Tuesday, June 13, 2023

Trusted CI trains NSF ACCESS STEP students in Miami

Through an invitation by the NSF ACCESS project (NSF grants #2138259, #2138286, #2138307, #2137603, and #2138296), Mark Krenz and Ishan Abhinit from Trusted CI visited Florida International University in Miami on May 24th to conduct a security log analysis workshop for a group of students. The workshop was part of a two week long Supported Transition to Excellence Program (STEP), which offers success workshops and specialized advising.

Mark and Ishan modified their regular half-day security log analysis workshop to fit into a 2 hour schedule. They also tailored their presentation content so that it would better fit the audience, which consisted of undergrad students from a variety of institutions. They also provided a brief introduction to cybersecurity careers and how they entered the field. The security log analysis workshop was attended by 15 students. Later that day, Mark and Ishan accompanied students to the next workshop given by FIU faculty on 'Sniffing and Password Cracking' where they assisted them in completing the exercises and providing additional insight. Mark was also able to provide one on one guidance and encouragement to students that had more specific concerns about entering the field of cybersecurity.

Monday, June 12, 2023

Trusted CI Webinar: SecureMyResearch at Indiana University: Effective Cybersecurity for Research, June 26th@11am EST

Members from Indiana University's Center for Applied Cybersecurity Research are presenting the talk, SecureMyResearch at Indiana University: Effective Cybersecurity for Research, June 26th at 11am (Eastern).

Please register here.

The tension between research and cybersecurity has long hampered efforts to secure research. It has kept past institutional cybersecurity effort concentrated on the most sensitive research, but new threats to research integrity and recent federal initiatives such as NSPM-33 are now pointing to a future where securing research holistically is no longer optional. Indiana University launched a pilot in 2020 called SecureMyResearch to expand to the entire campus a research cybersecurity model culminating from years of interaction with biomedical researchers in the School of Medicine. Turning the traditional approach on its head, it aimed to reduce the cybersecurity and compliance burden on the researcher by making cybersecurity invisible. It was laser-focused on the research mission and on accommodating the pace of research. Three years later, the results are showing great promise in breaking the research versus security impasse. Not only have we reached 80 percent penetration on campus, researchers are embracing the service voluntarily and research is being accelerated measurably. In this webinar we will share IU’s research cybersecurity journey and the SecureMyResearch implementation.


Speaker Bios:

Anurag Shankar provides leadership at CACR in regulatory compliance (HIPAA, FISMA, and DFARS/CMMC), research cybersecurity, and cyber risk management. He developed and leads the SecureMyResearch effort at IU.  He has over three decades of experience conducting research, developing and delivering research computing services, building HIPAA compliant solutions for biomedical researchers, conducting cybersecurity assessments, and providing consulting.  He is a computational astrophysicist by training (Ph.D. 1990, U. of Illinois).

Will Drake is a senior security analyst, CISO at CACR, and the SecureMyResearch lead. Will has worked in various IT roles with Indiana University since 2012, including Operations Supervisor for UITS Data Center Operations and Lead Systems Engineer for the Campus Communications Infrastructure team where he was responsible for ensuring the security of IU’s critical telecommunications infrastructure. Will holds an Associate’s Degree in Computer Information Technology from Ivy Tech and is currently pursuing a Bachelor’s Degree in Informatics with a specialization in Legal Informatics from IUPUI’s School of Informatics and Computing.

Tim Daniel is an information security analyst at CACR and a member of the SecureMyResearch team. Previously, Tim worked for a contract research organization carrying out phase 1 and pre-phase 1 clinical trials for veterinary medicine. He holds a bachelor’s degree in biology with a focus in chemistry, and an associate's degree in applied biotechnology. After high school, Tim worked for Stone Belt, a nonprofit that provides resources and supports for individuals with disabilities, where he learned patience and listening skills.


Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Tuesday, June 6, 2023

Call for Participation for the 2023 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure

 October 24th - 26th ✶ Berkeley, CA


It is our pleasure to announce that the 2023 NSF Cybersecurity Summit is scheduled to take place the week of October 23rd. Starting with two  full days of trainings and workshops that will be held on Tuesday, October 24th and Wednesday, October 25th. Concluding with a full day of plenary sessions occurring on Thursday, October 26th.

The final program is still evolving, but we will maintain the mission to provide a format designed to increase the NSF community’s understanding of cybersecurity strategies that strengthen trustworthy science: what data, processes, and systems are crucial to the scientific mission, what risks they face, and how to protect them.

About the Summit

Since 2004, the annual NSF Cybersecurity Summit has served as a valuable part of the process of securing the NSF scientific cyberinfrastructure by providing the community a forum for education, sharing experiences, building relationships, and establishing best practices.

The NSF cyberinfrastructure ecosystem presents an aggregate of complex cybersecurity needs (e.g., scientific data and instruments, unique computational and storage resources, complex collaborations) as compared to other organizations and sectors. This community has a unique opportunity to develop information security practices tailored to these needs, as well as break new ground on efficient, effective ways to protect information assets while supporting science. The Summit will bring together leaders in NSF cyberinfrastructure and cybersecurity to continue the processes initiated in 2013: building a trusting, collaborative community and seriously addressing that community’s core cybersecurity challenges.

The Summit seeks proposals for plenary presentations, workshops/trainings, BoFs/project meetings, poster session and student program. 

Proposing Content for the Summit

There are many ways to contribute to the Cybersecurity Summit. We are open to proposals for live plenary presentations, focused workshops/trainings, project meetings and birds of a feather(BoFs). More specific information on each of those is available below. Submissions can be made using this online form https://docs.google.com/forms/d/e/1FAIpQLSc8VJjYj2XmzTxhoeBvQaf2LUCWovOCouMO5XQtdHgBjzOZDA/viewform by June 16, 2023. Responses will be announced by July 14, 2023 to ensure adequate planning time for presenters.

We strongly encourage proposals that address the 2022 Summit themes and challenges such as Framework Adoption, Operational Technology, Preparing for AI, Identity and access management, Compliance challenges and Risk assessment. Additionally, proposals that address topics ranked high by the community are also strongly encouraged/prioritized. These include: 

  1. Human Factors in Cybersecurity
  2. Open Source Software Security
  3. Cloud Security
  4. AI/ML for Security
  5. Trust/Security of AI Tools
  6. Information Asset Management
  7. Supply Chain Attacks
  8. ChatGPT use/banning/enabling for Security
  9. Quantum Computing

Proposing a Plenary Presentation

Please submit brief proposals with a 1-2 page abstract focused on NSF Large Facilities’ unmet cybersecurity challenges, lessons learned, and/or significant successes for presentation during the Summit Plenary Session. Plenary talks are limited to 25 minutes in length including time needed for question and answers if desired. 

Please note that the Summit will offer a ‘hybrid’ model for remote attendees to participate and all plenary talks will be recorded and made available after the event. Proposals should only contain information without sharing restrictions. As a guide, all plenary presentations should be TLP:WHITE “information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.” 

Submission deadline: June 16th, 2023
Proposals can be submitted using this online form: https://docs.google.com/forms/d/e/1FAIpQLSc8VJjYj2XmzTxhoeBvQaf2LUCWovOCouMO5XQtdHgBjzOZDA/viewform
Word limit: 1-2 pages
Notification of acceptance: July 14th, 2023

Proposing a Workshop or Training Session

Continuing this year, the Summit will accept proposals for Workshops and Trainings seeking to build communities of practice related to the NSF CyberInfrastructure. Please submit brief proposals with abstract that includes the intended audience, description of what the workshop or training will cover and expected benefits for attendees. Examples may include table top exercises, focused discussions and activities on techniques and skills in a particular field, and collaborative information sharing among security professionals.

Workshops and Trainings will be scheduled to not overlap with the Plenary sessions. They can be of varying length ranging from one hour to a half day (3.5 hours). Workshops can be limited to a specific audience to provide confidentiality. For workshops that intend to limit participation, proposals should include requirements for attendees. For accepted workshops that have admission requirements, members of Trusted CI along with workshop organizers will review workshop registration requests to ensure they meet attendance requirements. Workshop and training organizers may choose to offer either in-person or a hybrid model to include attendees joining remotely via Zoom. Workshop/training organizers are encouraged to offer hybrid sessions to maximize participation. This includes running the Zoom (e.g., monitoring the chat, unmuting remote participants, etc.). 

Submission deadline: June 16th, 2023
Proposals can be submitted using this online form: https://docs.google.com/forms/d/e/1FAIpQLSc8VJjYj2XmzTxhoeBvQaf2LUCWovOCouMO5XQtdHgBjzOZDA/viewform
Word limit: 1-2 pages
Notification of Acceptance: July 14th, 2023

Birds of a Feather and Project Specific Meeting Proposals

New this year we will be offering Summit attendees to propose Birds of a Feather (BoFs) and Project Specific Meetings. 

Birds of a Feather (BoFs): Informal gatherings of like-minded individuals who wish to discuss a certain topic can be 1-2 hours in length. Proposers of BoF sessions should serve as discussion leaders to explore and address challenges for a specific topic. BoF Proposals should be no more than one page in length and include the proposed topic and description, the activity’s intended audience, and its expected benefits.

Project Specific Meetings: The Summit organizers recognize that the summit attracts many people who work remotely on projects with distributed staff (ACCESS, ESNet, OSG, Zeek, Jupyter).  Attending a conference presents an opportunity for people who work collectively on a shared project to meet in person. This year we have a number of meeting rooms available for projects to hold working sessions. To request a meeting room, please provide a name and description of the project, number of expected participants and meeting duration (1-2 hours suggested). Requests will be reviewed and scheduled based on room availability. 

Submission deadline: June 16th, 2023
Proposals can be submitted using this online form: https://docs.google.com/forms/d/e/1FAIpQLSc8VJjYj2XmzTxhoeBvQaf2LUCWovOCouMO5XQtdHgBjzOZDA/viewform
Word Limit: 1-2 page description
Notification of Acceptance: July 14th, 2023

Poster Proposals

Also new this year we will be offering individuals to present posters in an informal setting. This is an opportunity to disseminate your work with Summit attendees, receive helpful insights and engage others who are interested in the same subject or focus of your work.

To propose a poster, please provide your name, poster title along with an abstract. Details on shipping posters will be provided upon acceptance.

Submission deadline: June 16th, 2023
Proposals can be submitted using this online form: https://docs.google.com/forms/d/e/1FAIpQLSc8VJjYj2XmzTxhoeBvQaf2LUCWovOCouMO5XQtdHgBjzOZDA/viewform
Word Limit: 1-2 page description
Notification of Acceptance: July 14th, 2023

Student Program

To support workforce development, the Summit organizers invite several students to attend the Summit in-person. Both undergraduate and graduate students may apply. No specific major or course of study is required, as long as the student is interested in learning and applying cybersecurity innovations to scientific endeavors.

To be considered, students must submit an application form (link below), answering questions about their field of study and interest in cybersecurity. Up to 10 student applicants will receive invitations from the Program Committee to attend the Summit in-person. Attendance includes students’ participation in a poster session.

Travel and hotel accommodations will be provided. Students whose applications are declined are welcome to attend the Summit remotely.

The deadline for applications is Monday, August 28th at 12 am CDT, with notification of acceptance to be sent by Friday September 8th.

Please discuss attendance with your instructors prior to attending.

We cannot select applications to attend in-person from students who live outside the United States.

Student Application to attend the Summit:
Send questions to students@trustedci.org
Submission deadline: Monday, August 28th at 12 am CDT
Notification of Acceptance: Friday, September 8th

Notes for First-Time Presenters

The Summit organizers want to encourage those who have not presented at previous Summits to share their experiences, expertise, and insights with the NSF cybersecurity community. You don’t need to be perfectly polished, you just need to have something to share about your project or facility's experience with information security. Feedback from past Summits show that there is a great deal of interest in “lessons learned” type presentations from projects who’ve faced cybersecurity challenges and had to rethink some things afterwards. We’ve put together a page of tips and ideas for new presenters, including proposal and presentation tips as well as suggested topics. More direct coaching is available upon request.

Additional Call for Participation (CFP) Guidance

The Summit organizers wish to encourage and support participation from throughout the wider NSF community. To further that mission, we’ve provided some information (below) to aid in the preparation of CFP responses. Please don’t hesitate to direct questions to CFP@trustedci.org.

What to Present

The CFP presents an opportunity for the community to make progress on shared challenges identified in prior summits. The organizers especially appreciate proposals that drive this home; however, not every presentation or activity has to be centered around just that topic. Please submit any idea that you think may be relevant to our audience but note that proposals that address community challenges from prior years will be given higher preference. 

We strongly encourage proposals that address the 2022 Summit findings and topics identified of high interest as outlined above.

How to Build a CFP Response

The proposal you submit will be used in two ways: to tell the organizers about what you plan to present and to be included in the summit findings as a sort of after-action report. It should include:

  1. Session Format: Plenary (Lecture, Panel, Open Format) or workshop
  2. An executive summary/abstract (short description of the topic and content).
  3. Who the presenter(s) is/are.
  4. Either an abstract of the topic or a narrative you’d like to share with the community. (For activities that are not plenary sessions, this may be replaced with a description of the planned activity and the activity’s intended audience.)
  5. Contact information (preferably email) for the presenter(s) in case the organizers have any questions. This can be in a separate note in the email body instead of the proposal itself if presenter(s) don’t wish it to be published.
  6. Expected length of the session/activity. All plenary sessions will be limited to 25 minutes, Workshops and Trainings can range from one to 3.5 hours. BoFs and Project specific meetings are suggested to run 1-2 hours.
  7. Intended audience and expected benefits of the proposal

Our community has expressed in the past that many find it helpful if they can download a copy of a presentation’s slides. Therefore we will require all presenters to submit their slides in advance of the summit. 

The easiest way to get help/feedback from the organizing committee prior to submitting your final proposal is to create a Google Doc containing your proposal and sending an edit link to CFP@trustedci.org

Tips for Presenting

There are many different presentation formats that can work well depending on the topic. Consider the following:

  1. Lecture format: The presenter(s) talk to the audience and show slides to support their dialogue, then do a short Q&A session at the end of the presentation.
  2. Panel format: 3-5 persons answer questions offered by a moderator on a specific topic or set of topics, then do a short Q&A with the audience. This tends to work out best when the panel contains people with very different backgrounds or viewpoints, and the moderator is good at keeping folks to the topic and time constraints.
  3. Open Forum format: 2-3 persons answer questions offered by the audience. Works best if there is an extra person gathering questions and presenting them, and if the speakers can keep things succinct so that the presentation keeps moving and many questions get answered.
  4. Hands-on format(workshops/trainings): The presenter(s) walk the audience through a demo or tutorial as the audience follows along on their computers (or on paper, if the topic supports it).  If you are doing a training that will have many hands-on activities, consider having more than one presenter, or a presenter plus a helper or two who can go around the room and help participants who get stuck, allowing the group as a whole to move on.