http://doodle.com/poll/3xq7aguvytg2vvnm
CTSC is working to identify a three day period in August 2016 for the
next NSF Cybersecurity Summit. We've heard the community's feedback and
are trying to secure a Tuesday-Thursday event at our preferred venue to
help folks avoid weekend travel. As of today, we have three options
available to us. We'll keep this poll open for one week.
If you
anticipate trying to attend the 2016 summit, please let us know your
preferences!
(Feel free to identify yourself, your project, or your favorite superhero when you vote. One vote per individual please.)
Thursday, November 12, 2015
Tuesday, October 20, 2015
CTSC Year 3 Report Published
CTSC's Year 3 report, covering activities from October of 2014 through September of 2015, has been accepted by NSF and is available online at http://trustedci.org/reports.
Tuesday, August 25, 2015
Nice incident response case study by U. Michigan
The University of Michigan has published a nice case study on an incident with their social media early this month. Publishing case studies such as this are a good way to disseminate our experiences and learn from each other.
(Image credit: http://socialmedia.umich.edu/blog/hacked/)
Friday, August 14, 2015
Gemini and CTSC Collaborate on Intensive Cybercheckup
In June 2015, as a precursor to a forthcoming full engagement, Gemini Observatory and CTSC undertook a brief, but very intensive “cybercheckup”-style engagement. Using Indiana University’s REDCap service (https://redcap.uits.iu.edu/), CTSC has developed a questionnaire designed to gather key pieces of information regarding the information security program at large-scale NSF projects and facilities. Gemini personnel completed this questionnaire, and met with the CTSC engagement team on two occasions, to discuss the cybercheckup process and provide more detailed information. In early July, CTSC delivered a report to Gemini with recommendations for the Gemini information security program, prioritized by CTSC’s estimated cost and impact in implementing the recommendations. Following the NSF Cybersecurity Summit, we will sit down in person in Arlington to review the report. Gemini and CTSC will use these results to structure and make the most of our Fall 2015 full engagement.
"I feel very fortunate to have the resources of CTSC available to Gemini Observatory as we develop a more mature, comprehensive "v2.0" cybersecurity program. The breadth and depth of knowledge and experience that the CTSC team has contributed thus far is vast, and has been key in gaining budgetary and Directorate support for cybersecurity initiatives.” -- Tim Minick, Information Technology Services Manager, Gemini Observatory
CTSC thanks Gemini for the effort and openness required to make this kind of activity valuable.
Wednesday, August 12, 2015
October 2015 WISE Workshop
Operators of scientific cyberinfrastructure (CI) and National Research and Education Networks (NRENs) will be meeting October 20-22 in Barcelona to discuss security collaboration at the WISE Workshop ("Wise Information Security for collaborating E-infrastructures"). Participants will discuss evaluating the maturity of security operations using frameworks such as ISO 27000, the Trust Framework for Security Collaboration among Infrastructures (SCI), and the CTSC Guide. Also, participants will discuss security incident handling, including the Security Incident Response Trust Framework for Federated Identity (Sirtfi). Please consider joining us at the workshop. It will be a particularly valuable opportunity for security staff supporting international scientific collaborations to interact with their European counterparts. Registration is now open. If you have any comments, including topics you would like CTSC staff to raise at the workshop, please join the CTSC discussion list or contact CTSC directly.
Monday, June 29, 2015
Large Synoptic Survey Telescope (LSST) Realigns Cybersecurity Plan to CTSC’s Guide
At the 2014 Cybersecurity Summit, Don Petravick approached CTSC to assist with developing a new LSST security plan based on CTSC’s “Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects.” With a January 2015 deadline to provide a progress report to the NSF, CTSC committed to meet with LSST on a weekly basis through the end of 2014 to help rework their security plan. The effort was extended through the end of January 2015. The LSST team carried out the planning effort, with CTSC acting in an advisory role to align the new LSST plan with the CTSC cybersecurity framework. LSST’s provided CTSC with a first hand view of the Guide in action,and constructive feedback for future versions. At the completion of the five month engagement, LSST had a revised cybersecurity plan that included a Master Information Security Policy, Acceptable Use Policy, Incident Response Policy and a risk assessment based on the current and planned project environment.
“The project was under pressure to deliver an updated Cybersecurrity program. CTSC understood our situation and provided a contemporary framework that was straightforward and practical to apply to our environment. With their support we were able to meet the deadline with a revised modern Cybersecurity plan.” - Don Petravick, PI Dark Energy Survey Data Management, and Consultant To ISLE Project
Monday, June 8, 2015
AARC and CTSC Collaborate on Interfederation
CTSC is starting a collaboration with the European Authentication and Authorisation for Research and Collaboration (AARC) project on use of federated identities for international science. AARC is a two year project that started May 2015. Jim Basney from CTSC joined the June 3-4 AARC kick-off meeting to begin the collaboration.
As the infrastructures for international scientific collaborations migrate from X.509 to SAML for identity management, there is a strong need for interoperability across national SAML federation boundaries. In 2014, the US InCommon federation joined eduGAIN, which connects SAML federations around the world, and now InCommon is engaging with science projects on international interfederation pilots. At the same time, the AARC project in Europe is addressing international adoption of SAML federations by research projects. This represents an opportunity to achieve critical mass around EU-US interfederation activities for science, with CTSC providing needed coordination on the US side.
Specific goals for the CTSC-AARC collaboration include:
To participate in the discussion, please join the CTSC Federated Identity Discussion List.
As the infrastructures for international scientific collaborations migrate from X.509 to SAML for identity management, there is a strong need for interoperability across national SAML federation boundaries. In 2014, the US InCommon federation joined eduGAIN, which connects SAML federations around the world, and now InCommon is engaging with science projects on international interfederation pilots. At the same time, the AARC project in Europe is addressing international adoption of SAML federations by research projects. This represents an opportunity to achieve critical mass around EU-US interfederation activities for science, with CTSC providing needed coordination on the US side.
Specific goals for the CTSC-AARC collaboration include:
- Training: Develop and disseminate training materials to enable science projects to implement federated access.
- Pilots: Facilitate US participation in interfederation pilot projects.
- Incident Response: Establish an operational framework for security and incident response in R&E federations via the SIRTFI working group.
- Levels of Assurance: Map requirements of cyberinfrastructure providers to an assurance framework that can be implemented in a cost-effective manner by identity federations.
To participate in the discussion, please join the CTSC Federated Identity Discussion List.
Subscribe to:
Posts (Atom)