Trusted CI podcast

March 2024: Lessons from the ACCORD Project

The ACCORD cyberinfrastructure project at the University of Virginia (UVA) successfully developed and deployed a community infrastructure providing access to secure research computing resources for users at underserved, minority-serving, and non-PhD-granting institutions. ACCORD's operational model is built around balancing data protection with accessibility. In addition to providing secure research computing resources and services, key outcomes of ACCORD include creation of a set of policies...

December 2023: Open Science Chain

The envisioned advantage of sharing research data lies in its potential for reuse. Although many scientific disciplines are embracing data sharing, some face constraints on the data they can share and with whom. It becomes crucial to establish a secure method that efficiently facilitates sharing and verification of data and metadata while upholding privacy restrictions to enable the reuse of scientific data. This presentation highlights our NSF-funded Open Science Chain (OSC) project, accessi...

September 2023: Improving the Privacy and Security of Data for Wastewater-based Epidemiology

As the use of wastewater for public health surveillance continues to expand, inevitably sample collection will move from centralized wastewater treatment plants to sample collection points within the sewer collection system to isolate individual neighborhoods and communities. Collecting data at this geospatial resolution will help identify variation in select biomarkers within neighborhoods, ultimately making the wastewater-derived data more actionable. However a challenge in achieving this i...

August 2023: Leveraging Adaptive Framework for Open Source Data Access Solutions

More than a decade ago, Clemson University outlined the requirements needed to integrate several campus-wide enterprise applications in a way that would automate the exchange of data between them, and establish the relationships of that data to the unique identities that represented all users within the system, including faculty, staff, students, alumni and applicants. There would be no direct access of data, except through applications that were approved and had established Memorandum of Und...

July 2023: The Technical Landscape of Ransomware: Threat Models and Defense Models

Ransomware has become a global problem. Given the reality that ransomware will eventually strike your system, we focus on recovery and not on prevention. The assumption is that the attacker did enter the system and rendered it inoperative to some extent. We start by presenting the broad landscape of how ransomware can affect a computer system, suggesting how the IT manager, system designer, and operator might prepare to recover from such an attack. We show the ways in which ransomware can...

June 2023: SecureMyResearch at Indiana University: Effective Cybersecurity for Research

May 2023: Senior Citizens Striking Back at Scammers

Thousands of people fall for online scams every year. Anyone can be scammed, but older adults in the US are the most targeted population in the world. By far. Those over age 60 lost over $3 Billion last year—and that’s just the ones who reported it. One of the fastest growing scams aimed at seniors is romance scams, especially those involving cryptocurrency, which is largely impossible for US law enforcement to prosecute. Websites and education programs to inform seniors about scams exist, bu...

April 2023: Cybersecurity Operations for the NSF ACCESS Cyberinfrastructure

On September 1, 2022, the U.S. National Science Foundation (NSF) ACCESS Cyberinfrastructure started production operations, ushering in a new era following two decades of cooperative cyberinfrastructure partnerships among several leading centers for High Performance Computing (HPC) at U.S. universities and research institutions under the NSF TeraGrid and XSEDE projects. The NSF ACCESS Cyberinfrastucture is composed of five funded projects, including an ACCESS Coordination Office and four track...

March 2023: The Internet2 Routing Integrity Initiative

The Internet2 Routing Integrity Initiative aims to improve the research and education (R&E) community’s adoption of best practices that strengthen the resilience and reliability of data movement across the R&E network ecosystem to support our shared missions. Routing integrity is an end-to-end challenge that requires the participation of the entire Internet2-networked community and beyond. This presentation will cover the pillars of the Routing Integrity Program and review resources you can u...

February 2023: Using the Trusted CI Framework to Create the CFDE Cybersecurity Program

The NIH Common Fund Data Ecosystem (CFDE) aims to enable the broad use of Common Fund (CF) data sets to accelerate discovery. CF programs generate a wide range of diverse and valuable data sets designed to be used by the research community. However, these data sets reside in different locations, and it is challenging or even impossible to work with multiple data sets in an accessible and user-friendly way. To help remedy this problem, the CFDE has created an online discovery portal that helps...

January 2023: Improving the Security of Open-Source Software Infrastructure

Remote monitoring and control of industrial control systems are protected using firewalls and user passwords. Cyberattacks that get past firewalls have unfettered access to command industrial control systems with potential to harm digital assets, environmental resources, and humans in proximity to the compromised system. In this talk, I will discuss our approach to prevent and mitigate such harms in scientific industrial control systems by enhancing the security of open-source cyberinfrastruc...

December 2022: Science DMZ Engagement with University of Arkansas

A Science DMZ is a special network architecture designed to improve the speed at which large science data transfers can be made over the Internet while maintaining security of the assets. This webinar will provide an overview of the Science DMZ architecture, how to secure it, and cover use cases such as the statewide science network in Arkansas. Speaker Bios: Mark Krenz: Mark Krenz is the Chief Security Analyst at the Indiana University Center for Applied Cybersecurity Research and the Deput...

September 2022: Lowering the Barrier to Entry for Regulated Research Through Community Building

Keeping up on the newest Federal regulations or supporting it appropriately is a full time job even though it is rarely able to be a dedicated position. We will share how a new community of practice on the block is lowering the barrier to entry by elevating the entire community’s regulated research programs through: 1) Building relationships 2) Collecting best practices 3) Opening the dialogue on challenges by broadly sharing lessons learned 4) Aligning with other communities 5) Simplifying c...

August 2022: CIS Controls with Trusted CI

The Trusted CI Information Security Office (ISO) team will be presenting a webinar on the CIS Controls. This will include background and information on the CIS controls, our recent experiences using the controls to assess Trusted CI’s own cybersecurity program and operations, and how that can be applied to your own project. Topics include: * Who Trusted CI is and why we have a cybersecurity program. * Background on the CIS controls and what an assessment is. * What led us to perform ...

June 2021: Ransomware: Threats & Mitigations with REN-ISAC

The education industry has unceremoniously emerged as the second most common target for ransomware. It continues to evolve in how it is used as a fund-raiser for criminal organizations and how the technology works, to keep its victims guessing as to defense and eradication. Institutions face the difficult challenge of preserving academic freedom, easy access to information, and open collaboration while defending from threat actors who exploit these same characteristics. This presentation will...

Apr 2022: Updates from the Trusted CI Framework Cohort

The Trusted CI Framework is a minimum standard for cybersecurity programs. In response to cybersecurity guidance focused narrowly on cybersecurity controls, the Trusted CI Framework provides a more holistic and mission-focused standard for managing cybersecurity. In order to encourage adoption of the Trusted CI Framework, we have created a program called the Framework Cohort, where representatives from multiple NSF Major Facilities and other "Key Projects" participate in a group engagement wi...

Feb 2022: The Results of the Trusted CI Annual Challenge on Software

This webinar presents the results of Trusted CI's 2021 examination of the state of software assurance in scientific computing, and also gives an overview of the contents of its recently released Guide to Securing Scientific Software (GS3), aimed at helping developers of software used in scientific computing improve the security of that software. See our blog post announcing the report: https://blog.trustedci.org/2021/12/publication-of-trusted-ci-guide-to.html Speaker Bios: Dr. Elisa Heyman...

Jan 2022: Populating the HECVAT as an Academic Research Provider - Representing Your Security Posture For Your Higher-Ed Information Security Partners

At one time, higher-ed was the requestor of HECVAT's - now we are being called to populate them for our peers. The Higher Education Community Vendor Assessment Toolkit (HECVAT) has become the de facto standard for vendor risk and security assessment in higher education and the number of universities around the globe using the HECVAT in their assessment process is well into the hundreds. As researchers, and those in the academic mission, consume services of academic research providers (e.g., t...

Dec 2021: Lessons learned from a real-world ransomware attack on researchers at MSU

Ransomware report: https://hdl.handle.net/2022/26638 Cybercriminals are increasingly targeting researchers (along with hospitals, cities, schools, and utilities) because ransomware allows them to target a broader set of victims. Ransomware monetizes the attack by encrypting data and holding it ransom until victims pay, meaning victims no longer need to hold data of direct financial value. The proliferation of ransomware attacks has led to the U.S. Department of Justice calling it a growing n...

Oct 2021: The Trusted CI Framework; Overview and Recent Developments

The Trusted CI Framework is a tool to help organizations establish and refine their cybersecurity programs. In response to an abundance of guidance focused narrowly on cybersecurity controls, Trusted CI set out to develop a new framework that would empower organizations to confront cybersecurity from a mission-oriented, programmatic, and full organizational lifecycle perspective. The Trusted CI Framework recommends organizations take control of their cybersecurity the same way they would any ...

Sep 2021: Q-Factor: Real-time data transfer optimization

Q-Factor is a framework to enable data transfer optimization based on real-time network state information provided by programmable data planes. Communication networks are critical components of today’s scientific workflows. Researchers leverage long-distance ultra-high-speed networks to transfer massive data sets from acquisition sites to processing sites and share measurements with scientists worldwide. However, while network bandwidth is continuously increasing, most data transfers are unab...

Aug 2021: NCSA Experience with SOC2 in the Research Computing Space

As the demand for research computing dealing with sensitive data increases, institutions like the National Center for Supercomputing Applications work to build the infrastructure that can process and store these types of data. Along with the infrastructure can come a host of regulatory obligations including auditing and examination requirements. We will present NCSA’s recent SOC2 examination of its healthcare computing infrastructure and how we ensured our controls, data collection and proc...

July 2021: A capability-based authorization infrastructure for distributed High Throughput Computing

The OSG Consortium provides researchers with the ability to bring their distributed high throughput computing (dHTC) workloads to a pool of resources consisting of hardware across approximately 100 different sites. Using this “Open Science Pool” resource, projects can leverage the opportunistic access (nodes that would be otherwise idle at the site), dedicated hardware, or allocated time at large-scallel NSF-funded resources. While dHTC can be a powerful tool to advance scientific discovery...

June 2021: Investigating Secure Development In Practice: A Human-Centered Perspective

Secure development is not just a technical problem: it’s a human and organizational problem as well. To understand the causes of insecurity, and find effective solutions, we must understand how and why security problems happen, and what barriers stand in the way of fixing them. How can we make it easier for developers to write secure code, even without special training? In this talk, I will report on findings from several recent studies addressing these questions. These include examining the ...

May 2021: Identifying Vulnerable GitHub Repositories in Scientific Cyberinfrastructure

The scientific cyberinfrastructure community heavily relies on public internet-based systems (e.g., GitHub) to share resources and collaborate. GitHub is one of the most powerful and popular systems for open source collaboration that allows users to share and work on projects in a public space for accelerated development and deployment. Monitoring GitHub for exposed vulnerabilities can save financial cost and prevent misuse and attacks of cyberinfrastructure. Vulnerability scanners that can i...

Apr 2021: Trusted CI webinar: Arizona State's Science DMZ

Drawing upon its mission to enable access to discovery and scholarship, Arizona State University is deploying an advanced research network employing the Science DMZ architecture. While advancing knowledge of managing 21st-century cyberinfrastructure in a large public research university, this project also advances how network cyberinfrastructure supports research and education in science, engineering, and health. Replacing existing edge network equipment and installing an optimized, tuned Da...

Bonus episode: Operationalizing the Framework: Getting management to understand cybersecurity

We have a bonus podcast episode, it is brought to us by our partners at the ReserachSOC. In March of this year, Trusted CI published its Framework Implementation Guide for Research Cyberinfrastructure Operators. In this podcast episode, Craig Jackson, architect of the Trusted CI Framework and Susan Sons, Deputy Director of Research SOC, discuss how to use the Framework to enhance relationships with key stakeholders while driving forward action to improve the overall cybersecurity posture ...

May 2016: Webinar Series Kick-off

In January 2016 we announced that CTSC was named NSF's Cybersecurity of Excellence. Its role is to provide readily available cybersecurity services tailored to the NSF science community. With this in mind, we are announcing the CCoE Webinar Series. The kickoff presentation will be presented by members of the CTSC Leadership Team and focuses on who we are, our activities, projects, and areas we can assist the community. Presentations will be recorded and include time for questions with the aud...

Jun 2016: Risk Self-Evaluation

This talk will present a self-evaluation spreadsheet which can be used by projects to make an initial assessment of their cybersecurity readiness. The spreadsheet is based on the “Securing Commodity IT in Scientific CI Projects” document available as part of CTSC’s Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects. More information can be found at: http://trustedci.org/guide This talk is presented by CTSC's Terry Fleury

Jul 2016: XSEDE Information Sharing

The Extreme Science and Engineering Discovery Environment (XSEDE) is the most advanced, powerful, and robust collection of integrated advanced digital resources and services in the world. It is a single virtual system that scientists can use to interactively share computing resources, data, and expertise. This session will provide an overview of the XSEDE information security program used to protect information and assets for the $121 million dollar project. Focus areas will include informati...

Aug 2016: The Science DMZ as a Security Architecture

The Science DMZ architecture proposes a novel method of design for network segments optimized for large­ scale data transfer (LSDT) functionality. LSDT has special requirements, both in the security and functional arenas. Attempts to incorporate LSDT functionality into a more traditional perimeter security model can cause problems both with LSDT functionality, as well as weaken overall campus security. The Science DMZ attempts to solve this problem by segmenting the LSDT function away from th...

Sep 2016: The Risk of the Commons

Open Source, as a development methodology has revolutionized how we innovate, how we develop, and how we consume software. Now, any cutting edge technology software is presumed to be open source. So what does software methodology have to learn from 19th century economics of farming? Unfortunately quite a lot. While the open source methodology allows tremendous speed in the rate of innovation; but all too frequently we consume without any idea of how well software is maintained. This has led u...

Oct 2016: Science or Security?

In my long career in science-related IT, I've seen security go from a non-issue to a big issue. I'll first relate a few security anecdotes from that career, including founding this series of summits. Then I'll describe some conclusions I've come to about this pesky subject. Finally, I'll outline the security research strategic plan created by the interagency NITRD program's senior steering group for computer security and information assurance. This talk is presented by George Strawn of the N...

Dec 2016: CICI Regional Cybersecurity Collaboration projects

Our last webinar episode of the first season is a group presentation on the CICI Regional Cybersecurity Collaboration projects. The presenters and project names are: * Xinwen Fu, New England Cybersecurity Operation and Research Center (CORE) * James Joshi & Brian Stengel, SAC-PA: Towards Security Assured Cyberinfrastructure in Pennsylvania * Jaroslav Flidr, Substrate for Cybersecurity Education; a Platform for Training, Research and Experimentation (SCEPTRE) * Jill Gemmill, SouthEast SciEntif...

Jan 2017: Open Science Cyber Risk Profile

The Open Science Cyber Risk Profile (OSCRP) is a joint project of the Center for Trustworthy Scientific Cyberinfrastructure, the NSF Cybersecurity Center of Excellence, and the Department of Energy’s Energy Sciences Network (ESnet). Over the course of 2016, the CTSC and ESnet organized a working group of research and education community leaders to develop a risk profile for open science. The risk profile is a categorization of scientific assets and their common risks to science to greatly exp...

Feb 2017: Practical Cybersecurity Program for (Smaller) Science Programs

Based on CTSC’s cybersecurity program development guide (see trustedci.org/guide), this webinar addresses practical information security tasks for small and medium science projects. The NSF CCoE’s work spans the full range of NSF-funded projects and facilities, and cybersecurity is certainly *not* a one-size-fits-all endeavor. Some of the topics covered include: Cybersecurity’s relevance to science projects. The complexity and scope of cybersecurity, and how cybersecurity programs can help y...

Mar 2017: SDN and IAM Integration at Duke

Over the past 4 years, Duke has established SDN bypass networks, an SDN mediated Science DMZ, and other services that rely on identity data about the users and the equipment at Duke. One such service is the Protected Research and Data Network (PRDN), which makes use of our Identity Management (IDM) services both for Duke researchers and their collaborators at other institutions. In this presentation we will discuss the path that Duke took to implement our network, link the various pieces ...

Apr 2017: HIPAA and FISMA: Computing with Regulated Data

Please register here. Be sure to check spam/junk folder for registration confirmation with attached calendar file. With cyberattacks and breaches rising exponentially, there is increasing pressure on federally funded scientific and academic institutions to protect regulated data, including identifiable patient data protected by the Health Insurance Portability and Accountability Act (HIPAA), and data collected or processed on behalf of the government, which is subject to the Federal Informati...

May 2017: Cybersecurity Research: Transition To Practice (TTP)

"" on May 22nd at 11am (Eastern). Please register here. Be sure to check spam/junk folder for registration confirmation with attached calendar file. The U.S. National Science Foundation Transition To Practice (TTP) program is critical to the successful deployment and realization of value for NSF-funded cybersecurity research. Transition to Practice has been named a priority by the National Science and Technology Council’s subcommittee on Network and Information Technology Research Developme...

Jun 2017: Using the Blockchain to Secure Provenance Meta-Data

Provenance meta-data, also known as data pedigree, is a set of data that explains how information was derived. A number of provenance systems exist. They are useful for finding the sources of errors; allowing system users to have confidence in the materials; and potentially providing legal justification for decisions. An open issue has been how to properly secure this meta-data, in a manner that extends beyond trusting the information providers. Blockchain technology provides a universally ac...

Jul 2017: Inaugural Security Program at Internet2

Please register here. Be sure to check spam/junk folder for registration confirmation with attached calendar file. The presentation will cover the introduction of a security program to protect the national R&E network operated by Internet2. Discussed will the methodology to conduct a security risk assessment of the network, the findings from the assessment, and specific improvements undertaken. This talk is presented by Internet2's Paul Howell.

Aug 2017: Stronger Security for Password Authentication

Passwords are an infamous bottleneck of information security: The users choose them badly and then forget them, and the servers store (at best!) a table of password hashes which, in the all-too-common event that the server is hacked, allows the attacker to recover a large fraction of the passwords using the so-called Offline Dictionary Attack. At the same time, we seem to be stuck with passwords because they form the most user-friendly authentication mechanism we know. Our work in the CICI-sp...

Aug 2017: An overview of CTSC Engagements and the Application Process

One of CTSC's core activities is conducting one-on-one engagements with NSF projects and facilities. CTSC has recently launched its call for applications for engagements in 2018, due October 2nd. This presentation will review the benefits and scope of CTSC engagements, as well as the application process. Webinar attendees are encouraged to attend live to ask questions about their project/application. More information about engagements and the application can be found at: https://trustedci.or...

Sep 2017: Demystifying Threat Intelligence

Threat intelligence has become a very popular keyword among security professionals in the recent years. What is this all about? Is this a service for sale or rather an intangible asset resulting from a trust relationship? Every organization is seeking relevant and target intelligence, ideally at little to no cost and yielding no false-positives. What are the myths and realities? Is threat intelligence a worthy investment? Is it more suitable to favor local or global sources? Are there service...

Oct 2017: Incident Response in an Open and Decentralized Network

This talk presents various aspects and challenges of monitoring and security of a big research network while keeping it open and usable. We focus on issues faced due to following attributes: 1. Decentralization 2. High Speed 3. BYOD policy 4. Openness We further provide insights into our detection and incident response process using some real world examples and how above attributes influence this process.

Dec 2017: The State of the Cybersecurity Center of Excellence

Feb 2018: SmartProvenance: A Distributed, Blockchain Based Data Provenance

Blockchain technology has evolved from being an immutable ledger of transactions for cryptocurrencies to a programmable interactive environment for building distributed reliable applications. Although the blockchain technology has been used to address various challenges, to our knowledge none of the previous work focused on using Blockchain to develop a secure and immutable scientific data provenance management framework that automatically verifies the provenance records using off-chain techn...

Mar 2018: Data quality and security evaluation framework development

In this talk, we are presenting our work on building a data quality and security (DQS) framework, which integrates cybersecurity with other diverse metrics, such as accuracy, reliability, timeliness, and safety into a single methodological and technological framework. This innovation has a high potential to enable a significant improvement in a wide spectrum of science and technology applications as it will create new opportunities for optimizing data structures, data processing and fusion pr...

Apr 2018: Toward Security-Managed Virtual Science Networks

Data-intensive science collaborations increasingly provision dedicated network circuits to share and exchange datasets securely at high speed, leveraging national-footprint research fabrics such as ESnet or I2/AL2S. This talk first gives an overview of new features to automate circuit interconnection of science resources across campuses and in network cloud testbeds, such as GENI (e.g., ExoGENI) and NSFCloud (e.g., Chameleon). Taken together, these tools can enable science teams to deplo...

May 2018: The EU General Data Protection Regulation (GDPR)

Please register here. Be sure to check spam/junk folder for registration confirmation email. The European Union’s General Data Protection Regulation (GDPR) is slated to come into effect on May 25, 2018, and organizations around the world are struggling to determine whether they are covered, what is required, and what will happen if they don’t satisfy its requirements. This webinar will provide an introduction to GDPR, including an overview of the law's requirements, an in-depth discussion of...