybersecurity research which was rightly introduced through workshops such as log analysis and machine learning in cybersecurity. The student program was well planned with designated mentors, Summit events, social nights, and a tour of IU's massive data center. I really enjoyed my time in Bloomington and would like to be associated with the Summit in the future.

Mahmoud Shabana, NYU Tandon School of Engineering, MS Cybersecurity

The NSF Cybersecurity Summit was a great experience as my first in-person cybersecurity conference! I was fortunate to learn about how machine learning can be pivotal in implementing cyber defense tools, as well as new security techniques in log analysis. Outside of workshops, I got to meet professionals in all fields of security research and development. Connecting with current security researchers and practitioners has helped expand my network in security and learn from leading experts from around the world!

Joshua Thornburgh, University of Arkansas, MS in Computer Science

This Summit was the first of its kind for me to attend. Coming into it, I wasn’t sure what to expect or what the Trusted CI Framework was really about, not to mention a bit of imposter syndrome for even being invited. That was quickly dissolved once I began speaking with people. Everyone was extremely nice and had loads of wisdom to share. Having sat through the workshops for both machine learning in cybersecurity and the overview of the Framework, I can say with confidence that what I gained will really aid in my future paths. While the Trusted CI Framework is currently not something I can utilize as a student, that I have seen yet, I will carry it with me for when I do need it. Coming to the 2022 NSF Cybersecurity Summit was a true honor and I look forward to participating in this community in the future.

Alexs Wijoyo, Pace University, MS in Cybersecurity

The NSF Summit brought much clarity to the impact of cybersecurity at every scale no matter what industry you are in. Interacting with many of the individuals that were in charge of implementing the TrustedCI Framework and the mentors, I learned that there's always a place for security even at the lowest level. I learned many skills in the pre-conference workshops regarding command line security and log analysis with the use of ELK Stack as well as making many memories with the peers that I was able to spend my time with. My best moment is touring the University of Indiana data center and looking at the infrastructure that the school has built to support the endeavors of the staff and their students.

Alenna Zweiback, Indiana University, Bachelor's in Information Systems and Cybersecurity

I had an incredibly influential experience at the 2022 NSF Cybersecurity Summit. Prior to the conference, I was interested in learning more about how I can further my skills and career development in cybersecurity. By attending this conference, I was able to meet a variety of like-minded students, professors, researchers, consultants, and many other unique individuals. I became mindful of new internship opportunities. I envisioned long-term career paths.  Throughout the conference, I absorbed just how necessary it is for more people to be aware and involved in cybersecurity. My biggest takeaway from this conference was from keynote speaker, Helen Patton. When discussing the evolution of cybersecurity she quoted Mikko Hyppon in saying, “We are no longer securing just computers - we are securing the society.” By attending this conference, I was able to take one more step in educating society.

We are so proud of our student attendees and look forward to what they do in the future.

Wednesday, November 16, 2022

Publication of the Trusted CI Roadmap for Securing Operational Technology in NSF Scientific Research

Trusted CI is pleased to announce the publication of its Roadmap for Securing Operational Technology in NSF Scientific Research.  

In 2022, Trusted CI conducted a year-long effort examining the security of operational technology in science. Operational technology (OT) encompasses broad categories of computing and communication systems that in some way interact with the physical world.  This includes devices that either have sensing elements or control elements, or some combination of the two, and can include both bespoke scientific instrumentation as well as commercially-produced OT.  In both cases, networked sensors and control systems are increasingly important in the context of science as they are critical in operating Major Facilities.  

Trusted CI’s approach to this effort was to spend the first half of 2022 engaging with NSF personnel and operators of OT at NSF Major Facilities to understand the range of operational practices and evaluate potential deficiencies that lead to vulnerabilities and compromises.  In the second half of 2022, leveraged our insights from the first half to develop a roadmap of solutions to sustainably advance security of scientific operational technology.  The audiences for this roadmap include NSF, NSF Major Facilities, and Trusted CI itself.

In July 2022, Trusted CI published its findings from its study of the security of operational technology in science, conducted in the first half of 2022.  

Emily K. Adams, Daniel Gunter, Ryan Kiser, Mark Krenz, Sean Peisert, Susan Sons, andJohn Zage. “Findings of the 2022 Trusted CI Study on the Security of Operational Technology in NSF Scientific Research,” July 13, 2022. DOI: 10.5281/zenodo.6828675 https://doi.org/10.5281/zenodo.6828675

Now, with the publication of this roadmap, Trusted CI aims to help NSF operational technology in cyberinfrastructure advance toward solutions.  The full citation for the solutions roadmap is as follows:

Andrew Adams, Emily K. Adams, Dan Gunter, Ryan Kiser, Mark Krenz, Sean Peisert, and John Zage. “Roadmap for Securing Operational Technology in NSF Scientific Research,” November 16 2022. DOI: 10.5281/zenodo.7327987 https://doi.org/10.5281/zenodo.7327987

Trusted CI gratefully acknowledges the many individuals from NSF as well as the following NSF Major Facilities that contributed to the year-long effort that has led to this roadmap: IceCube Neutrino Observatory, NOIRLab, Ocean Observatories Initiative, United States Academic Research Fleet, and the United States Antarctic Program.

In 2023, Trusted CI will turn its focus toward working closely with several maritime-centric NSF Major Facilities and Major Research Equipment and Facilities Construction (MREFC) projects to offer guidance and recommendations  for integrating operational technology security into those facilities for planning, design, and construction of new and refreshed facilities and instrumentation therein.


Tuesday, November 1, 2022

Open Science Cyber Risk Profile (OSCRP) Updated with Science DMZ, Software Assurance, Operational Technology, and Cloud Computing Elements

 Trusted CI has released an updated version of the Open Science Cyber Risk Profile (OSCRP), with additions based on insights from its 2021 study of scientific software assurance:

Andrew Adams, Kay Avila, Elisa Heymann, Mark Krenz, Jason R. Lee, Barton Miller, and Sean Peisert. “The State of the Scientific Software World: Findings of the 2021 Trusted CI Software Assurance Annual Challenge Interviews,” September 2021.  https://hdl.handle.net/2022/26799

Andrew Adams, Kay Avila, Elisa Heymann, Mark Krenz, Jason R. Lee, Barton Miller, and Sean Peisert. “Guide to Securing Scientific Software,” December 2021. DOI: 10.5281/zenodo.5777646

…and its 2022 study on scientific operational technology:

Emily K. Adams, Daniel Gunter, Ryan Kiser, Mark Krenz, Sean Peisert, Susan Sons, and John Zage. “Findings of the 2022 Trusted CI Study on the Security of Operational Technology in NSF Scientific Research,” July 13, 2022. DOI: 10.5281/zenodo.6828675

A new section on risk profiling of  cloud computing was also added.  The full reference for the OSCRP is:

Sean Peisert, Von Welch, Andrew Adams, RuthAnne Bevier, Michael Dopheide, Rich LeDuc, Pascal Meunier, Steve Schwab, and Karen Stocks. Open Science Cyber Risk Profile (OSCRP), Version 1.3.3. October 2022. DOI: 10.5281/zenodo.7268749

The OSCRP is a document, initially released in 2017, designed to help principal investigators and their supporting information technology professionals assess cybersecurity risks related to open science projects. The OSCRP was the culmination of extensive discussions with research and education community leaders, and has since become a widely-used resource, including numerous references in recent National Science Foundation (NSF) solicitations.

The OSCRP is a living document and will continue to be refreshed as technology and threats change, and as new insights are acquired.

Comments, questions, and suggestions about this post, and both documents are always welcome at info@trustedci.org.