An NSF Cybersecurity Center of Excellence to Support Research

Similar documents
James Marsteller and Von Welch

Implementing Executive Order and Presidential Policy Directive 21

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

IBM Resilient Incident Response Platform On Cloud

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

Sirtfi for Security Incidents in a Federated Context. Tom Barton, UChicago & Internet2

General Framework for Secure IoT Systems

SLATE. Services Layer at the Edge. First Meeting of the National Research Platform Montana State University August 7-8, 2017

Federated Security Incident Response. Tom Barton, University of Chicago Jim Basney, NCSA Vincente Brillault, CERN Scott Koranda, LIGO

IBM Resilient Incident Response Platform On Cloud

The NIS Directive and Cybersecurity in

IBM Resilient Incident Response Platform On Cloud

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

ISAO SO Product Outline

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

Critical Infrastructure Mission Implementation by State, Local, Tribal, and Territorial Agencies and Public-Private Partnerships.

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

Cyber Risks in the Boardroom Conference

Internet2 NET+ Security and Identity Portfolio

Legal and Regulatory Developments for Privacy and Security

POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS

Assessment of the progress made in the implementation of and follow-up to the outcomes of the World Summit on the Information Society

Introducing Cyber Resiliency Concerns Into Engineering Education

Building a Resilient Security Posture for Effective Breach Prevention

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

MEDICAL DEVICE CYBERSECURITY: FDA APPROACH

FDA & Medical Device Cybersecurity

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

Energy Storage Integration Council (ESIC) Webinar to ESA Members Thursday, April 17, 2014

What It Takes to be a CISO in 2017

Cyber Risk A Corporate Directors' Briefing Webcast Q&A Summary

ACCI Recommendations on Long Term Cyberinfrastructure Issues: Building Future Development

Service Improvement Review of Guarding:

SECURITY & PRIVACY DOCUMENTATION

Cybersecurity and the Board of Directors

BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Cyber Security and Cyber Fraud

Security and Privacy Governance Program Guidelines

,000+ What is the BCI Corporate Partnership? What are the benefits of becoming a Corporate Partner? Levels of Partnership

CYBER RISK MANAGEMENT

WELCOME KEY STAKEHOLDERS!

Infrastructure PA Stephen Lecce

Physical Security Reliability Standard Implementation

Driving Global Resilience

Building a BC/DR Control Library and Regulatory Response Program

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cyber Partnership Blueprint: An Outline

Dynamic Transformation of the Energy Industry JUNE 25-27, 2019 COEUR D ALENE, IDAHO REGISTRATION

The University of Queensland

HOW TO BE AN EFFECTIVE CYBERSECURITY LEADER IN HEALTHCARE

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Southeast Florida Regional Climate Change Compact Update. Broward Climate Change Task Force February 16, 2017

Enhancing Security With SQL Server How to balance the risks and rewards of using big data

Department of Management Services REQUEST FOR INFORMATION

THE POWER OF TECH-SAVVY BOARDS:

2018 MANAGED SECURITY SERVICE PROVIDER (MSSP): BENCHMARK SURVEY Insights That Inform Decision-Making for Retail Industry Outsourcing

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Implementation Strategy for Cybersecurity Workshop ITU 2016

CISO Success Strategies: On Becoming a Security Business Leader

Cyber Security Program

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

DHS Election Task Force Updates. Geoff Hale, Elections Task Force

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Vulnerability Assessments and Penetration Testing

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

HPH SCC CYBERSECURITY WORKING GROUP

STRATEGIC PLAN. USF Emergency Management

State of South Carolina Interim Security Assessment

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

White Paper. View cyber and mission-critical data in one dashboard

Cybersecurity Auditing in an Unsecure World

For providing decision support on climate stressors to infrastructure and assets for federal, state, local, and private clients...

Update from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013

Views on the Framework for Improving Critical Infrastructure Cybersecurity

Subject: University Information Technology Resource Security Policy: OUTDATED

Medical Device Cybersecurity: FDA Perspective

RESILIENT UTILITY COALITION OF SOUTH FLORIDA

Private Sector Clearance Program (PSCP) Webinar

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

U.S. Department of Homeland Security Office of Cybersecurity & Communications

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

You ve Been Hacked Now What? Incident Response Tabletop Exercise

Managing SCADA Security. NISTIR 7628 and the NIST/SGIP CSWG. Xanthus. May 25, Frances Cleveland

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Annual Report for the Utility Savings Initiative

Illinois Cyber Navigator Program

Transcription:

An NSF Cybersecurity Center of Excellence to Support Research Jim Basney, Tom Barton, and Kim Milford Internet2 Global Summit May 18 2016 trustedci.org

Agenda Overview of CTSC (Jim) Cybersecurity for Science: Challenges & Opportunities CTSC perspective (Jim) REN-ISAC perspective (Kim) University of Chicago perspective (Tom) Discussion and Q&A 2

Overview of CTSC 3

Center for Trustworthy Cyberinfrastructure The NSF Cybersecurity Center of Excellence CTSC s mission is to provide the NSF community a coherent understanding of cybersecurity s role in producing trustworthy science and the information and know-how required to achieve and maintain effective cybersecurity programs. 4

NSF Cybersecurity Center of Excellence (CCoE) CTSC began with a 3-year NSF grant in 2013. NSF 2015 Cybersecurity Innovation for Cyberinfrastructure (CICI) solicitation called for an NSF CCoE. CTSC submitted a proposal and was awarded this honor. http://www.nsf.gov/pubs/2015/nsf15549/nsf15549.htm 5

NSF Cybersecurity Innovation for Cyberinfrastructure (CICI) Program Also funds projects in the areas of Regional Cybersecurity Collaboration, Secure and Resilient Architecture, Secure Architecture Design, and Data Provenance for Cybersecurity. https://www.nsf.gov/funding/pgm_summ.jsp?pims_id=505159 6

Vision for the NSF Science Community 1. For the NSF science community to understand fully the role of cybersecurity in producing trustworthy science. 2. For all NSF projects and facilities to have the information and resources they need to build and maintain effective cybersecurity programs appropriate for their science missions, and responsive to evolving risks and requirements. 3. For all Large Facilities to have highly effective cybersecurity programs. 7

CTSC Activities More information at trustedci.org Tailored Public Resources Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects; Identity Management Best Practices; Email Lists, Vulnerability Announcements Outreach Blog; Participation in LF Workshop; Int l relationships Community Events Annual NSF Cybersecurity Summit, Monthly Webinars Training Developing Programs, Secure Coding, Incident Response Engagements LIGO, SciGaP, IceCube, Pegasus, CC-NIE peer review, DKIST, LTERNO, DataONE, SEAD, CyberGIS, HUBzero, Globus, LSST, NEON, U. Utah, PSU, OOI, U. Oklahoma, Gemini. 8

New CTSC Activities as CCoE Expanded situational awareness service Threat model for open science http://trustedci.org/situational-awareness/ http://trustedci.github.io/osctp/ Annual community benchmarking survey Tailoring resources for smaller / newer projects Software assurance Identity and access management (IAM) http://trustedci.org/software-assurance/ http://trustedci.org/iam/ 9

CTSC Webinar Series 4th Monday of the month at 11am Eastern Covering cybersecurity topics tailored to the NSF CI community To view presentations, join the discuss mailing list, or submit presentation topics, visit: http://trustedci.org/webinars 10

2016 NSF Cybersecurity Summit: August 16-18, 2016 - Arlington, Virginia http://trustedci.org/summit 11

Cybersecurity for Science: Challenges and Opportunities 12

Challenges/Opportunities (Jim s Perspective) Understanding the cybersecurity needs/risks of CI across campus (including Shadow CI ) Enabling effective cooperation between science projects and IT security Assessing CI security needs/risks beyond compliance Leveraging community resources ACI-REF, Campus Champions, CTSC, Regional Cybersecurity Collaboration Centers 13

Kim Milford (REN-ISAC) 14

15

16

Challenges/Opportunities (Kim s Perspective) Understanding comprehensive risk management across campus Enabling effective cooperation between science projects and IT security Assessing CI security needs/risks beyond compliance Building a cohesive security program Confidentiality and privacy Leveraging community resources 17 REN-ISAC

Three Security Challenges for Campus Research CyberInfrastructure Tom Barton CISO UChicago 18

1. Fragmentation of Traditional DisciplineFocused Research Support Dilutes ability to invest & improve Mainly outside of Physical and Biological Sciences Social Sciences, Social Policy, Law, Business, Economics Institutional Review Boards need help too UMich-style Data Usage Guide Protocol-specific consultation Data Usage Agreements & potential liability NIST 800-171 as benchmark for UChicago approach Partnership of Offices of Legal Counsel, Medical Center Legal Affairs, University Research Administration, and IT Security 19

2. High Bandwidth Restricts Options Science DMZ and high end computing 2x100G, multi-pb, O(10^5) cores Large and international user community Concerns Integrity of research data DDoS potential Approach Bro cluster & Bro community Vulnerability management Stakeholder agreement to limit reachable endpoints only to those necessary for the science Interfederation, OSG, local access management Seek help! Got any? 20

3. Maturing IT Security Operations Campus IT Security stresses importance of being notified when a compromise happens, so that they can determine complete footprint of attack and manage accordingly Slow recognition that we are embedded in an international federation which has analogous need Campus CI is a microcosm of that already Sirtfi: federated security incident response Notification of recent access by compromised accounts REN-ISAC also must continue maturing support for research CI activities 21

Discussion 22

Thank You trustedci.org @TrustedCI We thank the National Science Foundation (grant 1547272) for supporting our work. 23 The views and conclusions contained herein are those of the author and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the NSF.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback