Interested in Cybersecurity Research Transition To Practice (TTP)? Join us for a free virtual workshop, funded by NSF, on September 14th (2pm-5pm Central Time) and September 15th (8am-12pm Central Time). See the flyer below for more details.
Please register at: https://forms.gle/pLTx1EYPoMxgueu1A
For more information about Trusted CI's Cybersecurity Research Transition to Practice (TTP) program, please visit: https://www.trustedci.org/ttp
This month's Minority Serving - Cyberinfrastructure Consortium (MS-CC) All Hands Meeting will feature a presentation by Jim Basney about the Trusted CI Framework for Cybersecurity Programs. Join us on Thursday, August 24 at 12pm ET for Jim's presentation followed by a discussion about cybersecurity at Minority Serving Institutions (MSIs). Visit https://www.ms-cc.org/calendar/all-hands-meetings for Zoom coordinates and additional details, including past meeting recordings.
Trusted CI also participated in the 2023 MS-CC Annual Meeting in May. Visit https://www.ms-cc.org/2023-annual-meeting for presentation materials and other information from that meeting.
Please register here.
More than a decade ago, Clemson University outlined the requirements needed to integrate several campus-wide enterprise applications in a way that would automate the exchange of data between them, and establish the relationships of that data to the unique identities that represented all users within the system, including faculty, staff, students, alumni and applicants. There would be no direct access of data, except through applications that were approved and had established Memorandum of Understanding (MOU) contracts in place. This project was known as the Clemson Vault.
Within the Identity Management space, solutions for automating the provisioning of identities are offered by several vendors these days. However, mileage and cost vary when you wish to integrate arbitrary university resources, such as mailing lists, disk storage, building card access, and course registrations. Open source solutions, with all of the above requirements, are non-existent.
At Clemson University, we combined licensed vendor software and in-house apps, scripts and procedures to create a data integration solution that met the original requirements. This implementation has served us well for many years, but many of the drawbacks to the current design prompted us to begin pulling out many of these features into its own project, where we could collaborate on features and enhancements for the future with institutions outside of our own organization. The patterns, interfaces, and source code that emerged from the original vault were extracted out, embellished and migrated into an open source repository known as Adaptive Framework (https://github.com/afw-org/afw).
Clemson University has been working on this project for several years now, and has recently released this open source framework for building data access solutions that provide web service API’s, data transformation tools, real-time data provisioning and an authorization architecture. The framework that has emerged offers a built-in scripting language, pre-compiled server-side applications and an administrative web interface.
Although it was originally designed for the implementation of an open source identity vault, we envision a broader adoption of this framework for other data-driven needs, such as extending databases with metadata, building policy-based authorization systems, and integrating data repositories with a metadata catalog, and varying levels of access control, across federated environments.
Our goal with this project is to gather external support from both commercial and public institutions to help make this framework sustainable moving forward.
Speaker Bio:
Jeremy Grieshop is a software engineer (B.S. Miami University, M.S. Clemson University) and has been employed by Clemson University since 2001. His role has been in software development for the Identity Management team and has been directly involved in the software design and implementation of many of the authentication and provisioning software, along with self service tools that are in place at Clemson University today.
---
As NSF's Cybersecurity Center of Excellence (CCoE), Trusted CI is engaged with the connections between cybersecurity and research security - see the recently published Trusted CI Five-Year Strategic Plan for details. An effective cybersecurity program enables NSF facilities and projects to protect cyberinfrastructure from misuse by a breadth of adversaries, including adversaries that may be motivated by foreign government interference. While Trusted CI's cybersecurity mission is distinct from the research security mission of NSF's planned Research Security and Integrity Information Sharing Analysis Organization (RSI-ISAO), Trusted CI looks forward to coordinating and collaborating with the RSI-ISAO when appropriate, with a common goal for "research that is as open as possible, but as secure as necessary" [1].
RSI-ISAO proposing organizations, please note: Trusted CI will not be providing letters of commitment for the NSF 23-613 solicitation [1], but proposals may cite this blog post when discussing plans for collaboration with Trusted CI.
Trusted CI welcomes inquiries and feedback. If you have any questions or comments, please contact us.
NSF cyberinfrastructure is an engine of scientific research and innovation and underlies much of the science that Major Facilities enable. Key cyberinfrastructure components, including supercomputers, data repositories, sensor arrays, ships, software systems, and telescopes, are essential to scientific productivity, such that cybersecurity incidents can have a major impact on the scientific enterprise. For the cyberinfrastructure operators, implementing effective cybersecurity programs for these unique components is a complex challenge.
Trusted CI, the NSF Cybersecurity Center of Excellence (CCoE), has been working to overcome this challenge for over ten years. Its success has been noted both by the NSF community and the former director of the NSF Office of Advanced Cyberinfrastructure. The 2021 JASON Report on Cybersecurity at Major Facilities indicated Trusted CI's demonstrable impact on improving the cybersecurity posture of many NSF Major Facilities.
In light of new and unprecedented challenges facing our community, Trusted CI is making a new strategic plan for the next five years, with a vision of secure operation of essential cyberinfrastructure enabling NSF’s vision of a nation that leads the world in scientific research and innovation. This plan will guide the creation of our renewal proposal.
We are seeking input on our strategic plan from key constituencies including our Advisory Committee and NSF Major Facilities representatives and welcome insights from the broader community as well. Please click the link below to view our five-year strategic plan covering 2024-2029 and provide feedback via email to kelshute@iu.edu.
https://doi.org/10.5281/zenodo.8193607
Thank you in advance for your thoughtful feedback and insights!
