Trusted CI Celebrates Sixth Cohort Graduation & Opens Call for 2026 Engagement

Trusted CI’s sixth Framework Cohort, “Foxtrot”, successfully completed the six-month program of training and workshop engagement focused on learning and applying the Trusted CI Framework. The Cohort members entered the engagement with a commitment to adopting the Framework at their organizations. They then worked closely with Trusted CI to gather facility information and create validated self-assessments of their cybersecurity programs based on the Framework. Each organization also emerged with a draft Cybersecurity Program Strategic Plan (CPSP) identifying priorities and directions for further refining their cybersecurity programs. Foxtrot cohort included the following research-oriented organizations:

 ALMA  |  DERConnect  |  UC Davis  |  US ATLAS  |  ZEUS

The foundation of the cohort program is the Trusted CI Framework. The Framework was created as a minimum standard for cybersecurity programs. In contrast to cybersecurity guidance focused narrowly on cybersecurity controls, the Trusted CI Framework provides a more holistic and mission-focused standard for managing cybersecurity. For these organizations, the cohort was their first formal training in the Trusted CI Framework “Pillars” and “Musts” and how to apply these fundamental principles to assess their cybersecurity programs.

Feedback on the program from cohort participants has been strongly positive:

"Participating in the Trusted CI Cohort was an excellent experience and brought significant value to our team. As a research group working at the intersection of the power grid and renewable energy, cybersecurity is critical for both our daily operations and the broader transition to smarter, more connected technologies. The cohort facilitators provided expert guidance and a practical framework that helped us clarify our cybersecurity risks, baseline controls, stakeholder responsibilities, and more. Through their collaborative and thorough approach, we developed an actionable, strategic plan and gained a holistic understanding of our security posture. With this training, we feel empowered and better prepared to implement a robust cybersecurity program, strengthening both our research and industry collaborations."

 - Keaton Chia, R&D Engineer and Project Manager, DERConnect 

 

 2026 Framework Cohort Call for Participation Open

Trusted CI has a few spots left for the 2026 Framework Cohort engagement (starting January 2026). To learn more or to submit the interest form for your organization, visit trustedci.org/framework/cohort-participation. 

Engagement with RISC

Concurrent with leading Foxtrot, Trusted CI continued quarterly engagement with graduates of the five previous Framework cohorts through the Research Infrastructure Security Community (RISC). Trusted CI established RISC as a community of practice to provide a forum for cohort graduates to expand their cybersecurity knowledge, share experiences, and build relationships within the NSF research cyberinfrastructure community.

For more information, please contact us at framework@trustedci.org.

Trusted CI visits IceCube

Trusted CI staff member Megha Moncy holding one of the many hard drives shipped back from the South Pole containing neutrino research data

 

"Have you ever held $300,000 in your hands?" At least that's the way Steve Barnet put it as he allowed us to hold one of the hard drives that had been shipped back from the main IceCube Neutrino detector in Antarctica. Steve is the IT manager for the IceCube Neutrino Detector, which is an NSF Major Facility allowing scientists from around the globe to study neutrinos. Steve estimates that each drive shipped back has around $300,000 worth of scientific data on it, based on the cost of collecting the data.

In June 2025, members of the Trusted CI team took the opportunity to tour the IceCube Neutrino Detector data center and development facility at the University of Wisconsin - Madison. The team learned about the custom designed sensors and equipment that make up the 1 cubic kilometer detector buried under 1.5 km of ice at the South Pole.
Because the detector produces about 1TB per day of data, and satellite communication to the South Pole is limited, it's still far more efficient to ship hard drives back to the lab after a season of data collection at the detector is finished. However, because the data is so valuable, they write the data to at least two separate arrays of hard drives and ship them on separate logistical channels in case of catastrophe during shipment.

Steve Barnet (right), giving a tour of the IceCube development facility.

The IceCube data center in Madison also simulates the layout of the facility in Antarctica so that they can better plan any changes made to the infrastructure and to be sure that equipment that is shipped down to the South Pole facility will fit around corners, be compatible with installed equipment, and have enough power.

The IceCube sensors, which are called "digital optical modules", are about the size of a basketball but surprisingly weigh more than a bowling ball. Most of the weight is owed to the thick glass in each sensor pod that shields the sensitive electronics and photomultipliers from the 1 to 2 kilometers of ice that sit above them. The unique sensors were designed and built by several institutions within the international IceCube Collaboration to withstand the extreme environment of Antarctica. 

Trusted CI staff member Mark Krenz holding one of the digital optical modules.

Neutrinos are a fundamental particle generated by the universe's most extreme events such as supernovae and black holes. They travel in straight lines from their origin through the universe, passing through ordinary matter. As neutrinos pass through the Earth from all directions, including through the core of the planet, neutrinos whose path takes them through the south pole IceCube detector pass through the large cubic kilometer of ice making up the array. Most of them pass right through the detector without any interaction, but occasionally they hit an atom in the ice and generate secondary charged particles which travel through the ice faster than light travels through ice. This produces Cherenkov radiation, which creates a blue flash of light. This blue light phenomenon of Cherenkov radiation is what the photomultipliers actually detect.

 

IceCube's testing and development array of sensors.

The facility also has a test array of sensors that are not encased in glass and stacked closely together that allow IceCube staff to run tests and diagnostics on the electronics before performing the same operations on the production sensor array. This reduces the chance of an incident that damages the entire array, "which would be bad", according to Steve (he likes understatement). Availability is a crucial security requirement for the IceCube array, and one of the threats against the sensors continuing to function is the extreme cold damaging the electronics inside. If the array loses electricity, it would only be a matter of a day or so before large parts of the array would become unrecoverable. Thus, it is important that a generator powering the array in Antarctica run continuously uninterrupted over the lifetime of the experiment. Trusted CI benefits from visiting the IceCube facility by seeing the equipment and better understanding the processes used to program, deploy, and protect the equipment from a variety of security threats. 

Trusted CI and the Research Infrastructure Security Community Respond to NSF’s Draft Research Infrastructure Guide

 

Trusted CI, in collaboration with the Research Infrastructure Security Community (RISC), submitted comments to the U.S. National Science Foundation (NSF) regarding Section 5.3 of NSF’s 2025 draft Research Infrastructure Guide (RIG). These comments offer the community’s perspective on the NSF’s proposed new guidance for Major Facilities and Mid-Scales on building their cybersecurity programs.

RISC is a community of practice built by Trusted CI for NSF-funded cybersecurity professionals. RISC is composed of graduates from the Trusted CI Framework Cohort Program, who continue to gather as a community to expand their cybersecurity knowledge, share experiences, and build relationships.

For more information, please contact us at info@trustedci.org.

Announcing the Publication of v2 of the Trusted CI OT Procurement Matrix & Companion Guide

Last year, the Secure by Design team announced the publication of the first version of the Trusted CI OT (Operational Technology) Procurement Matrix. After gathering feedback from maritime operational technology practitioners and some of their vendors, we have published an updated version of the Matrix and a companion Guide to further assist the OT community.  

The Guide can be found here: https://doi.org/10.5281/zenodo.13743314

The purpose of the Matrix is to assist those in leadership roles during the procurement process. It’s meant to help formulate questions for vendors to discuss security controls on devices that will be used for maritime research. The Matrix includes a list of controls, requirements for the control, potential questions for vendors, tips, and real world examples justifying a given control.    

The updates to v2 of the Matrix includes columns for ISO/IEC 27000 family and the ISA/IEC 62443 Series of Standards.

The updated version of the Matrix can be found here: https://doi.org/10.5281/zenodo.10257812

We have already seen positive impacts from this document. “Even at our project stage of construction, where a majority of OT procurements are complete and fulfilled, we find the OT Vendor Procurement Matrix to continue to be useful," Christopher Romsos, Datapresence Systems Engineer for the Regional Class Research Vessel (RCRV) said. "Despite having contracts in place and work well underway at the time the matrix was published, we realized that the OT Vendor Procurement Matrix could be leveraged as a discovery tool to inform our Cyber Risk Management Planning needs. We're in a more informed position now for our CRMP activities because the matrix provided us with something we could easily use in the field and that was designed to assess cyber risk in OT systems,” he said.

The Secure by Design team will be moderating a panel for in-person attendees later this week at the NSF Cybersecurity Summit. The Matrix will surely come up as a discussion topic.

Advancing the Cybersecurity of NSF Cyberinfrastructure: Trusted CI Graduates its Fifth Framework Cohort

Trusted CI’s fifth Framework Cohort, “Echo”, successfully completed the six-month program of training and workshop engagement focused on learning and applying the Trusted CI Framework. Cohort members entered the engagement with a commitment to adopting the Framework at their organizations. They then worked closely with Trusted CI to gather site information and create validated self-assessments of their facility’s cybersecurity programs based on the Framework. Each organization also emerged with a draft Cybersecurity Program Strategic Plan (CPSP) identifying priorities and directions for further refining their cybersecurity programs. Echo cohort included the following research cyberinfrastructure providers:

Advanced Simons Observatory (ASO)
Compact X-ray Free Electron Laser (CXFEL)
Inter-university Consortium for Political and Social Research (ICPSR)
National High Magnetic Field Laboratory
Security and Privacy Heterogeneous Environment for Reproducible Experimentation (SPHERE)
Thirty Meter Telescope International Observatory (TIO)

The foundation of the cohort program is the Trusted CI Framework. The Framework was created as a minimum standard for cybersecurity programs. In contrast to cybersecurity guidance focused narrowly on cybersecurity controls, the Trusted CI Framework provides a more holistic and mission-focused standard for managing cybersecurity. For these organizations, the cohort was their first formal training in the Trusted CI Framework “Pillars” and “Musts” and how to apply these fundamental principles to assess their cybersecurity programs.

Feedback on the program from cohort participants has been strongly positive.

Jim Berhalter, Director of IT for the National High Magnetic Field Laboratory at Florida State University, said: “The Trusted CI cohort has been invaluable to our organization and I would highly suggest participating.  While some of it can be daunting, it was a comprehensive way to structure a cybersecurity plan for our organization and made me think about things I would’ve never thought about for our cybersecurity infrastructure.”

Joe Saul, Privacy and Security Officer, Adjunct Research Assistant Professor for ICPSR at University of Michigan, said: “Participating in the Trusted CI cohort was a rare opportunity. You get to learn from others who are facing some of the same challenges you are, and share your own experiences. You get to work with the Trusted CI team, who have talked to a LOT of other groups in similar situations, and hear their read on how you’re doing. Maybe most importantly, they help you take a step back and evaluate your own program and where you’re going. All of this for free. If you get the chance, jump at it. It’s a lot of work, but you aren’t going to get this anywhere else. And certainly not for free.”

Concurrent with leading Echo, Trusted CI continued quarterly engagement with graduates of the four previous Framework cohorts through the Research Infrastructure Security Community (RISC). Trusted CI established RISC as a community of practice to provide a forum for cohort graduates to exchange cybersecurity experience, best practices, challenges, etc., within the NSF research cyberinfrastructure community.

Trusted CI plans to use the second half of 2024 to implement a number of cohort program improvements based on participant feedback and lessons learned during the previous five cohort engagements. The Framework Team plans to implement improvements that enhance cohort participants' experience and increase potential impacts.

For more information, please contact us at info@trustedci.org.

Labels: cybersecurity programs, framework, major facilities

Highlights from the 2024 NSF Research Infrastructure Workshop

Members of Trusted CI had an extraordinary experience at the 2024 NSF Research Infrastructure Workshop in Tucson, Arizona March 26-29. The workshop was held in the foothills of the Santa Catalina Mountains and co-hosted by NOIRLab, the University of Arizona’s Biosphere 2, and its Richard F. Caris Mirror Lab Facility. The week was full of important presentations; impactful meetings with representatives from Major Facilities, Mid-Scales, and NSF; as well as a set of tours that left a lasting impression on the workshop attendees. 

The RIW officially began on a Tuesday, but Trusted CI held its quarterly Research Infrastructure Security Community (RISC) meeting the day before, taking advantage of a number of Framework cohort members traveling to Tucson to attend the RIW. The RISC meeting included a presentation from NSF’s Cybersecurity Advisor for Research Infrastructure, Mike Corn, to discuss the upcoming revision of the NSF Research Infrastructure Guide and potential changes related to cybersecurity. On Tuesday evening, Trusted CI’s “Secure by Design” team participated in the poster session. Their poster, “Cybersecurity Risks to Large Science Projects,” won second place in the poster competition. 

Overall, the RIW program agenda emphasized topics that impact members of the Trusted CI community, notably the tracks on Cyberinfrastructure (Tuesday) and Cybersecurity (Thursday), as well as a plenary talk on Friday that covered a recent cybersecurity incident at one of the NOIRLab sites.

On Wednesday, in-person attendees were given the opportunity to join one of three different tours organized by the event committee: Kitt Peak National Observatory, Biosphere 2 or the Richard F. Caris Mirror Lab.

Trusted CI highly encourages members of the NSF cyberinfrastructure operations community to attend next year’s workshop and thanks the RIW organizers and co-hosts for another great event. Materials from this year's workshop will be posted soon to the NSF Research Infrastructure Knowledge Sharing Gateway.

Advancing the Cybersecurity of NSF Major Facilities and National Research Cyberinfrastructure: Trusted CI’s Framework Cohort Achievements in 2023

Trusted CI successfully conducted two more six-month engagements in its ongoing Cybersecurity Framework Cohort Program during 2023, mentoring 11 additional research cyberinfrastructure providers through Framework validated self-assessments and cybersecurity program strategic planning. The cohort during the first half of 2023 comprised representatives from the following NSF major facilities, mid-scale projects, and a scientific consortium:

U.S. Academic Research Fleet (ARF), an NSF major facility
IceCube Neutrino Observatory, an NSF major facility
United States Antarctic Program (USAP), an NSF major facility
Deep Soil Ecotron (DSE), an NSF mid-scale project
Network for Advanced NMR (NAN), an NSF mid-scale project
Giant Magellan Telescope Observatory Corporation (GMTO), a scientific consortium

Five of NSF’s leading high performance computing (HPC) centers composed the cohort during the second half of 2023:

National Center for Atmospheric Research (NCAR)
National Center for Supercomputing Applications (NCSA)
Pittsburgh Supercomputing Center (PSC)
San Diego Supercomputer Center at UCSD (SDSC)
Texas Advanced Computing Center (TACC)

The foundation of the cohort program is the Trusted CI Framework. The Framework was created as a minimum standard for cybersecurity programs. In contrast to cybersecurity guidance focused narrowly on cybersecurity controls, the Trusted CI Framework provides a more holistic and mission-focused standard for managing cybersecurity. For these organizations, the cohort was their first formal training in the Trusted CI Framework “Pillars” and “Musts” and how to apply these fundamental principles to assess their cybersecurity programs.

Cohort members entered the engagement with a commitment to adopting the Framework at their sites. They then worked closely with Trusted CI to gather site information and create validated self-assessments of their organization’s cybersecurity programs based on the Trusted CI Framework. Each site emerged from the program with a draft Cybersecurity Program Strategic Plan (CPSP) identifying priorities and directions for further refining their cybersecurity programs.

Several participants provided feedback on the value of the cohort experience to their organizations.

GMTO’s Sam Chan, IT Director and Information Security Officer, and Efren Sandoval, Cybersecurity Analyst, noted that “...the cohort collaboration process has given us a better understanding of a holistic and mission focused approach to cybersecurity. The cohort collaboration process also brought us together with colleagues from different fields and requirements with similar security controls.  Sharing our experiences amongst ourselves helped us learn different approaches to similar areas of concern.”

Michael Wilson, Infrastructure Architect at UConn Health and Cybersecurity Lead of NAN, observed: “As a result of the cohort experience, NAN was not only able to identify gaps in our original cybersecurity implementation plan and significantly advance our cybersecurity posture, but I have also personally expanded my professional network to share and discuss cybersecurity implementation ideas and lessons learned with colleagues from other NSF facilities. While the cohort program demands considerable effort, the NAN executive team found it to be a worthwhile endeavor. I heartily encourage the leadership of NSF facilities that have not yet participated in the cohort training to do so.”

Scott Sakai, Security Analyst at SDSC, found that: “Trusted CI’s Framework cohort provided a supportive environment to explore the strengths and weaknesses of the state of our cybersecurity efforts in the context of the Trusted CI Framework.  While strengths were praised, shortcomings and challenges were met with non-judgmental, matter-of-fact discussion rather than punitive shaming: a response that promotes a path to resolution and understanding.”

Mr. Sakai also noted that: “Importantly, the Trusted CI Framework, and guidance from the Trusted CI cohort team emphasize the significance of governance and mission alignment – two foundational concepts that bring together cybersecurity and leadership, and help formulate what a meaningful dialog between the two might look like. This sets it apart from other approaches to a security program that focus on policy and controls, a difference that will hopefully foster an asset that is approachable and predictable instead of a mysterious line-item expense in the budget.”

In January 2024 Trusted CI began the fifth Framework cohort engagement, whose members include:  

Advanced Simons Observatory
Compact X-ray Free Electron Laser Project
Inter-university Consortium for Political and Social Research
The National High Magnetic Field Laboratory
Security and Privacy Heterogeneous Environment for Reproducible Experimentation
Thirty Meter Telescope International Observatory

Trusted CI is excited to be working with these new sites to advance their understanding and implementation of cybersecurity programs and best practices!

For more information, please contact us at info@trustedci.org.

Announcing publication of the Operational Technology Procurement Vendor Matrix

RCRV Photo: The Glosten Associates

The Trusted CI Secure by Design team has completed work on “The Operational Technology Procurement Vendor Matrix.” The purpose of this document is to assist those in leadership roles during the procurement process. It’s meant to help formulate questions for vendors to discuss security controls on devices that will be used for maritime research.

The matrix includes a list of controls, requirements for the control, potential questions for vendors, tips, and real world examples justifying a given control.

For example, Item #3 in the matrix is an inventory requirement stating that security vulnerabilities in vendor-provided software must be patched. The Threat Actor Example we cite to justify the requirement is the WannaCry vulnerability. We include an example question that could be used when discussing with the vendor. (Click the image below to see in better detail.)

The document can be viewed and downloaded here (Note: The file is available in many formats):

https://zenodo.org/doi/10.5281/zenodo.10257812

This document represents the work of many people, including critical feedback from maritime operational technology practitioners (Scripps Institution of Oceanography’s CCRV, and Oregon State University’s RCRV and OOI). We are grateful for their contributions to this effort.

Our goal is to share this matrix and continue to develop its utility after receiving feedback from the Trusted CI community. To contact us, email info@trustedci.org.

Updates on Trusted CI’s Efforts in Cybersecurity by Design of NSF Academic Maritime Facilities

As part of its “Annual Challenge” in 2023, Trusted CI has been engaging with current and future NSF Major Facilities undergoing design or construction with the goal of building security into those Facilities from the outset.  To date, this effort has focused on working with cyberinfrastructure operators in the the academic maritime domain, and has included support of the cybersecurity aspects of the acceptance testing process of the NSF-funded Research Class Research Vessels (RCRVs) at Oregon State University as well as Scripps Institution of Oceanography’s design of the California Coastal Research Vessel (CCRV).  These vessels are all expected to eventually become a part of the U.S. Academic Research Fleet (ARF).

In 2022, Trusted CI studied cybersecurity issues in operational technology (OT) in science and produced a roadmap to help lead to greater security of such systems, and thus Trusted CI’s efforts with security by design of Major Facilities this year are seeking to both refine and apply OT insights gained previously.  The U.S. Antarctic Program (USAP)’s design of the Antarctic Research Vessel (ARV) has also been contributing to Trusted CI’s understanding of cybersecurity issues in operational technology  Trusted CI has also benefited from insights from numerous conversations with domain experts in the academic maritime domain across a variety of ARF institutions, including IT personnel, marine technicians, oceanographers, ship captains, project leadership, and NSF Program Managers.

One of the highlights of this year's security-by-design efforts has been site visits to ships and facilities. The team has made site visits to the R/V Sally Ride and Oregon State University’s Hatfield Marine Science Center in Newport, Oregon, where the R/V Taani — one of the initial three RCRVs being constructed — will be based upon completion of its construction.  These in-person visits, including extensive discussion with personnel involved with the facilities, have provided invaluable insight to supporting Trusted CI’s efforts.

In the second half of 2023, Trusted CI will continue working on security by design with the aforementioned organizations and will also be working with the NSF Ocean Observatories Initiative (OOI) Major Facility, which is in the process of planning a refresh of its autonomous underwater vehicle (AUD) and glider fleets.

Recent site visit photographs:

Trusted CI’s Sean Peisert, left, in a crawlspace on the R/V Sally Ride examining operational technology systems.

The R/V Sally Ride, docked in Alameda, CA.

Trusted CI’s Dan Arnold, left, conferring with marine technicians on the R/V Sally Ride.

Trusted CI’s John Zage, left, looks on as RCRV’s Chris Romsos, right, explains some of the scientific instruments that will be part of the newly constructed ships at the RCRV’s offices at OSU, Corvallis, OR.

Trusted CI’s John Zage left, and RCRV’s Chris Romsos, right, view part of the expansive warehouse of items and gear to outfit the new ships under construction. OSU, Corvallis, OR.  

Advancing the Cybersecurity of NSF Major Facilities and National Research Cyberinfrastructure: Trusted CI’s Framework Cohort Achievements in 2022

Trusted CI’s second Framework Cohort, “Bravo”, successfully completed the six-month program of training and workshop engagement focused on learning and applying the Trusted CI Framework. Cohort members entered the engagement with a commitment to adopting the Framework at their sites. They then worked closely with Trusted CI to gather site information and create validated self-assessments of their facility’s cybersecurity programs based on the Framework. In addition, each site emerged with a draft Cybersecurity Program Strategic Plan (CPSP) identifying priorities and directions for further refining their cybersecurity programs. Bravo cohort included the following NSF Major Facilities (MFs) and research cyberinfrastructure providers:

• Corporation for Education Network Initiatives in California (CENIC)
• FABRIC  
• National Ecological Observatory Network (NEON)
• Seismological Facilities for the Advancement of Geoscience (SAGE)

The foundation of the cohort program is the Trusted CI Framework. The Framework was created as a minimum standard for cybersecurity programs. In contrast to cybersecurity guidance focused narrowly on cybersecurity controls, the Trusted CI Framework provides a more holistic and mission-focused standard for managing cybersecurity. For these organizations, the cohort was their first formal training in the Trusted CI Framework “Pillars” and “Musts” and how to apply these fundamental principles to assess their cybersecurity programs.

Concurrent with leading Bravo, Trusted CI continued engagement with the inaugural “Alpha” cohort through the end of 2022. Alpha cohort followed up on the success of the first half of the year by focusing on implementation challenges each cohort member was currently facing. Each of the monthly workshops was led by a different cohort member, with the workshop focused on addressing a specific cybersecurity challenge that the facility was facing. The Trusted CI Framework team is exploring ideas to continue the productive engagement with the cohort alumni.

In January 2023 Trusted CI began a third Framework cohort engagement (“Charlie”). Charlie cohort includes the following organizations:

• Academic Research Fleet (ARF)
• Deep Soil Ecotron (DSE)
• Giant Magellan Telescope (GMTO)
• IceCube Neutrino Observatory (IceCube)
• Network for Advanced NMR (NAN)
• US Antarctic Program (USAP)

Trusted CI is excited to be working with these new sites to advance their understanding and implementation of cybersecurity programs and best practices!

For more information, please contact us at info@trustedci.org.

Announcing the 2023 Trusted CI Annual Challenge: Building Security Into NSF Major Facilities By Design

The Trusted CI Annual Challenge is a year-long project focusing on a cybersecurity topic of importance for scientific computing environments.  In its first year, the Trusted CI Annual Challenge focused on improving trustworthy data for open science.  In its second year, the Annual Challenge focused on software assurance in scientific computing.  In its third year, 2022, the Annual Challenge focused on the security of operational technology in science.  

The 2022 Annual Challenge on the Security of Operational Technology in NSF Scientific Research reinforced the notion that NSF Major Facilities, once constructed, can deploy operational technology that can have an operational lifetime of 15-30 years.  However, there are typically no cybersecurity requirements during acquisition and design.  In the 2023 Annual Challenge, Trusted CI staff will engage with NSF Major Facilities undergoing construction or refreshes in a hands-on way to build security into those Facilities from the outset.  Trusted CI will directly support the planning for facility refreshes and construction with respect to operational technology and will particularly focus on the academic maritime domain, including supporting the acceptance testing of the NSF-funded Research Class Research Vessels (RCRVs) at Oregon State University, supporting the U.S. Antarctic Program (USAP)’s design of the Antarctic Research Vessel (ARV), and Scripps Institution of Oceanography’s design of the California Coastal Research Vessel (CCRV).

This year’s Annual Challenge is supported by a stellar team of Trusted CI staff, including Andrew Adams (Pittsburgh Supercomputing Center), Daniel Gunter (Berkeley Lab), Ryan Kiser (Indiana University), Mark Krenz (Indiana University), Michael Simpson (Indiana University), John Zage (University of Illinois, Urbana-Champaign), and Sean Peisert (Berkeley Lab; 2023 Annual Challenge Project Lead).

Publication of the Trusted CI Roadmap for Securing Operational Technology in NSF Scientific Research

Trusted CI is pleased to announce the publication of its Roadmap for Securing Operational Technology in NSF Scientific Research.  

In 2022, Trusted CI conducted a year-long effort examining the security of operational technology in science. Operational technology (OT) encompasses broad categories of computing and communication systems that in some way interact with the physical world.  This includes devices that either have sensing elements or control elements, or some combination of the two, and can include both bespoke scientific instrumentation as well as commercially-produced OT.  In both cases, networked sensors and control systems are increasingly important in the context of science as they are critical in operating Major Facilities.  

Trusted CI’s approach to this effort was to spend the first half of 2022 engaging with NSF personnel and operators of OT at NSF Major Facilities to understand the range of operational practices and evaluate potential deficiencies that lead to vulnerabilities and compromises.  In the second half of 2022, leveraged our insights from the first half to develop a roadmap of solutions to sustainably advance security of scientific operational technology.  The audiences for this roadmap include NSF, NSF Major Facilities, and Trusted CI itself.

In July 2022, Trusted CI published its findings from its study of the security of operational technology in science, conducted in the first half of 2022.  

Emily K. Adams, Daniel Gunter, Ryan Kiser, Mark Krenz, Sean Peisert, Susan Sons, andJohn Zage. “Findings of the 2022 Trusted CI Study on the Security of Operational Technology in NSF Scientific Research,” July 13, 2022. DOI: 10.5281/zenodo.6828675 https://doi.org/10.5281/zenodo.6828675

Now, with the publication of this roadmap, Trusted CI aims to help NSF operational technology in cyberinfrastructure advance toward solutions.  The full citation for the solutions roadmap is as follows:

Andrew Adams, Emily K. Adams, Dan Gunter, Ryan Kiser, Mark Krenz, Sean Peisert, and John Zage. “Roadmap for Securing Operational Technology in NSF Scientific Research,” November 16 2022. DOI: 10.5281/zenodo.7327987 https://doi.org/10.5281/zenodo.7327987

Trusted CI gratefully acknowledges the many individuals from NSF as well as the following NSF Major Facilities that contributed to the year-long effort that has led to this roadmap: IceCube Neutrino Observatory, NOIRLab, Ocean Observatories Initiative, United States Academic Research Fleet, and the United States Antarctic Program.

In 2023, Trusted CI will turn its focus toward working closely with several maritime-centric NSF Major Facilities and Major Research Equipment and Facilities Construction (MREFC) projects to offer guidance and recommendations  for integrating operational technology security into those facilities for planning, design, and construction of new and refreshed facilities and instrumentation therein.

Trusted CI at 2022 NSF Research Infrastructure Workshop in Boulder

Earlier this month, members of Trusted CI presented a workshop at the NSF 2022 Research Infrastructure Workshop in Boulder, Colorado. 

The Research Infrastructure Workshop was a four-day event on safety, cyberinfrastructure, cybersecurity, and science communication. The hybrid event included a poster session, social gatherings, site tours of NCAR’s Research Aviation Facility, GAGE, and NEON, and virtual ice breaker and speed dating sessions to facilitate networking opportunities for everyone. Several members of Trusted CI attended the multi-day event, making new connections with operational and senior leadership at major facilities, midscale facilities, and the NSF.

Our workshop on Friday targeted cyber security officers and focused on the JASON advisory report on Cybersecurity at NSF Major Facilities, cybersecurity guidelines in the Research Infrastructure Guide (RIG), a panel on building a cybersecurity program using the Trusted CI Framework, ransomware, and how the ResearchSOC supports NSF major facilities.

Representatives from the NSF, NRAO, OOI, GAGE, and the ResearchSOC presented and participated during the workshop. We thank Craig Risien (OOI), Wade Craig (NRAO), and Doug Ertz (GAGE) for participating in the Framework panel.

Trusted CI’s partner, CI Compass, led a cyberinfrastructure workshop earlier in the day that included panels on data management and workforce development.

We are grateful to the event organizers for giving us the opportunity to present, as well as meeting with our community members, both online and in-person.

Slides and videos from the event will be posted to the NSF Research Infrastructure Knowledge Sharing Gateway when they become available.

Advancing the Cybersecurity of NSF Major Facilities: Trusted CI’s Inaugural Framework Cohort Successfully Completes Six-Month Program (June 2022)

Trusted CI’s first Framework Cohort has successfully completed its initial six-month period of workshops designed to improve NSF Major Facilities’ alignment to the Trusted CI Framework. Each cohort member adopted the Trusted CI Framework as the foundation for their cybersecurity program. Additionally, each cohort member worked closely with Trusted CI to produce 1) a validated self-assessment of their cybersecurity program’s alignment with the Trusted CI Framework; and 2) a draft Cybersecurity Program Strategic Plan identifying priorities and directions for further refining their cybersecurity programs.

The inaugural Cohort included the following NSF Major Facilities:

• Geodetic Facility for the Advancement of Geoscience (GAGE)
• Laser Interferometer Gravitational-wave Observatory (LIGO) 
• NOIRLab
• National Radio Astronomy Observatory (NRAO)
• National Solar Observatory (NSO)
• Ocean Observatories Initiative (OOI)

The success of the Framework Cohort is particularly notable as each of these facilities voluntarily adopted and rallied around the Trusted CI Framework as the foundation for their cybersecurity programs. 

The foundation of the Cohort program is the Trusted CI Framework, which was created as a minimum standard for cybersecurity programs. In contrast to cybersecurity guidance focused narrowly on cybersecurity controls, the Trusted CI Framework provides a more holistic and mission-focused standard for managing cybersecurity.

For GAGE, LIGO, NRAO, NSO, and OOI, the Cohort was their first formal training in the Trusted CI Framework’s “Pillars” and “Musts” and how to apply these fundamental principles to assess and strengthen their cybersecurity programs. NOIRLab contributed their experience as an early adopter of the Framework, having previously completed a one-on-one Framework engagement with Trusted CI.

Feedback from members of the first cohort on their experience has been strongly positive:

Eric Cross, Head of Information Technology, National Solar Observatory, said the following about his experience:

"The TrustedCI Framework Cohort was a valuable experience. The process required us to research and reflect on our internal cybersecurity policies and procedures. The Cohort provided a platform to meet with other facilities and work through challenges with feedback from peers. The experience resulted in formal documentation that provided our organization's leadership clear direction to improve our cybersecurity program with specific short-term and long-term goals. I highly recommend this exercise for all NSF facilities."

Craig Risien, CI Systems Project Manager, Ocean Observatories Initiative, said the following about his experience: 

“I found participating in Trusted CI’s first Framework Cohort to be exceptionally instructive and really enjoyed the opportunities to discuss cybersecurity challenges and lessons learned with Trusted CI and colleagues at other NSF Major Facilities. Working with Trusted CI on creating a validated self-assessment based on the Trusted CI Framework over the past six months has helped the Ocean Observatories Initiative (OOI) better understand the current state of its cybersecurity program. Being part of this cohort has also assisted the OOI with the development of a plan to fully implement the Trusted CI Framework and create a well-established and mature cybersecurity program. I look forward to the follow-on cohort sessions in the coming months.”

Trusted CI is continuing to support the first cohort through the end of 2022 by facilitating monthly workshops. Each facility will have the opportunity to lead a workshop in which they are encouraged to share their specific challenges and seek advice among the other cohort members.

Concurrently, Trusted CI is conducting its second cohort engagement leveraging the lessons learned from the first cohort. The second cohort includes the following organizations:

• Corporation for Education Network Initiatives in California (CENIC), a California research and education network
• International Ocean Discovery Program (IODP), an NSF Major Facility
• FABRIC, an NSF Mid-Scale Research Infrastructure Facility
• National Ecological Observatory Network (NEON), an NSF Major Facility
• Seismological Facility for the Advancement of GEoscience (SAGE), an NSF Major Facility

Trusted CI is excited to be working with these new facilities to advance their understanding and implementation of cybersecurity programs and best practices!

For more information, please contact us at info@trustedci.org.

Findings of the 2022 Trusted CI Study on the Security of Operational Technology in NSF Scientific Research

This year, Trusted CI is conducting a year-long effort on the security of operational technology in science. Operational technology (OT) encompasses broad categories of computing and communication systems that in some way interact with the physical world.  This includes devices that either have sensing elements or control elements, or some combination of the two.  Networked sensors and control systems are increasingly important in the context of science as they are critical in  operating scientific instruments.  Trusted CI is pleased to share its findings from this study, published in the following report:

Emily K. Adams, Daniel Gunter, Ryan Kiser, Mark Krenz, Sean Peisert, Susan Sons, and John Zage. “Findings of the 2022 Trusted CI Study on the Security of Operational Technology in NSF Scientific Research,” July 13, 2022. DOI: 10.5281/zenodo.6828675  https://doi.org/10.5281/zenodo.6828675

In support of this study, Trusted CI gratefully acknowledges the many individuals from the following NSF Major Facilities that contributed to this effort: IceCube Neutrino Observatory, NOIRLab, Ocean Observatories Initiative, and the United States Academic Research Fleet.

Now that Trusted CI has finished its examination of the current state of the security of OT in science, it will turn its focus to developing a roadmap of solutions to sustainably advance security of scientific operational technology, which will be published in late 2022.

Call for Trusted CI Framework Cohort Participation

 

The Framework Cohort is a six month, group engagement aimed at facilitating adoption and implementation of the Trusted CI Framework among NSF Major Facilities. During the engagement, members of the cohort will work closely with Trusted CI to adopt the Trusted CI  Framework at their facility, emerging with a validated assessment of their cybersecurity program and a strategic plan detailing their path to fully implement each Framework Must.Cohort members will participate in six monthly workshops (each three hours) and spend no more than eight hours each month outside of the workshops on cohort assignments. The second cohort will meet from July to December 2022.

 Since January 2022, Trusted CI has been working with six Major Facilities in the inaugural Framework cohort: GAGE, LIGO, NOIRLab, NRAO, NSO and OOI. As this inaugural Framework cohort approaches completion in June 2022, Trusted CI is looking for Major Facilities that are interested in participating in the upcoming second cohort.

 NSF Major Facilities interested in participating in the Framework cohort should respond to the call by completing the form at the bottom of this page: https://www.trustedci.org/trusted-ci-framework-cohort-participation. 

If you have any questions, please contact us at info@trustedci.org.

Trusted CI Applauds JASON Report on Facilities Cybersecurity

In 2021, the NSF "commissioned a study by the JASON advisory group to assess and make recommendations regarding cybersecurity at NSF’s major facilities.” In December, NSF publicly released the seven recommendations from the JASON group and NSF’s response to those recommendations. Given Trusted CI’s role over the past 10 years in providing leadership and guidance to NSF Major Facilities, we welcomed the opportunity to contribute to the JASON group’s study and the dialogue it spurred. The following text consists of each of the JASON group’s recommendations, followed by the response from NSF, and Trusted CI’s response, which is the unique contribution of this document. We provide our responses to help the community understand how Trusted CI can help them as they consider these recommendations and their impact within their own projects.

1. JASON recommendation: “NSF should maintain its current approach of supporting major facilities to enhance cybersecurity through assessments of risk, and development and implementation of mitigation plans. A prescriptive approach to cybersecurity should be avoided because it would be a poor fit to the diversity of facilities, would inefficiently use resources, and would not evolve quickly enough to keep up with changing threats.” NSF response: “NSF intends to maintain its current philosophy of performing oversight of awardee plans that are tailored to the unique natures of the individual major facilities. Through its review processes, NSF will ensure that these plans are consistent with best practices for cybersecurity that are in common between major research facilities and other types of infrastructure.”

Trusted CI response: Trusted CI will continue helping the NSF community develop and improve their cybersecurity plans which capture and prioritize best practices. Trusted CI will continue training and advising Major Facilities as they mature their cybersecurity programs and develop prioritized, mission-sensitive plans. We are available to support NSF reviews in any way that serves the community. We encourage expansion of NSF’s current approach and the inclusion of Trusted CI in the process of establishing generalized best practices for Major Facilities. We recommend those best practices align closely or equate to the Trusted CI Framework. NSF also recently released a new version of the Research Infrastructure Guide (formerly the Major Facilities Guide). Section 6.3 (Guidelines for Cybersecurity of NSF’s Major Facilities) has been significantly updated to align and refer to the Framework.

2. JASON recommendation: “An executive position for cybersecurity strategy and coordination for major facilities should be created at NSF. This executive should have authorities that allow them to continually support the balancing of cybersecurity, scientific progress, and cost in the distinct ways that will be appropriate for each facility.” 

NSF response: “NSF notes and agrees with the emphasis on such a position on strategy and coordination. NSF will explore different options for initiating the position and plans to create such a position within the next six months."

Trusted CI response: We strongly endorse this foundational recommendation and we look forward to collaborating with the new executive to fulfill our aligned missions. In Trusted CI’s experience, cybersecurity frequently proves ineffective or counterproductive when cybersecurity leadership lacks an understanding of the organization’s mission. An executive at NSF with expertise in both cybersecurity and the research mission would bring valuable additional perspective and leadership to NSF.

3. JASON recommendation: “Using annual reporting and review processes, NSF should ensure major facilities implement robust cybersecurity programs that remain consistent with current best practice.” 

NSF response: “NSF plans to review the elements of a good facility cybersecurity program, currently described in Section 6.3 of the NSF Major Facilities Guide, to ensure that this section is up to date. NSF will add cybersecurity as a required element of annual reports and program plans and conduct any additional specialized reviews based on perceived risk.”

Trusted CI response: Trusted CI helps facilities develop cybersecurity programs that help ensure productive, trustworthy science. The Trusted CI Framework is a tool to help organizations establish and refine their cybersecurity programs. In March 2021, we released the Framework Implementation Guide for Research Cyberinfrastructure Operators, which contains detailed guidance that can help major facilities implement effective cybersecurity programs and thereby addresses Section 6.3 of the Research Infrastructure Guide.

4. JASON recommendation: “NSF should develop a procedure for response to major cybersecurity incidents at its major research facilities, encompassing public relations, coordination mechanisms, and a pre-ordained chain of authority for emergency decisions. Each major facility should also have their own response plan that is both specific to its needs and consistent with NSF's plan.” 

NSF response: “NSF has charged a working group to develop a more robust response plan that integrates with both the agency's overall crisis communications plan and the response plans at the individual major facilities.”

Trusted CI response: Through our ongoing engagement activities with NSF Major Facilities and our mission "to lead in the development of an NSF Cybersecurity Ecosystem," we are uniquely positioned to provide guidance to this working group. During the past decade, we have built our understanding of cybersecurity challenges faced by the Major Facilities by hosting the annual Cybersecurity Summit, establishing and facilitating monthly meetings of the Large Facilities Security Team, and conducting 13 direct one-on-one engagements with the 10 of the Major Facilities. We look forward to bringing that experience, along with our ever-increasing understanding of the threat landscape faced by research facilities, to a productive collaboration with the working group and the executive identified in recommendation #2.

5. JASON recommendation: “NSF and the major facilities must be adequately resourced for their cyberinfrastructure and cybersecurity needs. What is appropriate will depend on each facility's unique characteristics and specific needs. The cybersecurity budget should be commensurate with perceived risk of an event, which may be unrelated to the cost of constructing or operating the facility.” 

NSF response: “NSF will work with each awardee to develop a cybersecurity risk register for each major facility and will then integrate those risk registers in order to determine the highest NSF risks and implement any needed mitigations.”

Trusted CI response: We agree with the JASON group’s assertion that Major Facilities must be adequately resourced for their cybersecurity needs. Cybersecurity spending is a necessary focus area in the expanding dialogue among Major Facilities, NSF, and other relevant stakeholders. Adequate resourcing to address unacceptable cybersecurity risk is precisely the subject of the Trusted CI Framework’s Must 11. Cybersecurity risk registers may be a helpful tool assessing whether cybersecurity spending is commensurate with the threats posed by unmitigated risk. However, the need for the allocation of cybersecurity resources is fundamental.

6. JASON recommendation: “NSF should refine facility proposal and design review processes to ensure that new major facilities plan cybersecurity as an integral part of the information technology infrastructure. NSF should regularly review the cybersecurity plans and efforts of both new and existing major facilities. Shifts to cloud-based cyberinfrastructure and to a wider range of partners will impact cybersecurity planning and need to be considered at proposal time.” 

NSF response: “NSF believes that the cybersecurity review process at the time of awards should be risk-based. NSF will work to ensure that cybersecurity is a specified element and review criterion of each call for proposals in a major facility competition. For a renewal proposal, NSF will include a requirement for submission of a cybersecurity plan. For a new construction award, or a project in the Design Stage, the cybersecurity plan will be required to be integrated with the Project Execution Plan. NSF will assure that appropriate expertise is present on review panels to assess the adequacy of the cybersecurity plan.”

Trusted CI response: We support the recommendation to require cybersecurity planning as part of facility proposal and design and would extend that recommendation to include the construction phase as well. For renewal proposals, we recommend expanding the requirement such that facilities must submit evidence of an active cybersecurity program (not just a plan). Trusted CI’s guidance provides facilities with the means to both plan and assess their programs. Prioritized, mission-based cybersecurity planning is central to the Trusted CI Framework, and we have demonstrated experience supporting NSF Major Facilities with cybersecurity strategic planning, through activities like the LFST, regular engagements, the NSF Summit and our 2022 Framework cohort.

7. JASON recommendation: “NSF should remain aware of national security concerns regarding its facilities and continue to facilitate coordination with appropriate agencies.” 

NSF response: “NSF will conduct an assessment of national security concerns that may be associated with its major research facilities.”

Trusted CI response: Several members of the Trusted CI team have experience working at the intersection of cybersecurity and national security, and we are happy to be a resource to facilities in this area. Trusted CI has a long and successful history providing tailored, actionable guidance and expertise to NSF Major Facilities. The JASON working group’s recommendations are a strong endorsement of NSF’s direction, Trusted CI’s contribution, and if followed, represent a step forward in ensuring the security of our nation’s science. Collaborating with NSF and Major Facilities to enable trustworthy science is central to Trusted CI’s mission.

NOIRLab Engagement Focuses on Framework Adoption, Assessment, and Strategic Planning

Over the course of 2021, Trusted CI and NOIRLab (NSF Major Facility) collaborated on an engagement to assist NOIRLab in formally adopting and aligning to the Trusted CI Framework. NOIRLab is the preeminent US national center for ground-based, nighttime optical and infrared astronomy. 

In the first half of 2021, Trusted CI conducted an assessment of NOIRLab’s cybersecurity program using the Trusted CI Framework. The assessment culminated in the delivery of an Assessment Report [1] describing NOIRLab’s cybersecurity program and recommendations to improve. The report also included an “implementation rating” for each of the 16 Trusted CI Framework Musts. 

In the second half of 2021, NOIRLab and Trusted CI continued the engagement with a series of monthly workshops designed to aid NOIRLab in implementing the highest priority recommendations from the Assessment Report. These workshops allowed Trusted CI to continue to provide input and guidance while NOIRLab tackled the most pressing changes needed to its cybersecurity program.  

Engagement Outcomes

• NOIRLab is among the first Major Facilities to formally adopt the Trusted CI Framework. NOIRLab’s adoption is formalized in policy.
• NOIRLab received an Assessment Report detailing Strengths and Opportunities, Challenges and Barriers, and discrete recommendations to improve their cybersecurity program.
• NOIRLab developed an updated Master Information Security Policy and Procedures document, aligning with Trusted CI’s updated template.
• NOIRLab adopted and began using the CIS Controls as its baseline control set.
• NOIRLab developed a Cybersecurity Program Strategic Plan (CPSP). The CPSP described NOIRLab’s mission, how NOIRLab’s cybersecurity program supports its mission, a cybersecurity strategy, and a timeline detailing the strategic outcomes the cybersecurity program will plan to achieve over the next three years. 
• NORILab’s strategic planning efforts dramatically helped Trusted CI refine its cybersecurity strategic planning approach and will lead to updates to the CPSP template.
• The success of the monthly workshops led to the development of a new Trusted CI “cohort” engagement approach to support scaling Framework adoption and implementation.

John Maclean, the Director of Center Operations Services for NOIRLab, said the following of the engagement:

“Trusted CI has given us a Framework, appropriate to our environment, with which to build our cybersecurity program. It allows us to do this in a manner that balances scientific productivity against organizational risk in a cost effective manner.”

Chris Morrison, the engagement lead for NOIRLab, said the following of the engagement:

“As we continue to merge technologies and processes throughout our constituent programs, the Framework assessment helped us focus our cybersecurity effort and think strategically. The programmatic focus on the initiatives is helping us make cybersecurity visible and understandable across the organization. The follow-on activities will unquestionably support this systematic deployment and facilitate communication and decision-making with NOIRLab’s senior leadership. We are incredibly pleased with the process and outcome of the engagement with Trusted CI, and we now have a clear and prioritized path forward.”

[1] This assessment was based on the PACT cybersecurity assessment methodology. PACT was developed by the Center for Applied Cybersecurity Research in collaboration with the US Navy. For more information about PACT, see https://cacr.iu.edu/pact/index.html.