NSF Announces CICI Program Solicitation

NSF’s Office of Advanced Cyberinfrastructure recently announced solicitation 22-581 in the Cybersecurity Innovation for Cyberinfrastructure program. Proposals, due June 27, are solicited in three areas:

• Usable and Collaborative Security for Science (UCSS)
• Reference Scientific Security Datasets (RSSD)
• Transition to Cyberinfrastructure Resilience (TCR)

NSF is hosting a webinar covering the objectives of the CICI program on April 27th at 2 PM Eastern. During the 90-minute webinar, Program Director Robert Beverly will discuss the program and answer questions. The presentation portion of the webinar will be recorded and posted on the CICI program website. Please register to attend.

As a reminder, you can find resources for including Trusted CI in your proposal on our website.

Leverage Trusted CI in your NSF SaTC Proposal

NSF SaTC solicitations are focused on areas critical to cybersecurity research and development. NSF's current Secure and Trustworthy Cyberspace Frontiers Solicitation (LOI Due July 5th, Proposal due Sept 30th) in conjunction with the SaTC program solicitation NSF 18-572 includes the following guidance:

The goals of the SaTC program are aligned with the Federal Cybersecurity Research and Development Strategic Plan (RDSP) and the National Privacy Research Strategy (NPRS) to protect and preserve the growing social and economic benefits of cyber systems while ensuring security and privacy. The RDSP identified six areas critical to successful cybersecurity research and development: (1) scientific foundations; (2) risk management; (3) human aspects; (4) transitioning successful research into practice; (5) workforce development; and (6) enhancing the research infrastructure.

Trusted CI, the NSF Cybersecurity Center of Excellence, has engaged practitioners in research, academia, industry, and government to identify top cybersecurity needs and gaps which might be filled through successful transitioning of cybersecurity research into practice , as reported on the Trusted CI TTP blog. We may be able to connect you with practitioners enunciating needs which your project innovations may address. We have identified NSF funded cybersecurity researchers actively working to address some of the top cybersecurity needs, with whom we can connect you to enable collaboration for NSF research transition.

We offer the following suggestions to engage us in these areas.

Reach out to us at info@trustedci.org to let us know the focus for your project, and the types of practitioners or researchers you would like to collaborate with to support your proposal. 

Participate in the Cybersecurity TTP Program. Request an invitation to attend the June 19, 2019 Cybersecurity TTP workshop in Chicago, where you will meet researchers and practitioners.

Indicate Your Intent to Approach the CCoE regarding your proposal. We invite proposing NSF SaTC projects to indicate their intention to approach Trusted CI once they are funded. Proposers are free to include language showing an awareness of cybersecurity of a specific issue and showing you are aware of Trusted CI, how we can help, and that you plan to approach us if funded to collaborate. You can do this unilaterally without any commitment from Trusted CI (and please be aware it does not commit Trusted CI, we do our best to help all NSF projects, but are subject to our own resource availability). We ask that you let us know if you reference Trusted CI, this way to help us plan ahead.

Possible language to include in a proposal:

Our proposal team recognizes [the need to collaborate with operational leaders and cybersecurity researchers to enable practical cybersecurity innovations to be accelerated into operational environments in our areas of focus including xxx]. To address this we plan to approach the NSF-funded Cybersecurity Center of Excellence (trustedci.org). The Cybersecurity Center of Excellence (CCoE) engages researchers and practitioners to identify and help address cybersecurity challenges and maintain the trustworthy nature of cyberinfrastructure. We understand that engagements with CCoE are collaborative, and have budgeted resources in our project to work with CCoE on our challenge.

Trusted CI can also provide a letter of collaboration for your proposal using this template.

Include the CCoE in your Proposal. You can include one or more of the CCoE Partners (IU, Internet2, LBNL, NCSA, PSC, U. Wisconsin) via a subcontract on your proposal, a process that provides a firm commitment of our participation. Please contact us to discuss which partner would be most appropriate, whether the commitment would be exclusive for a given solicitation, and the level of effort that would be involved. In this case, we would provide a custom letter of collaboration indicating our agreement to the terms of the subcontract.

If you are preparing a SaTC, CICI, or other NSF proposal and would like additional assistance from Trusted CI, don't hesitate to contact us to discuss how Trusted CI can help.

Including Trusted CI in your NSF CSSI Proposal

Cybersecurity is an important element in every cyberinfrastructure project plan. For example, NSF's current Cyberinfrastructure for Sustained Scientific Innovation (CSSI) solicitation (Due Monday, April 8th) includes the following guidance:

The description of the CI architecture and processes should explain how security, trustworthiness, provenance, reproducibility, and usability will be addressed by the project and integrated into the proposed system and the engineering process, and how adaptability to new technologies and changing requirements will be addressed by the project and built into the proposed system, as appropriate.

It's often the case that while writing a proposal you will identify a cybersecurity challenge suited to a collaboration with Trusted CI. We offer the following suggestions to indicate your intent to engage with Trusted CI to solve the challenge, hence indicating in your proposal that you both recognize the challenge and take it seriously.

Identify and utilize Trusted CI resources. Our cybersecurity program guide provides recommendations and templates for establishing and maintaining cybersecurity programs. Our online training materials and webinars cover many cybersecurity topics tailored to the NSF CI community. Our annual cybersecurity summit provides a venue for training sessions for cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI community.

Indicate Your Intent to Approach the CCoE. We invite proposing NSF CI projects to indicate their intention to approach Trusted CI once they are funded. Trusted CI resources and staff are available to assist NSF projects with cybersecurity plans and training, via one-on-one engagements, and other Trusted CI activities. For example, Trusted CI recently engaged with the Environmental Data Initiative (EDI). Proposers are free to include language showing an awareness of cybersecurity of a specific issue and showing you are aware of Trusted CI, how we can help, and that you plan to approach us if funded to collaborate on addressing the issue. You can do this unilaterally without any commitment from Trusted CI (and please be aware it does not commit Trusted CI, we do our best to help all NSF projects, but are subject to our own resource availability). We ask that you let us know if you reference Trusted CI, this way to help us plan ahead.

Possible language to include in a proposal:

Our proposal team recognizes [that cybersecurity is important for the effort we are undertaking | we have a cybersecurity challenge with regards to XXX]. To address this issue we plan to approach the NSF-funded Cybersecurity Center of Excellence (trustedci.org). The Cybersecurity Center of Excellence (CCoE) engages projects such as the one we propose to help them address cybersecurity challenges and maintain the trustworthy nature of the computational science we support. We understand that engagements with CCoE are collaborative, and have budgeted resources in our project to work with CCoE on our challenge.

Trusted CI can also provide a letter of collaboration for your proposal using this template.

Include the CCoE in your Proposal. You can include one or more of the CCoE Partners (IU, Internet2, LBNL, NCSA, PSC, U. Wisconsin) via a subcontract on your proposal, a process that provides a firm commitment of our participation. Please contact us to discuss which partner would be most appropriate, whether the commitment would be exclusive for a given solicitation, and the level of effort that would be involved. In this case, we would provide a custom letter of collaboration indicating our agreement to the terms of the subcontract.

If you are preparing a CSSI proposal and would like additional assistance from Trusted CI, don't hesitate to contact us to discuss how Trusted CI can help.

CTSC Collaboration with NSF Campus Cyberinfrastructure and CyberTraining Projects

NSF's 2018 solicitation for Campus Cyberinfrastructure (CC*) projects states that the "Campus CI plan should address the campus-wide approach to cybersecurity in the scientific research and education infrastructure," and NSF's 2018 solicitation for CyberTraining projects highlights the need for "training and certification of CI Professionals in cybersecurity technology and management for advanced CI-enabled research."

CTSC resources and staff are available to assist Campus Cyberinfrastructure and CyberTraining projects with cybersecurity plans and training, via one-on-one engagements and other CTSC activities. For example, CTSC recently engaged with the University of New Hampshire Research Computing Center (funded in part by the NSF CC*DNI program).

Our cybersecurity program guide provides recommendations and templates for establishing and maintaining cybersecurity programs. Our online training materials and webinars cover many cybersecurity topics tailored to the NSF CI community. CTSC staff are available to participate in training events as our schedule and travel budget allows. We can also assist with disseminating announcements about training events and training materials to the community. Our annual cybersecurity summit provides a venue for training sessions for cybersecurity practitioners, technical leaders, and risk owners from within the NSF Large Facilities and CI community.

If you are preparing a Campus Cyberinfrastructure or CyberTraining proposal to address cybersecurity needs, please see our guidance on including CTSC in a proposal and don't hesitate to contact us to discuss how CTSC can help.

NSF Webinar on CICI, other solicitations: March 3rd, 11am-2pm ET

NSF will be hosting a webinar on the recent Cybersecurity Innovation for CyberInfrastructure solicitation as well as other solicitations on March 3rd from 11am-2pm EST. See http://www.nsf.gov/events/event_summ.jsp?cntn_id=137798&org=CISE for more details.

CTSC Collaboration with CICI Projects

NSF has released the 2016 Cybersecurity Innovation for Cyberinfrastructure (CICI) solicitation. As the Cybersecurity Center of Excellence (CCoE) funded under the 2015 CICI solicitation, CTSC is undertaking the following activities on which we invite current and proposed CICI projects to collaborate:

• Situational Awareness: As a CCoE, we will formalize the community notification process we have already begun under CTSC and provide a Cybersecurity Situational Awareness service for the NSF community. We will distribute vulnerability and other cybersecurity information to the NSF community, tailored for cyberinfrastructure, and CICI projects are welcome to disseminate our notifications to their communities and contribute to the information.
• Cybersecurity Program Guide: The Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects is available to help guide you in working with NSF projects in establishing cybersecurity programs.
• Training: CTSC has developed training materials tailored for the NSF community that we encourage you to use. We can also provide training ourselves as our schedule and travel budget allows.
• Monthly Online Webinars and Chats: As a CCoE, we will host monthly online webinars and chats (similar to the IAM Online series hosted by InCommon). We are happy to invite CICI awardees to present their work.
• Best practices on Reviews and Engagements: For Regional Cybersecurity Collaborations we are happy to share our experiences and lessons learned in collaborating with NSF projects to address their cybersecurity challenges. Lessons to-date can be found in our reports to NSF.

If you have questions on these topics or other suggestions for collaboration with your existing or proposed CICI project, please contact us.

CTSC Advice on Cybersecurity for NSF IRNC Solicitation

NSF’s IRNC solicitation has the following special award condition:

The awardee is responsible for security of all equipment and information systems funded directly or indirectly by this award. The awardee may be required to present to the cognizant NSF Program Officer and Grants and Agreements Officer an IT security plan addressing policies and procedures for review and approval within 60 days of award. The plan should include evaluation criteria that will measure the successful implementation and deployment of the plans, policies and procedures.

CTSC has the following advice when crafting this security plan, some of which you may want to mention in your proposal:

1. When considering cybersecurity, consider the security of the network routing, monitoring and operations infrastructure, as well as the information security needs of the endpoint customers you are serving.
2. Review the outcomes of the Security at the Cyber Border workshop which discusses the shared cybersecurity responsibilities of link operators and the organizational endpoints they serve. The report also discusses challenges of making network data available to researchers.
3. When considering the cybersecurity of the network, take a risk-based approach as described by NIST and CTSC. CTSC has online training on developing a risk-based cybersecurity program.
4. For monitoring needs, consider Bro and the NSF-funded Bro Center of Expertise.

Finally, CTSC exists to help NSF project with cybersecurity challenges. We can give your plan a quick review for completeness, or collaboratively help you address challenges. Please feel free to contact us either before or after proposal submission.