Trusted CI’s fifth Framework Cohort, “Echo”, successfully completed the six-month program of training and workshop engagement focused on learning and applying the Trusted CI Framework. Cohort members entered the engagement with a commitment to adopting the Framework at their organizations. They then worked closely with Trusted CI to gather site information and create validated self-assessments of their facility’s cybersecurity programs based on the Framework. Each organization also emerged with a draft Cybersecurity Program Strategic Plan (CPSP) identifying priorities and directions for further refining their cybersecurity programs. Echo cohort included the following research cyberinfrastructure providers:
Compact X-ray Free Electron Laser (CXFEL)
Inter-university Consortium for Political and Social Research (ICPSR)
National High Magnetic Field Laboratory
Security and Privacy Heterogeneous Environment for Reproducible Experimentation (SPHERE)
Thirty Meter Telescope International Observatory (TIO)
The foundation of the cohort program is the Trusted CI Framework. The Framework was created as a minimum standard for cybersecurity programs. In contrast to cybersecurity guidance focused narrowly on cybersecurity controls, the Trusted CI Framework provides a more holistic and mission-focused standard for managing cybersecurity. For these organizations, the cohort was their first formal training in the Trusted CI Framework “Pillars” and “Musts” and how to apply these fundamental principles to assess their cybersecurity programs.
Feedback on the program from cohort participants has been strongly positive.
Jim Berhalter, Director of IT for the National High Magnetic Field Laboratory at Florida State University, said: “The Trusted CI cohort has been invaluable to our organization and I would highly suggest participating. While some of it can be daunting, it was a comprehensive way to structure a cybersecurity plan for our organization and made me think about things I would’ve never thought about for our cybersecurity infrastructure.”
Joe Saul, Privacy and Security Officer, Adjunct Research Assistant Professor for ICPSR at University of Michigan, said: “Participating in the Trusted CI cohort was a rare opportunity. You get to learn from others who are facing some of the same challenges you are, and share your own experiences. You get to work with the Trusted CI team, who have talked to a LOT of other groups in similar situations, and hear their read on how you’re doing. Maybe most importantly, they help you take a step back and evaluate your own program and where you’re going. All of this for free. If you get the chance, jump at it. It’s a lot of work, but you aren’t going to get this anywhere else. And certainly not for free.”
Concurrent with leading Echo, Trusted CI continued quarterly engagement with graduates of the four previous Framework cohorts through the Research Infrastructure Security Community (RISC). Trusted CI established RISC as a community of practice to provide a forum for cohort graduates to exchange cybersecurity experience, best practices, challenges, etc., within the NSF research cyberinfrastructure community.
Trusted CI plans to use the second half of 2024 to implement a number of cohort program improvements based on participant feedback and lessons learned during the previous five cohort engagements. The Framework Team plans to implement improvements that enhance cohort participants' experience and increase potential impacts.
For more information, please contact us at info@trustedci.org.
Labels: cybersecurity programs, framework, major facilities