Wednesday, February 7, 2024

Advancing the Cybersecurity of NSF Major Facilities and National Research Cyberinfrastructure: Trusted CI’s Framework Cohort Achievements in 2023

Trusted CI successfully conducted two more six-month engagements in its ongoing Cybersecurity Framework Cohort Program during 2023, mentoring 11 additional research cyberinfrastructure providers through Framework validated self-assessments and cybersecurity program strategic planning. The cohort during the first half of 2023 comprised representatives from the following NSF major facilities, mid-scale projects, and a scientific consortium:

U.S. Academic Research Fleet (ARF), an NSF major facility
IceCube Neutrino Observatory, an NSF major facility
United States Antarctic Program (USAP), an NSF major facility
Deep Soil Ecotron (DSE), an NSF mid-scale project
Network for Advanced NMR (NAN), an NSF mid-scale project
Giant Magellan Telescope Observatory Corporation (GMTO), a scientific consortium

Five of NSF’s leading high performance computing (HPC) centers composed the cohort during the second half of 2023:

The foundation of the cohort program is the Trusted CI Framework. The Framework was created as a minimum standard for cybersecurity programs. In contrast to cybersecurity guidance focused narrowly on cybersecurity controls, the Trusted CI Framework provides a more holistic and mission-focused standard for managing cybersecurity. For these organizations, the cohort was their first formal training in the Trusted CI Framework “Pillars” and “Musts” and how to apply these fundamental principles to assess their cybersecurity programs.

Cohort members entered the engagement with a commitment to adopting the Framework at their sites. They then worked closely with Trusted CI to gather site information and create validated self-assessments of their organization’s cybersecurity programs based on the Trusted CI Framework. Each site emerged from the program with a draft Cybersecurity Program Strategic Plan (CPSP) identifying priorities and directions for further refining their cybersecurity programs.

Several participants provided feedback on the value of the cohort experience to their organizations.

GMTO’s Sam Chan, IT Director and Information Security Officer, and Efren Sandoval, Cybersecurity Analyst, noted that “...the cohort collaboration process has given us a better understanding of a holistic and mission focused approach to cybersecurity. The cohort collaboration process also brought us together with colleagues from different fields and requirements with similar security controls.  Sharing our experiences amongst ourselves helped us learn different approaches to similar areas of concern.”

Michael Wilson, Infrastructure Architect at UConn Health and Cybersecurity Lead of NAN, observed: “As a result of the cohort experience, NAN was not only able to identify gaps in our original cybersecurity implementation plan and significantly advance our cybersecurity posture, but I have also personally expanded my professional network to share and discuss cybersecurity implementation ideas and lessons learned with colleagues from other NSF facilities. While the cohort program demands considerable effort, the NAN executive team found it to be a worthwhile endeavor. I heartily encourage the leadership of NSF facilities that have not yet participated in the cohort training to do so.”

Scott Sakai, Security Analyst at SDSC, found that: “Trusted CI’s Framework cohort provided a supportive environment to explore the strengths and weaknesses of the state of our cybersecurity efforts in the context of the Trusted CI Framework.  While strengths were praised, shortcomings and challenges were met with non-judgmental, matter-of-fact discussion rather than punitive shaming: a response that promotes a path to resolution and understanding.”

Mr. Sakai also noted that: “Importantly, the Trusted CI Framework, and guidance from the Trusted CI cohort team emphasize the significance of governance and mission alignment – two foundational concepts that bring together cybersecurity and leadership, and help formulate what a meaningful dialog between the two might look like. This sets it apart from other approaches to a security program that focus on policy and controls, a difference that will hopefully foster an asset that is approachable and predictable instead of a mysterious line-item expense in the budget.”

In January 2024 Trusted CI began the fifth Framework cohort engagement, whose members include:  

Trusted CI is excited to be working with these new sites to advance their understanding and implementation of cybersecurity programs and best practices!

For more information, please contact us at