Announcing the 2021 NSF Community Cybersecurity Benchmarking Survey

It's time again for the NSF Community Cybersecurity Benchmarking Survey (“Community Survey”). We’ve appreciated all the great participation in the past and look forward to seeing your responses again this year. The Community Survey, started in 2016, is a key tool used by Trusted CI to gauge the cybersecurity posture of the NSF science community. The twin goals of the Community Survey are: 1) To collect and aggregate information about the state of cybersecurity for NSF projects and facilities; and 2) To produce a report analyzing the results, which will help the community level-set and provide Trusted CI and other stakeholders a richer understanding of the community’s cybersecurity posture. (To view the previous years’ reports, see 2019 Report, 2017 Report, and 2016 Report.) To ensure the survey report is of maximum utility, we want to encourage a high level of participation, particularly from NSF Major Facilities. Please note that we are aggregating responses and minimizing the amount of project-identifying information we’re collecting, and any data that is released will be anonymized.

Survey Link: https://docs.google.com/forms/d/e/1FAIpQLSeooNKQdKx-W5kRol0vTYq0oLogBaT5Sy0G2tG6LwGWSoLc3g/viewform?usp=sf_link

Each NSF project or facility should submit only a single response to this survey. Completing the survey may require input from the PI, the IT manager, and/or the person responsible for cybersecurity (if those separate areas of responsibility exist). While answering specific questions is optional, we strongly encourage you to take the time to respond as completely and accurately as possible. If you prefer not to respond to or are unable to answer a particular question, we ask that you make that explicit (e.g., by using “other:” inputs) and provide your reason.

The response period closes June 30, 2021.

Thank you.

Announcing the 2017 NSF Community Cybersecurity Benchmarking Survey Report and the 2017 NSF Cybersecurity Summit Report

The second NSF Community Cybersecurity Benchmarking Survey Report is now available:

http://hdl.handle.net/2022/22171

The Community Survey’s purpose is to collect, analyze, and publish useful baseline benchmarking information about the NSF science community’s cybersecurity programs, practices, challenges, and concerns. This year’s survey is significant for receiving responses from 15 of the 25 NSF Large Facilities, and should provide particular insight into the specific cybersecurity practices and concerns of Large Facilities. Notable takeaways from this year’s survey include the dramatic increase in respondents who use multi-factor authentication, the lack of standardization or uniformity around cybersecurity budgets, and the highly variable implementation of software best practices, operational and programmatic cybersecurity safeguards, and cybersecurity governance.

Additionally, the report of the 2017 NSF Cybersecurity Summit to the community is also available. The report outlines progress the community has made based on recommendations from the previous year, attendee details and survey results for both the plenary and training portions of the Summit. The report in its entirety can be reviewed here: 

http://hdl.handle.net/2022/21882

We hope the results and analysis provide by these reports offer insight and inspire discussion.

2017 NSF Community Cybersecurity Benchmarking Survey -- Please Respond

Please complete the 2017 NSF Community Cybersecurity Benchmarking Survey.  

The 2017 survey: https://goo.gl/forms/oU7QS42WYe4fBsaC3

The goal of the annual survey is to collect and aggregate information over time about the state of cybersecurity for NSF projects and facilities and produce a report that will help the community a richer understanding of the environment and norms, as well as track changes to the security of the scientific cyberinfrastructure. We want to ensure the survey report is of maximum utility to the NSF researchers, projects, and facilities, and encourage a high level of participation. Your responses will help us meet that goal. We have made minor changes from the 2016 survey to clarify both questions and answers. Participation in the 2017 survey is requested whether or not you responded to the 2016 survey. (See the 2016 survey report at http://hdl.handle.net/2022/21355)

Each NSF project or facility should submit only a single response. Completing the survey may require input from the PI, the IT manager, and/or the person responsible for cybersecurity (if those separate areas of responsibility exist). While answering specific questions is optional, we strongly encourage you to take the time to respond as completely and accurately as possible. If you prefer not to respond or are unable to answer a question for some reason, we ask that you make that explicit (e.g., by using “other:” inputs) and provide your reason. Please note that we minimize the amount of project-identifying information we collect and will report responses only in the aggregate and CTSC will release results that we believe provide anonymity to the individual project or facility respondents.

The response period closes November 17, 2017.

2016 NSF Community Cybersecurity Benchmarking Survey Report

The 2016 NSF Community Cybersecurity Benchmarking Survey Report is now available:  

https://hdl.handle.net/2022/21355

Benchmarking information is frequently used to develop a common understanding of cybersecurity’s status and norms within a community. The purpose of this survey project was to collect, analyze, and publish useful baseline benchmarking information about the NSF science community’s cybersecurity programs, practices, challenges, and concerns. We received 27 responses to the survey including 16 responses from respondents with annual budgets greater than $1M (including 9 responses from the ~25 NSF Large Facilities).

We hope the results and analysis provide some benchmarking insight and inspire discussion.