Trusted CI Webinar: Regulated Communities of Practice, September 26th @11am EST

Carolyn Ellis and Erik Deumens will be presenting the talk, Lowering the barrier to entry for Regulated Research through community building, September 26th at 11am (Eastern).

Please register here.

Keeping up on the newest Federal regulations or supporting it appropriately is a full time job even though it is rarely able to be a dedicated position. We will share how a new community of practice on the block is lowering the barrier to entry by elevating the entire community’s regulated research programs through: 1) Building relationships 2) Collecting best practices 3) Opening the dialogue on challenges by broadly sharing lessons learned 4) Aligning with other communities 5) Simplifying compliance 6) Advocating for the community

Regulated Research Community of Practice (RRCoP) is a partner of Trusted CI looking to extend the reach towards research compliance and advocacy of the special circumstances that make research in academic institutions different from industry.

Join us for glimpse of RRCoP roots, recent contributions, lessons learned, and what the future holds.

Speaker Bios:

Carolyn Ellis is the CMMC Program Manager at University of California, San Diego, where she builds and leads sustainable regulated research programs. Carolyn has significant experience in grants, research, and implementing the security enclaves for DOD contracts. As leadership of NSF award # 2201028, Building a Community of Practice for Supporting Regulated Research, Carolyn is passionate about growing future leaders within the research compliance community. Her community building efforts also include mentoring within various women in STEM communities such as WiCys (Women in Cybersecurity).

Erik Deumens has a PhD in computational nuclear and chemical physics and has done research in modeling of chemical reactions and designed complex computational software. Since 2011, he is the full time director of the department of Research Computing in UFIT at the University of Florida. Starting 2015, he and his staff have been in charge of a FISMA 800-53 moderate computing environment for research. During 2018 a second generation system was completed to meet both FISMA and CUI 800-171 requirements. The new system has the advantage that it is more cost effective for research budgets. The system was assessed for compliance by a 3PAO. See https:///www.rc.ufl.edu for details on UFIT RC.

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

 

Higher Education Regulated Research Workshop Series: A Collective Perspective

Regulated research data is a growing challenge for NSF funded organizations in research and academia, with little guidance on how to tackle regulated research institutionally. Trusted CI would like to bring the community’s attention to an important report released today by the organizers of a recent, NSF-sponsored* Higher Education Regulated Research Workshop Series that distills the input of 155 participants from 84 Higher Education institutions. Motivated by the Higher Ed community’s desire to standardize strategies and practices, the facilitated** workshop sought to find efficient ways for institutions large and small to manage regulated research data and smooth the path to compliance. It identified six main pillars of a successful research cybersecurity compliance program, namely Ownership and Roles, Financials and Cost, Training and Education, Auditing, Clarity of Controls, and Scoping. The report presents each pillar as a chapter, complete with best practices, challenges, and recommendations for research enablers on campus. While it focuses on Department of Defense (DOD) funded research, Controlled Unclassified Information (CUI), and health research, the report offers ideas and guidance on how to stand up a well managed campus program that applies to all regulated research data. It represents a depth and breadth of community collaboration and institutional experience never before compiled in a single place.

Organized by Purdue University with co-organizers from Duke University, University of Florida, and Indiana University, the workshop comprised six virtual sessions between November 2020 and June 2021. Participants ranged from research computing directors, information security officers, compliance professionals, research administration officers, and personnel who support and train researchers.

The full report is available at the EDUCAUSE Cybersecurity Resources page at https://library.educause.edu/resources/2021/7/higher-education-regulated-research-workshop-series-a-collective-perspective. It was co-authored by contributors from Purdue University, Duke University, University of Florida, Indiana University, Case Western Reserve University, University of Central Florida, Clemson University, Georgia Institute of Technology, and University of South Carolina.

See https://www.trustedci.org/compliance-programs for additional materials from Trusted CI on the topic of compliance programs.

* NSF Grant #1840043, “Supporting Controlled Unclassified Information with a Campus Awareness and Risk Management Framework”, awarded to Purdue University
** by Knowinnovation

PEARC20: Another successful workshop and training at PEARC

Trusted CI had another successful exhibition at PEARC20.

We hosted our Fourth Workshop on Trustworthy Scientific Cyberinfrastructure for our largest audience to date. The topics covered during the year's workshop were:

• Community Survey Results from the Trustworthy Data Working Group (slides) 
• Presenters: Jim Basney, NCSA / Trusted CI; Jeannette Dopheide, NCSA / Trusted CI; Kay Avila, NCSA / Trusted CI; Florence Hudson, Northeast Big Data Innovation Hub / Trusted CI
  
• Characterization and Modeling of Error Resilience in HPC Applications (slides)
• Presenter: Luanzheng Guo, University of California-Merced 
  
• Trusted CI Fellows Panel (slides)
• Moderator: Dana Brunson, Internet2
• Panelists: Jerry Perez, University of Texas at Dallas; Laura Christopherson, Renaissance Computing Institute; Luanzheng Guo, University of California, Merced; Songjie Wang, University of Missouri; Smriti Bhatt, Texas A&M University - San Antonio; Tonya Davis, Alabama A&M University
• Analysis of attacks targeting remote workers and scientific computing infrastructure during the COVID19 pandemic at NCSA/UIUC (slides)
• Presenters: Phuong Cao, NCSA / University of Illinois at Urbana-Champaign; Yuming Wu, Coordinated Science Laboratory / University of Illinois at Urbana-Champaign; Satvik Kulkarni, University of Illinois at Urbana-Champaign; Alex Withers, NCSA / University of Illinois at Urbana-Champaign; Chris Clausen, NCSA / University of Illinois at Urbana-Champaign
• Regulated Data Security and Privacy: DFARS/CUI, CMMC, HIPAA, and GDPR (slides)
• Presenters: Erik Deumens, University of Florida; Gabriella Perez, University of Iowa;  Anurag Shankar, Indiana University
• Securing Science Gateways with Custos Services (slides)
• Presenters: Marlon Pierce, Indiana University; Enis Afgan, Johns Hopkins University; Suresh Marru, Indiana University; Isuru Ranawaka, Indiana University; Juleen Graham, Johns Hopkins University
  

We will post links to the recordings when they are made public.

In addition to the workshop, Trusted CI team member Kay Avila co-presented a Jupyter security tutorial titled “The Streetwise Guide to Jupyter Security” (event page) with Rick Wagner.  This presentation was based on the “Jupyter Security” training developed by Rick Wagner, Matthias Bussonnier, and Trusted CI’s Ishan Abhinit and Mark Krenz for the 2019 NSF Cybersecurity Summit.

Trusted CI Webinar: Cybersecurity Maturity Model Certification (CMMC) on Tues Oct 6 @11am Eastern

Trusted CI's Scott Russell is presenting the webinar, Cybersecurity Maturity Model Certification (CMMC), on Tuesday October 6th at 11am (Eastern). 

Please register here. Be sure to check spam/junk folder for registration confirmation email.

The US has historically taken a fairly minimalist approach to cybersecurity regulation, but recent years have evidenced a trend toward increasing regulation. The latest in this trend is the US Department of Defense’s “Cybersecurity Maturity Model Certification” (CMMC). CMMC has garnered quite a bit of attention recently, as it intends to impose cybersecurity compliance requirements on the entire Defense Industrial Base (DIB), over 300,000 organizations (including some universities). CMMC has emerged at a breakneck pace, and there is still a great deal of uncertainty regarding who is impacted, what is required, and how organizations should respond.

This talk will 1) introduce US cybersecurity regulation and compliance generally; 2) provide the background and context leading to CMMC; 3) overview CMMC; and 4) suggest approaches for thinking about cybersecurity compliance moving forward.

Speaker Bio:

Scott Russell is a Senior Policy Analyst at the Indiana University Center for Applied Cybersecurity Research. Scott was previously the Postdoctoral Fellow in Information Security Law & Policy. Scott’s work thus far has emphasized private sector cybersecurity best practices, data aggregation and the First and Fourth Amendments, and cybercrime in international law. Scott studied Computer Science and History at the University of Virginia and received his J.D. from the Indiana University, Maurer School of Law.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Introducing the Law and Policy Student Affiliate Program

The CACR-Maurer Student Affiliate program is a collaboration between the IU Center for Applied Cybersecurity Research (CACR), which leads Trusted CI, and the IU Maurer School of Law, wherein law students with a demonstrated interest in privacy and cybersecurity are given an opportunity to work on real world legal problems. The student affiliates work directly with Scott Russell, who is a Senior Policy Analyst at CACR, Trusted CI team member, and a Maurer graduate, and contribute to law and policy guidance materials produced by Trusted CI.

Previous student affiliates have conducted research relating to Controlled Unclassified Information, the EU General Data Protection Regulation, the California Consumer Privacy Act, US Export Control Laws and Regulations, the DoD Cybersecurity Maturity Model Certification, and Artificial Intelligence & Ethics. Materials developed by these student affiliates have directly contributed to guidance materials Trusted CI has created for the NSF science community, including webinars, live presentations, trainings, blog posts, internal whitepapers, and memorandi. 

For the Fall 2020 semester, there will be one student affiliate: Madeline Blaney. Madeline is a second year law student at Maurer and the President of the Maurer Cybersecurity and Privacy Law Association. 

The program is managed by Maurer professor Joseph Tomain, who also manages the Maurer Graduate Certificate in Cybersecurity Law and Policy and the Graduate Certificate in Information Privacy Law and Policy. Student affiliates receive 1 credit hour for participating in the program. Participation in the student affiliate program is typically reserved for students pursuing a Maurer Graduate Certificate in Cybersecurity Law and Policy but is also open to non-certificate students with sufficient background in privacy and cybersecurity law. This is CACR’s fourth semester with student affiliates, building on a long history of collaboration between CACR and Maurer.

PEARC20: Join us at the Fourth Workshop on Trustworthy Scientific Cyberinfrastructure

Join us at the Fourth Workshop on Trustworthy Scientific Cyberinfrastructure at PEARC20 on Monday July 27th, 8:00am - 12:00pm Pacific Time (11:00am - 3:00pm Eastern Time / 15:00 - 19:00 UTC). The workshop provides an opportunity for sharing experiences, recommendations, and solutions for addressing cybersecurity challenges in research computing. It also provides a forum for information sharing and discussion among a broad range of attendees, including cyberinfrastructure operators, developers, and users.

The workshop is organized according to the following goals:

• Increase awareness of activities and resources that support the research computing community's cybersecurity needs. 
• Share information about cybersecurity challenges, opportunities, and solutions among a broad range of participants in the research computing community.
• Identify shared cybersecurity approaches and priorities among workshop participants through interactive discussions.
  

Schedule

See our workshop page for the full presentation abstracts. The order of presentations is subject to change and will be posted to the workshop page. 

• 8:00 am Pacific / 11:00 am Eastern 
• Community Survey Results from the Trustworthy Data Working Group   
• Presenters: Jim Basney, NCSA / Trusted CI
  Jeannette Dopheide, NCSA / Trusted CI
  Kay Avila, NCSA / Trusted CI
  Florence Hudson, Northeast Big Data Innovation Hub / Trusted CI
• 8:30 am Pacific / 11:30 am Eastern 
• Characterization and Modeling of Error Resilience in HPC Applications 
• Presenter: Luanzheng Guo, University of California-Merced
• 9:00 am Pacific / 12:00 pm Eastern
• Trusted CI Fellows Panel
• Moderator: Dana Brunson, Internet2 
• Panelists: Jerry Perez, University of Texas at Dallas
  Laura Christopherson, Renaissance Computing Institute
  Luanzheng Guo, University of California, Merced
  Songjie Wang, University of Missouri
  Smriti Bhatt, Texas A&M University - San Antonio
  Tonya Davis, Alabama A&M University
  
• 9:30 - 10:30 am Pacific / 12:30 pm - 1:30 pm Eastern ***Break/Lunch***
• 10:30 am Pacific / 1:30 pm Eastern
• Analysis of attacks targeting remote workers and scientific computing infrastructure during the COVID19 pandemic at NCSA/UIUC
• Presenters: Phuong Cao, NCSA/U of Illinois at Urbana-Champaign
  Yuming Wu, Coordinated Science Lab/UIUC
  Satvik Kulkarni, U of Illinois at Urbana-Champaign
  Alex Withers, NCSA/U of Illinois at Urbana-Champaign
  Chris Clausen, NCSA/U of Illinois at Urbana-Champaign
• 11:00 am Pacific / 2:00 pm Eastern
• Regulated Data Security and Privacy: DFARS/CUI, CMMC, HIPAA, and GDPR
• Presenters: Erik Deumens, University of Florida
  Gabriella Perez, University of Iowa
  Anurag Shankar, Indiana University
• 11:30 am Pacific / 2:30 pm Eastern
• Securing Science Gateways with Custos Services
• Presenters: Marlon Pierce, Indiana University
  Enis Afgan, Johns Hopkins University
  Suresh Marru, Indiana University
  Isuru Ranawaka, Indiana University
  Juleen Graham, Johns Hopkins University

For any questions regarding this workshop, please contact workshop-cfp@trustedci.org.