Registration Open for ’23 NSF Research Infrastructure Workshop

Trusted CI invites cybersecurity staff from NSF Major Facilities and NSF Mid-Scale Facilities to join us at the 2023 NSF Research Infrastructure Workshop, hosted by NSF’s Large Facilities Office (LFO). The Research Infrastructure Workshop (RIW) is a collaborative forum for all the NSF research infrastructure projects.

The workshop is a hybrid format and will be held Tuesday through Friday, June 27th - 30th at the Washington Marriott at Metro Center. 

Registration is currently open.

There will be many opportunities to join discussions on cyberinfrastructure and cybersecurity. A few highlights include:

• A dedicated Cybersecurity track on Day 2, which will cover the Trusted CI Framework, operational cybersecurity with ResearchSOC, and Regulated Research Community of Practice (RRCoP). Also, Robert Beverly (NSF) will provide introductory remarks for the Cybersecurity track.
  
• Trusted CI Director, Jim Basney, and Roland Roberts presenting, “Overview of Cybersecurity at Research Infrastructure: Balancing the Need to Be Secure and Also Open,” during the plenary session on Day 3.
• Tony Beasley (NRAO) presenting "Lessons from the 2022 Ransomware Attack on ALMA" during the plenary session on Day 3.
  
• Partner project CI Compass are presenting, “Overview of CI Compass and the Relevance of AI in Cyberinfrastructure,” during the plenary session on Day 1.
• And, a dedicated Cyberinfrastructure track on Day 1 covering "Models of Data Governance" and "Expanding use of AI in Research Infrastructure applications."

The drafted agenda is available (pdf) on RIW’s event site. The event includes a poster session, welcome reception, and a tour of the National Air and Space Museum.

Join Trusted CI's announcements mailing list for information about upcoming events. 

Registration Open for 3rd HPC Security Workshop at NIST NCCoE

Trusted CI is participating in the 3rd HPC Security Workshop, hosted by NIST’s National Cybersecurity Center of Excellence (NCCoE). The goal of the workshop is to gather community feedback, share the work of the HPC security working group, and to plan future tasks.

The in-person workshop will be held Wednesday through Thursday, March 15th - 16th in Rockville, MD. Registration is currently open.

The workshop will begin Wednesday morning with a keynote from NSF Program Officer Rob Beverly. Next, members of NCSA, PSC, and NCAR will present on their experiences as HPC operators. Later in the afternoon Trusted CI Director, Jim Basney will be presenting with colleagues on cybersecurity framework development, implementation, and assessment.

On Thursday, Erik Deumens, member of Trusted CI partner Regulated Research Community of Practice (RRCoP), will be participating in a presentation on HPC security research. Later, Trusted CI Deputy Director Sean Peisert will present the final keynote on secure data sharing in HPC environments.

The full agenda is available on NIST’s website.

Join Trusted CI's announcements mailing list for information about upcoming events.

SAVE THE DATE: Announcing the 2022 NSF Cybersecurity Summit, Oct 18-20 in Bloomington, Indiana

Please mark your calendars for the 2022 NSF Cybersecurity Summit planned for October 18-20 at the Monroe Convention Center, Bloomington, Indiana, near the Indiana University Campus.

Plenary sessions are scheduled to take place October 19th and 20th, while training and workshops will take place on the 18th.

Stay tuned for more information by following the Trusted CI Blog or our Announcement email list for more updates.

On behalf of Trusted CI

Join Us at EDUCAUSE CPP Conference - Early Registration Ends 3/22

Trusted CI will be presenting at the 2022 EDUCAUSE Cybersecurity and Privacy Professionals Conference on May 3 - 5th in Baltimore, MD. The CPPC is “the premier forum for connecting with higher education information security and privacy professionals.” Early registration for this conference ends Tuesday, March 22nd. Trusted CI’s Ishan Abhinit, Kathy Benninger, and Mark Krenz will be participating in the sessions listed below. We are looking forward to seeing you at this exciting event!

Training: Security Log Analysis
Tuesday, May 03 | 8:30AM–12:00PM ET
Presenters: Ishan and Mark
The security log analysis workshop walks participants through the security log analysis life cycle, providing considerations for centralized log collection and log management tools, phases of compromise, and examples from real attacks. We will be analyzing logs from Zeek Network Security Monitor, the Apache web server, two-factor authentication systems, cloud service logs, and others. This workshop also includes a hands-on exercise that will demonstrate techniques to analyze logs to detect security incidents using both the command line and Elastic Stack (aka ELK). The hands-on exercise will provide an overview of investigation techniques to determine security incident logs of some common attacks like SQL injection, filesystem traversal, brute force attacks, command-line injection, and more. Recent security vulnerabilities, such as log4shell, will also be discussed, along with techniques for detection. This will be an interactive session allowing Q&A and will also feature interactive polls to enhance participants' learning experience.

Training: Security in the Shell (or, How I Learned to Think Before Forking)
Tuesday, May 03 | 1:00PM–4:30PM ET
Presenters: Ishan and Mark
Although it is one of the oldest technologies in IT, the command line and terminal emulators continue to be in wide use for modern IT needs. Although people may think of these technologies as having a solid security footing, there are a number of ways someone can shoot themselves in the foot while using them, and I'm not just talking about running "rm -fr /". In this workshop, Mark Krenz, the creator of the popular Twitter account climagic, will demonstrate these and guide students through how to practice better command line security, from understanding the metadata that is generated by your favorite editor to knowing how to exploit SSH, knowing how to protect yourself when checking malware, and much more. There is something for everyone in this workshop, and you are sure to come away with a plethora of job-saving tips.

Breakout session: Security Recommendations for Science DMZs
Wednesday, May 04 | 10:45AM–11:30AM ET
Presenters: Ishan, Kathy, and Mark
A Science DMZ is a special network architecture designed to improve the speed at which large science data transfers can be made. They have become a common solution to the issue of busy academic networks causing slowdowns or failures of large data transfers. A new paper published by Trusted CI on the security of Science DMZs provides an overview of this type of network architecture, summarizing the current best practice cybersecurity risk mitigations as well as providing additional security recommendations. This session is a brief introduction to the Science DMZ concept and presents an overview of the mitigations documented in the paper.

Don't Miss Trusted CI at EDUCAUSE CPP Conference

Members of Trusted CI and partner projects will be presenting at the The 2021 EDUCAUSE Cybersecurity and Privacy Professionals Conference (formerly known as the Security Professionals Conference), to be held Tuesday June 8th - Thursday June 10th. The conference "will focus on restoring, evolving, and transforming cybersecurity and privacy in higher education."

Below is a list of presentations that include Trusted CI team members and partners:
 

Regulated Research Community Workshops

Tuesday, June 08 | 12:15p.m. - 12:35p.m. ET

• Anurag Shankar - Senior Security Analyst, Indiana University
• Erik Deumens - Director UF Research Computing, University of Florida
• Carolyn Ellis - Program Manager, Purdue University
• Jay Gallman - Security IT Analyst, Duke University

Supporting institutional regulated research comes with a wide range of challenges impacting units that haven't commonly worked together. Until recently, most institutions have looked internally to develop their regulated research programs. Since November 2020, 30 institutions have been gathering for six workshops to share their experience and challenges working establishing regulated research programs. This session will share the process involved in making these workshops successful and initial findings of this very specialized group.

Big Security on Small Budgets: Stories from Building a Fractional CISO Program

Thursday, June 10 | 2:00p.m. - 2:45p.m. ET

• Susan Sons - Chief Security Analyst, Indiana University Bloomington

No one in cybersecurity has an infinite budget. However, those booting up cybersecurity programs in organizations whose leadership haven't fully bought in to the value of cybersecurity operations, bolting security on to an organization that has been operating without it for too long, or leading cybersecurity for a small or medium-sized institution often have even less to work with: smaller budgets, less training, fewer personnel, less of every resource. Meanwhile, the mandate can seem infinite. In this talk, Susan Sons, Deputy Director of ResearchSOC and architect of the fractional CISO programs at ResearchSOC, OmniSOC, and IU's Center for Applied Cybersecurity Research, discusses approaches to right-sizing cybersecurity programs and getting the most out of limited resources for small and medium-sized organizations. This talk covers strategies for prioritizing security needs, selecting controls, and using out-of-the-box approaches to reduce costs while ensuring the right things get done. Bring your note pad: we'll refer to a number of outside references and resources you can use as you continue your journey.

SecureMyResearch at Indiana University

Thursday, June 10 | 1:00p.m. - 1:20p.m. ET

• William Drake - Senior Security Analyst, Indiana University
• Anurag Shankar - Senior Security Analyst, Indiana University

Cybersecurity in academia has achieved significant success in securing the enterprise and the campus community at large through effective use of technology, governance, and education. It has not been as successful in securing the research mission, however, owing to the diversity of the research enterprise, and of the time and other constraints under which researchers must operate. In 2019, Indiana University began developing a new approach to research cybersecurity based on its long experience in securing biomedical research. This resulted in the launch of SecureMyResearch, a first-of-its-kind service to provide cybersecurity and compliance assistance to researchers and stakeholders who support research. It was created not only to be a commonly available resource on campus but also to act as a crucible to test new ideas that depart from or are beyond enterprise cybersecurity practice. Those include baking security into workflows, use case analysis, risk acceptance, researcher-focused messaging, etc. A year later, we have much to share that is encouraging, including use cases, results, metrics, challenges, and stories that are likely to be of interest to those who are beginning to tackle research cybersecurity. We also will be sharing information and advice on a method of communicating the need for cybersecurity to researchers that proved to be highly successful, and other fresh ideas to take home and leverage on your own campus.

Lessons from a Real-World Ransomware Attack on Research

Thursday, June 10 | 12:25p.m. - 12:45p.m. ET

• Andrew Adams - Security Manager / CISO, Carnegie Mellon University
• Von Welch - Director, CACR, Indiana University
• Tom Siu - CISO, Michigan State University
  

In this talk, co-presented by the Michigan State University (MSU) Information Security Office and Trusted CI, the NSF Cybersecurity Center of Excellence, we will describe the impact and lessons learned from a real-world ransomware attack on MSU researchers in 2020, and what researchers and information security professionals can do to prevent and mitigate such attacks. Ransomware attackers have expanded their pool of potential victims beyond those with economically valuable data. In the context of higher ed, this insidious development means researchers, who used to be uninteresting to cybercriminals, are now targets. During the first part of the presentation, we will explain the MSU ransomware incident and how it hurt research. During the second part, we will elaborate on mitigation strategies and techniques that could protect current and future academic researchers. Finally, we will conclude with a question-and-answer session in which audience members are encouraged to ask Trusted CI staff about how to engage researchers on information security. Trusted CI has unique expertise in building trust with the research community and in framing the cybersecurity information for them. Trusted CI regularly engages with researchers, rarely security professionals, and has a track record of success in communicating with researchers about cybersecurity risks.

Until We Can't Get It Wrong: Using Security Exercises to Improve Incident Response

Wednesday, June 09 | 2:00p.m. - 2:20p.m. ET

• Josh Drake - Senior Security Analyst, Indiana University Bloomington
• Zalak Shah - Senior Security Analyst, Indiana University

Incident response can be challenging at the best of times, and when one is responding to a major incident, it is rarely the best of times. A rigorous program of security exercises is the best way to ensure than any organization is prepared to meet the challenges that may come. The best cybersecurity teams have learned not just to practice until they can get it right, but to practice until they can't get it wrong. They use a regular program of security exercises coupled with pastmortem analysis and follow-up to ensure that the whole team, and all of the technologists and organizational support they work with, get better at handling incidents over time. This session will teach you how to build a security exercise program from the ground up and use it to ensure that your incident response capabilities can be relied on no matter what happens.

Google Drive, the Unknown Unknowns

Wednesday, June 09 | 12:00p.m. - 12:45p.m. ET

• Ishan Abhinit - Senior Security Analyst, Indiana University Bloomington
• Mark Krenz - Chief Security Analyst, Indiana University

Every day countless thousands of students and staff around the world use cloud storage systems such as Google Drive to store their data. This data may be classified public, internal, and even confidential or restricted. Although Google Drive provides users with ways to control access to their data, my experiences have shown that users often aren't aware that they are exposing their data beyond their expected trust boundary. In this talk I will briefly introduce the audience to Google Drive, sharing some of my own experiences dealing with security concerns. Then I will provide an overview of the issues that academic and research institutions face when using it. I'll highlight the security threats to your data and how to deal with various situations, such as when someone leaves a project, when data is accidentally deleted, or when data is shared and you don't know it. In the second half of the presentation I'll provide the audience with some solutions to these security issues that are useful to a variety of institutions large and small as well as individual projects and people. Some of these solutions were developed by me and my team to solve our own issues, and so now I'll be sharing these solutions and tools with the community at large.

The full agenda, including the on-demand program, is available online.

SAVE THE DATE: Announcing the 2021 Virtual NSF Cybersecurity Summit, Oct 12th & 13th.

It is our pleasure to announce that the 2021 NSF Cybersecurity Summit plenary session is scheduled to take place October 12^th and 13^th. The dates for additional events, like training sessions and workshops, are still being determined and will likely take place in the days surrounding the plenary. Due to the continued impact of the global pandemic, we will hold this year’s summit online instead of in-person.

The final program is still evolving, but we will maintain the mission to provide a format designed to increase the NSF community’s understanding of cybersecurity strategies that strengthen trustworthy science: what data, processes, and systems are crucial to the scientific mission, what risks they face, and how to protect them.

Please save the dates on your schedule. We look forward to seeing you there

Registration is now open for the 2020 NSF Cybersecurity Summit

It is our great pleasure to announce the 2020 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure. The event will take place virtually Tuesday, September 22 through Thursday, September 24, 2020. Attendees will include cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI community, as well as key stakeholders and thought leaders from the broader scientific and cybersecurity communities.

Registration Complete the online registration form: https://trustedci.org/2020-nsf-summit

Thank you on behalf of the Program and Organizer Committee.

2020 NSF Cybersecurity Summit CFP extended to July 13

2020 NSF Cybersecurity Summit Call for Participation (CFP) has been extended, deadline is COB on Monday July 13th. 

Call for Participation (CFP)

Program content for the summit is driven by our community. We invite proposals for presentations, breakout and training sessions, as well as nominations for student scholarships. The deadline for CFP submissions is July 13th To learn more about the CFP, please visit: https://trustedci.org/cfp-2020

2020 NSF Cybersecurity Summit Call For Participation - NOW OPEN - Deadline is Monday, June 29th

It is our pleasure to announce that the 2020 NSF Cybersecurity Summit is scheduled to take place Tuesday, September 22 through Thursday the 24th. Due to the impact of the global pandemic, we will hold this year’s summit on-line instead of in-person as originally planned.

The final program is still evolving, but we will maintain the mission to provide a format designed to increase the NSF community’s understanding of cybersecurity strategies that strengthen trustworthy science: what data, processes, and systems are crucial to the scientific mission, what risks they face, and how to protect them.

 

Call for Participation (CFP)

Program content for the summit is driven by our community. We invite proposals for presentations, breakout and training sessions, as well as nominations for student scholarships. The deadline for CFP submissions is June 29th To learn more about the CFP, please visit: https://trustedci.org/cfp-2020

 

Student Program

Due to the Summit moving to a virtual format, we are offering access to all active students who apply (or until we reach our headcount limit). More information and application can be found at: trustedci.org/2020-student-program 

On behalf of the 2020 NSF Cybersecurity Summit organizers and program committee, we welcome your participation and hope to see you in September.

More information can be found at https://trustedci.org/2020-nsf-summit

2020 NSF Cybersecurity Summit will be Online September 22-24, 2020

Dear Trusted CI community,

This year’s NSF Cybersecurity Summit will be online, with no in-person meeting as originally planned. Please continue to hold September 22-24, 2020 for this event.

This decision was based on the feedback you gave us to our survey, discussions with our program committee, our assessment of conditions with an emphasis on your safety, and reports we are hearing from many of you that travel funding will be challenging for your institutions. We regret not being able to interact in person but look forward to an interactive event and seeing you again in 2021.

Please watch the Trusted CI Blog and Announcement email list for more updates, including a Call for Participation and subsequently a program. We are working with our program committee, who deserve extra thanks for their efforts in these new circumstances, to develop a program that takes advantage of the online nature to deliver a quality event we hope will make up for some of what we will miss from being together in-person.

Best,

Von Welch
Director, Trusted CI

Save the Date: 2020 Cybersummit Sep 22 - 24 in Bloomington, IN

Important update as of May 27, 2020: The 2020 NSF Cybersecurity Summit will be online.

Please mark your calendar for the 2020 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure, planned for September 22-24, 2020 in Bloomington,Indiana
Where: Monroe Convention Center, Bloomington, Indiana, near the Indiana University Campus

Stay tuned for more information by following the Trusted CI Blog (http://blog.trustedci.org/) & Twitter feed:  https://twitter.com/trustedci/

Information on prior summits is available at http://trustedci.org/summit/.

2019 NSF Cybersecurity Summit wrap-up: Strength in Numbers

The 2019 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure was a resounding success. Presentations have been posted to our website, more will be added as they become available.

Our attendance this year was 143, up from 117 attending last year. Presentation proposals saw an increase as well this year, which allowed us to offer a greater variety of trainings and topics. And, our student program had a significant increase in applications; prompting us to include 10 students, up from 6 students last year. In 2019 we launched our new Fellows program and the Cybersecurity Technology Transition to Practice (TTP) program, both of which were included in the Summit agenda of presentations.

Each year we write a report of the Summit, the highlights, and its findings. We are in the process of drafting the 2019 report and will post it soon.

We thank all the presenters, trainers, attendees, students, Fellows, and the event coordinators who helped make this our most successful Summit to date. And finally, we thank the NSF for their support of Trusted CI and our mission to lead in the development of a cybersecurity ecosystem.

PEARC19 wrap-up: Continuing our Commitment to Open Science

Jim Basney and Von Welch

Trusted CI had another successful presence at PEARC19. As noted in our pre-conference post, we presented our technical paper, a workshop, a panel, a poster, and exhibitor table; as well as attending and contributing to many other PEARC-related events.

A few highlights:

• Von's panel, "Community Engagement at Scale: NSF Centers of Expertise," was attended at full capacity.
• Our workshop, "Trustworthy Scientific Cyberinfrascture," was the first public debut of our Fellows. Matias Carrasco Kind, Jay Yang, Aunshul Rege, and Gabriella Perez shared their research backgrounds and discussed their specific cybersecurity needs.
• Members of the NSF project Services Layer at the Edge (SLATE) met face to face with Trusted CI to discuss their upcoming engagement.
• A series of lightning talks from Science Gateway operators during the Trusted CI workshop provided four gateway operators a chance to connect with the community on their cybersecurity issues.
• A random lunch encounter between Trusted CI staff and people in the Jupyter community led to a lively discussion on Jupyter security and is expected to lead to an upcoming collaboration on providing a Jupyter security workshop at a future conference.
• We presented at the AI4GOOD workshop regarding cybersecurity and ethics of artificial intelligence.

Von's Panel - Not a single open seat!

We thank the PEARC program committee for providing the opportunity to connect with members of our community and look forward to PEARC20.

Trusted CI Fellows at the workshop

Kay Avila, Mark Krenz, Florence Hudson

Anurag Shankar and Andrew Adams at the poster session

Registration is now open for the 2019 NSF Cybersecurity Summit

It is our great pleasure to announce registration is now open for  the 2019 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure.  The event will take place Tuesday, October 15 thru Thursday, October 17, 2019, at the Catamaran Hotel, San Diego, CA.  Attendees will include cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI community, as well as key stakeholders and thought leaders from the broader scientific and cybersecurity communities.


Complete the online registration form by October 9, 2019: https://trustedci.org/2019-nsf-cybersecurity-summit

2019 NSF Cybersecurity Summit Call For Participation - NOW OPEN - Deadline is Monday, August 12th

It is our pleasure to announce and invite you to the 2019 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure.  The event will take place Tuesday, October 15th through Thursday, October 17th, at the Catamaran Hotel in San Diego, CA. Attendees will include cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI community, as well as key stakeholders and thought leaders from the broader scientific and cybersecurity communities. Registration and hotel reservations details will be announced in the coming weeks. We are happy to announce the call for participation, community leadership recognition program, and student program are now open and we welcome your proposals.

Call for Participation (CFP)

Program content for the summit is driven by our community. We invite proposals for presentations, breakout and training sessions, as well as nominations for student scholarships. The deadline for CFP submissions is August 12th, 2019. To learn more about the CFP, please visit: https://trustedci.org/cfp2019

Nominations for the Community Leadership Recognition Program

The Summit seeks to recognize outstanding leadership in the cyberinfrastructure and cybersecurity field. These leaders have developed and established the processes and practices for building a trusting, collaborative community, and seriously addressing that community's core cybersecurity challenges in ways that remain relevant as research technologies and infrastructure evolve and change. The deadline for CFP submissions is August 12th, 2019. More information on the program and how to submit a nomination can be found here: http://trustedci.org/leadership2019

Student Program - Accepting Applications

Each year, the summit organizers invite several students to attend the summit. Students who are interested in cybersecurity and new, efficient, effective ways to protect information assets while supporting science will benefit from attending. Undergraduate and Graduate students may self-nominate or be nominated by a teacher or mentor. The deadline for applications is August 12th, 2019.. To learn more about the Student Program, please visit: https://trustedci.org/summit2019/students

On behalf of the 2019 NSF Cybersecurity Summit organizers and program committee, we welcome your participation and hope to see you in October.

More information can be found at https://trustedci.org/2019-nsf-cybersecurity-summit

Trusted CI at the 2019 annual Great Plains Networks All-Hands Meeting May 21-23

Ishan Abhinit conducting log analysis exercise at GPN AHM 2019

Following on the successful workshops Trusted CI staff provided at the 2017 Great Plains Network All-Hands Meeting, The Trusted CI staff was invited back to the event in 2019 by GPN staff. Five members of the Trusted CI staff presented a series of three workshops from May 21st - 23rd at the 2019 Great Plains Networks All-Hands Meeting. The workshops covered log analysis, risk management for regulated data, and developing information security programs for research projects and facilities.

Building a NIST Risk Management Framework for HIPAA and FISMA Compliance - Wednesday, May 22 (Anurag Shankar & Ryan Kiser)
Anurag Shankar and Ryan Kiser led a workshop to prepare attendees to effectively leverage NIST’s risk management guidelines as a tool to address the increasingly heavy demands of regulated data on research workflows. They provided an overview of the requirements for handling different types of regulated data such as PHI and CUI as well as a unified risk-based methodology for adhering to these requirements.

Security Log Analysis - Wednesday, May 22 (Mark Krenz & Ishan Abhinit)
Mark Krenz and Ishan Abhinit presented a half day workshop on Security Log Analysis including a 45 minute exercise developed by fellow Trusted CI colleague Kay Avila. The hands on exercise involved performing analysis on an Apache web server log file to find attacks at 6 levels of difficulty. The workshop also covered important aspects of collecting, organizing and analyzing log files as well as provided specific techniques for finding different types of attacks. Real time polling was utilized as a method of helping enguage with attendees as well as gaining insight into community practices.


A Practical Cybersecurity Framework for Open Science Projects and Facilities- Thursday, May 23 (Bob Cowles)
Bob conducted a workshop to give attendees a foundation in what it means to have a basic, competent cybersecurity program for open science projects. In addition to lively discussion from the participants, the four pillars of the Trusted CI Framework were presented along with the sixteen “musts” that compose the core framework requirements. Participants were provided with the tools for building a cybersecurity program and encouraged to use a set of rational, evidence-based controls as a component of their program.

Left to right: Bob, Anurag, Ishan, Michael, Mark, Ryan

Attending the conference also allowed Trusted CI staff to meeting and provide less formalized cybersecurity discussion and consultation during social events at the conference. While visiting Kansas City, the Trusted CI team also had the opportunity to meet with Michael Grobe, who is a member of the distributed computing community and co-developer of Lynx, one of the first popular web browsers.

The materials presented by Trusted CI at the conference as well as others can be found on the Trusted CI website.

Many opportunities to meet with Trusted CI at PEARC19

There are numerous opportunities to interact with members of Trusted CI at PEARC19, July 28th - August 1st, in Chicago. PEARC19, "will explore the current practice and experience in advanced research computing including modeling, simulation, and data-intensive computing."

We will update our PEARC19 page as more scheduling info involving Trusted CI becomes available. The full schedule has been posted on PEARC's site.

7/08 Note: Room assignments have been updated.

Trusted CI Workshop on Trustworthy Scientific Cyberinfrastructure

Tuesday July 30th at 11am - 5pm in the Water Tower room

Our workshop provides an opportunity for sharing experiences, recommendations, and available resources for addressing cybersecurity challenges in research computing. Presentations by Trusted CI staff and community members will cover a broad range of cybersecurity topics, including science gateways, transition to practice, cybersecurity program development, workforce development, and community engagement (e.g., via the Trusted CI Fellows program). Space is still available for lightning talks. Please contact jbasney@illinois.edu if you are interested in presenting at the workshop.

Panel: Community Engagement at Scale: NSF Centers of Expertise panel

Tuesday July 30th at 1:30pm - 3pm in the Atlanta room

This panel brings together the leaders of centers of expertise serving the CI and NSF communities to present what they wish everyone knew about their respective area and to explore the challenges and lessons learned with the cross-cutting topic of community engagement at scale. Panelists include:

• Ruth Marinshaw — Moderator (Stanford University)
• Daniel Crawford (MoISSI)
• Ewa Deelman (CI CoE Pilot)
• Jennifer Schopf (EPOC)
• Von Welch (ResearchSOC, Trusted CI)
• Nancy Wilkins-Diehr (SGCI)
• Frank Wuerthwein (OSG)

Technical Papers

Our technical paper, “Trusted CI Experiences in Cybersecurity and Service to Open Science,” will be published in the proceedings. To read the pre-print copy, click here.

Trusted CI's paper will be presented on Wednesday July 31st at 11am - 12:30pm in the Wrigley room.

Another paper presentation that may be of interest is “Integrity Protection for Scientific Workflow Data: Motivation and Initial Experiences.” This paper describes the experiences of the Scientific Workflow Integrity Project in protecting data integrity.

SWIP's paper will be presented on Tuesday July 30th at 3:30 - 5pm in the Crystal C room.

AI4GOOD Workshop

Monday July 29th at 8:30am - 5pm in the Horner room

Trusted CI's Florence Hudson will be presenting in the AI4GOOD workshop on a panel about privacy, policies, security, and ethics regarding Artificial Intelligence. This workshop will provide a full-day of awareness, advocacy and hands-on training in basic skills needed by those who wish to employ or support artificial intelligence (AI) for accelerated research outcomes in a variety of domains. Biomedical advances, economic empowerment strategies, agricultural innovation and quality of life improvements for citizens in underserved regions will be emphasized.

Poster Reception

Tuesday July 30th at 6:30pm - 8:30pm in the Crystal Foyer and Crystal B rooms

Trusted CI is presenting a poster on our mission, how it can help your project, and the advances it is making in cybersecurity and resources for cybersecurity professionals.

The Exhibitors Hall

Trusted CI is a sponsor of PEARC19, and will have a table at the PEARC19 Exhibitors Hall. Meet members of our team and find out how we can provide cybersecurity support to your NSF project.

SIGHPC Systems Professionals Symposium19 [Added July 6th]

Von Welch will be speaking as part of the panel on HPC Cybersecurity from 10:30-11:30am on Monday at the SIGHPC Systems Professionals Symposium19.

Trusted CI Participates in ResearchSOC’s EDUCAUSE SPC Workshop

This blog post is cross-posted from the ResearchSOC blog. The ResearchSOC is a peer project of Trusted CI’s focused on providing operational cybersecurity services to the NSF community. It recently hosted a workshop at the 2019 EDUCAUSE Security Professionals Conference to which Trusted CI contributed.

--

“Securing and Supporting Research Projects: Facilitation Design Patterns” workshop

Posted on May 24, 2019 by toddston

In case you missed the above workshop at EDUCAUSE SPC (and you may well have missed it—the workshop filled up early, had a long wait list, and was almost standing room only), the slides from “Securing and Supporting Research Projects: Facilitation Design Patterns” are now available.

Presented by Michael Corn (CISO, UCSD) and Cyd Burrows-Schilling (Research Facilitator, UCSD), the workshop helped prepare security professionals to support sponsored research projects. It provided an overview of how research operates within Universities; taught facilitation skills for working with faculty; and provided guidance on how to develop a project specific security plan that meets the requirements of NSD, DoD, and other sponsoring organizations.

We were honored to have Professor Tanya Berger-Wolf from the University of Illinois at Chicago join us in person. The session with Professor Berger-Wolf was a highlight of the workshop, and helped attendees understand how cybersecurity professionals can work with researchers and learn to navigate the gap between the traditional top-down approach to security and the practicalities of everyday research lab infrastructures.

And she is doing some really cool research.

Claire Mizumoto, Director of Research IT Services at UCSD joined us remotely and gave a thought-provoking presentation on the hurdles researchers face in obtaining funding, preparing grants, and meeting the aggressive time demands of obtaining tenure.

Florence D. Hudson, who is Founder and CEO at FDHint, LLC and Special Adviser to our friends at Trusted CI, the NSF Cybersecurity Center of Excellence, gave an overview of three extremely useful tools: the NSF Cybersecurity Planning Guide, the Software Engineering Guide, and the Information Security Practice Principles. If you’re charged with providing cybersecurity for research projects of any size, these are pretty much required reading.

Vlad Grigorescu, Security Engineer at ESnet, led a deep dive into ScienceDMZ, which is an excellent network design pattern for data-intensive research projects.
We’re grateful to all our guests for their participation and incredibly useful information. If you need more information on any of the topics presented, contact us at rsoc@iu.edu.

The workshop was organized by the ResearchSOC project (researchsoc.iu.edu – NSF award 1840034).

• Slide deck available here
• Cyber Ambassadors case scripts available here
• Intake Interview preparation example available here

Couldn’t make the workshop or hungry for more? No problem. Mark your calendar now for December 4-6, when we’ll present a full three-day workshop on the above topic. This hands-on workshop will be held on the University of California, San Diego campus. Details to follow.

The Research Security Operations Center (ResearchSOC) is a collaborative security response center that addresses the unique cybersecurity concerns of the research community. ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. For more information on the ResearchSOC, visit our website or email rsoc@iu.edu.

2019 NSF Cybersecurity Summit Student CFP is open

We are happy to announce the 2019 NSF Cybersecurity Summit Student call for participation is open! We have decided to announce it early to give professors more time to submit nominations and for students to apply. Undergraduate and graduate students may apply, no specific major or course of study required, as long as the student is interested in learning and applying cybersecurity innovations to scientific endeavors.

Selected students will be given invitations to attend the Summit and the opportunity for reimbursement of travel expenses.

To read more about who is eligible and how to apply, see our page here: https://trustedci.org/summit2019/students

The Summit is Oct 15-17 in San Diego, CA.
To learn more about the Summit: https://trustedci.org/2019-nsf-cybersecurity-summit/
If you have questions about the Summit, contact us at info@trustedci.org

Upcoming events featuring Trusted CI

Interested in the latest from Trusted CI? Want a chance to chat in person with us? Members of Trusted CI will be participating in a number of events over the next few months.

Internet2 Global Summit (March 5-8) in Washington, D.C.
The summit focuses on trust and identity; advanced networking; information security; and integrated solutions for research, scholarship and creativity. Von Welch will be presenting in the Executive Track on Tuesday on Cybersecurity for Open Science. On Friday Jim Basney and Von Welch will be co-presenting a talk with UC San Diego's Michael Corn "Strategies for Research Cybersecurity and Compliance from the Lab."

CENIC Annual Conference (March 18-20) in San Diego, CA.
The Corporation for Education Network Initiatives in California (CENIC) is hosting its annual conference bringing together participants from all education segments, research universities, public libraries, private sector technology businesses, public policy and government, and R&E partners. Von Welch will be presenting a talk on the Trusted CI framework.

ISGC 2019 (March 31-April 5) in Taipei, Taiwan.
The International Symposium on Grids and Clouds (ISGC) 2019 & Soundscape Conference is built around the FAIR concept -- data must be Findable, Accessible, Interoperable and Re-usable. The conference will bring together individual communities and national representatives to address this challenge. Von Welch will be giving a keynote address, "FAIR in an unfair world: cybersecurity, data breaches, data integrity, and open science."

WE-RIT Women in Engineering at RIT and Cybersecurity Research TTP (April 2-3) in Rochester, NY.
Florence Hudson will be at speaking at Rochester Institute of Technology at the WE-RIT event on April 2, and meeting with Cybersecurity Researchers April 2-3 to discuss how to accelerate cybersecurity research transition to practice (TTP) including business model development.

SIG-ISM/WISE Meeting (April 16-18) in Kaunas, Lithuania. 
The GÉANT Special Interest Group - Information Security Management (SIG-ISM) group and the Wise Information Security for Collaborating e-Infrastructures (WISE) are hosting joint meeting in Lithuania. The meeting aims to enhance the collaboration among large e-infrastructures and NRENs and their communities on handling security information. The groups will discuss their activities in the past few years, share the results and outcomes and tackle challenges together. Bob Cowles will be giving a talk on the new Trusted CI Framework.

IU Internet of Things Wearables in Motion Symposium (April 25-26) in Bloomington, IN.
The Indiana University School of Informatics, Computing, and Engineering, Innovate Indiana, IU Research and Technology Corp., The Mill and Indiana IoT Lab, will host academic and industry experts to discuss wearables and the Internet of Things (IoT) including novel sensors and actuators, scalable and secure cyberinfrastructures, and more. Florence Hudson will be presenting with Mitch Parker from IU Health on Protecting Health Wearables from Cyber Attack.

EDUCAUSE Security Professional Conference 2019 (May 13-15) in Chicago, IL.
EDUCAUSE brings higher education security professionals together to network and discuss information security and privacy trends and current issues with peers and solution providers. Anurag Shankar is presenting a talk on securing workflows. Also, Trusted CI's partner project, the ResearchSOC, will be presenting a talk on helping security professionals support sponsored research projects. And Florence Hudson and cohorts will be presenting a birds-of-a-feather (BOF) session on cybersecurity needs and partnering with researchers to fill the gaps.

The Great Plains Network (GPN) Annual Meeting (May 21-23) in Kansas City, MO.
The meeting brings together advanced network and cyberinfrastructure users, information technology staff, network engineers, faculty members, researchers, and graduate students from leading Midwestern universities and higher education networks. Mark Krenz, Bob Cowles, Ishan Abhinit, Anurag Shankar, and Ryan Kiser will be presenting talks on security log analysis, developing cybersecurity programs, and the NIST framework for HIPAA and FISMA compliance. 

Training Workshop for Network Engineers and Educators on Tools and Protocols for High-Speed Networks (July 22 - 23) in Columbia, SC.
This free hands-on workshop provides cyberinfrastructure (CI) engineers with an introduction to tools and techniques for the design, implementation, and monitoring of high-throughput networks and science demilitarized zones (Science DMZs). Von Welch will be speaking at the workshop.

Trusted CI's Technology Transition to Practice (TTP) Workshop (June 19) in Chicago, IL.
The Cybersecurity TTP workshop is an opportunity for Cybersecurity researchers and practitioners to discuss the needs and gaps we can fill with cybersecurity research, and enjoy co-creation of plans on accelerating this valuable research to practice. Florence Hudson and fellow members of Trusted CI will be hosting the workshop. Apply to request an invitation here.

PEARC19 in (July 28 - August 1) in Chicago, IL.
PEARC19 will explore the current practice and experience in advanced research computing including modeling, simulation, and data-intensive computing. Abstracts are still under review. Trusted CI intends to present many things at this year's conference and will update the community as more information is available.

The 2019 NSF Cybersecurity Summit (October 15 - 17) in San Diego, CA.
The Summit is hosted by Trusted CI and welcomes cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI Community, as well as key stakeholders and thought leaders from the broader scientific and information security communities. The Summit includes training sessions, plenary session, and opportunities to network and socialize with peers.

Whether you are an operational security pro, high speed networking researcher, NSF PI, or identity management specialist; the coming months present some interesting opportunities to network and collaborate. We look forward to seeing you at these events.