2025 NSF Cybersecurity Summit Topics and Travel Plans

Help shape the Summit program by selecting the content you want to learn more about. You can suggest new topics in the comment field. We also want to hear more about your travel plans this year.

Thank you for your time!

https://forms.gle/1aavqtYvvLRuLJCo7
This form will close on Tuesday, May 27th at 5pm Eastern.

To learn more about the Summit, go to: https://trustedci.org/summit 

Survey Report: Scientific Data Security Concerns and Practices

The Trustworthy Data Working Group has published a report at https://doi.org/10.5281/zenodo.3906865 that summarizes the results from our survey of scientific data security concerns and practices. 111 participants completed the survey from a wide range of positions and roles within their organizations and projects. We invite the community’s feedback on this report and input to the ongoing work of the working group via the working group mailing list. You may also send input directly to Jim Basney at jbasney@illinois.edu.

Next, the working group will be developing guidance on trustworthy data for science projects and cyberinfrastructure developers, based on the survey results and on resources from NIST, RDA, ESIP and others. Related work includes NIST 1800-25, the TRUST Principles for Digital Repositories, and Risk Assessment for Scientific Data. The working group will also be providing input into the next revision of the Open Science Cyber Risk Profile (OSCRP).

Working group membership is open to all who are interested. Please visit https://www.trustedci.org/2020-trustworthy-data for details.

Study of scientific data security concerns and practices

The Trustworthy Data Working Group invites scientific researchers and the cyberinfrastructure professionals who support them to complete a short survey about scientific data security concerns and practices.

The working group is a collaborative effort of Trusted CI, the four NSF Big Data Innovation Hubs, the NSF CI CoE Pilot, the Ostrom Workshop on Data Management and Information Governance, the NSF Engagement and Performance Operations Center (EPOC), the Indiana Geological and Water Survey, the Open Storage Network, and other interested community members. The goal of the working group is to understand scientific data security concerns and provide guidance on ensuring the trustworthiness of data.

The purpose of this survey is to:

• Improve broad understanding of the range of data security concerns and practices for open science
• Provide input and help shape new guidance for science projects and cyberinfrastructure providers
• Serve as an opportunity to consider local data security concerns during a voluntary, follow-up interview

Please visit https://surveys.illinois.edu/sec/281601 to complete the survey (before May 31st), and please share this announcement to help us obtain a broad set of responses representing a diversity of perspectives across the scientific community. Multiple individuals from the same organization/project are welcome to take the survey.

Survey results, along with the analysis and applicable guidance, will be published by the Trustworthy Data Working Group as a freely available report by the end of 2020. Please visit https://trustedci.org/trustworthy-data for updated information about the study.

Any questions/comments, please contact Jim Basney at jbasney@illinois.edu.

Announcing the 2019 NSF Community Cybersecurity Benchmarking Survey Report

The third NSF Community Cybersecurity Benchmarking Survey Report is now available:

http://hdl.handle.net/2022/24912

The Community Survey’s purpose is to collect, analyze, and publish useful baseline benchmarking information about the NSF science community’s cybersecurity programs, practices, challenges, and concerns. This year’s survey received responses from 23 institutions, including 14 NSF Major Facilities (previously “Large Facilities”). Notable takeaways from this year’s survey include the continued increase in respondents who use multi-factor authentication (reaching 75%), the continued variability in cybersecurity budgets, a significant increase in respondents who practice residual risk acceptance, and all of the respondents either having already established a cybersecurity program or being in the process of establishing one. We hope the results and analysis provided by this report offer insight and inspire discussion.

Announcing the 2017 NSF Community Cybersecurity Benchmarking Survey Report and the 2017 NSF Cybersecurity Summit Report

The second NSF Community Cybersecurity Benchmarking Survey Report is now available:

http://hdl.handle.net/2022/22171

The Community Survey’s purpose is to collect, analyze, and publish useful baseline benchmarking information about the NSF science community’s cybersecurity programs, practices, challenges, and concerns. This year’s survey is significant for receiving responses from 15 of the 25 NSF Large Facilities, and should provide particular insight into the specific cybersecurity practices and concerns of Large Facilities. Notable takeaways from this year’s survey include the dramatic increase in respondents who use multi-factor authentication, the lack of standardization or uniformity around cybersecurity budgets, and the highly variable implementation of software best practices, operational and programmatic cybersecurity safeguards, and cybersecurity governance.

Additionally, the report of the 2017 NSF Cybersecurity Summit to the community is also available. The report outlines progress the community has made based on recommendations from the previous year, attendee details and survey results for both the plenary and training portions of the Summit. The report in its entirety can be reviewed here: 

http://hdl.handle.net/2022/21882

We hope the results and analysis provide by these reports offer insight and inspire discussion.

2017 NSF Community Cybersecurity Benchmarking Survey -- Please Respond

Please complete the 2017 NSF Community Cybersecurity Benchmarking Survey.  

The 2017 survey: https://goo.gl/forms/oU7QS42WYe4fBsaC3

The goal of the annual survey is to collect and aggregate information over time about the state of cybersecurity for NSF projects and facilities and produce a report that will help the community a richer understanding of the environment and norms, as well as track changes to the security of the scientific cyberinfrastructure. We want to ensure the survey report is of maximum utility to the NSF researchers, projects, and facilities, and encourage a high level of participation. Your responses will help us meet that goal. We have made minor changes from the 2016 survey to clarify both questions and answers. Participation in the 2017 survey is requested whether or not you responded to the 2016 survey. (See the 2016 survey report at http://hdl.handle.net/2022/21355)

Each NSF project or facility should submit only a single response. Completing the survey may require input from the PI, the IT manager, and/or the person responsible for cybersecurity (if those separate areas of responsibility exist). While answering specific questions is optional, we strongly encourage you to take the time to respond as completely and accurately as possible. If you prefer not to respond or are unable to answer a question for some reason, we ask that you make that explicit (e.g., by using “other:” inputs) and provide your reason. Please note that we minimize the amount of project-identifying information we collect and will report responses only in the aggregate and CTSC will release results that we believe provide anonymity to the individual project or facility respondents.

The response period closes November 17, 2017.

2016 NSF Community Cybersecurity Benchmarking Survey Report

The 2016 NSF Community Cybersecurity Benchmarking Survey Report is now available:  

https://hdl.handle.net/2022/21355

Benchmarking information is frequently used to develop a common understanding of cybersecurity’s status and norms within a community. The purpose of this survey project was to collect, analyze, and publish useful baseline benchmarking information about the NSF science community’s cybersecurity programs, practices, challenges, and concerns. We received 27 responses to the survey including 16 responses from respondents with annual budgets greater than $1M (including 9 responses from the ~25 NSF Large Facilities).

We hope the results and analysis provide some benchmarking insight and inspire discussion.

Help CTSC Build Our Community Cybersecurity Benchmarking Survey

What information about other NSF projects and facilities will help you in your own cybersecurity efforts?  Please take a few minutes to share your thoughts via our online form by Friday, July 1st:

http://goo.gl/forms/n5JoFCVJB9Prcumr2

CTSC is developing a benchmarking survey to collect and aggregate information about cybersecurity in the NSF science community. We anticipate including questions on topics like cybersecurity budgets, type and frequency of security incidents, and most-used best practices resources and frameworks.

We want to ensure the survey report is of maximum utility to the NSF researchers, projects, and facilities, and encourage a high level of participation. Your input will help us meet that goal.