Leading the nation in cybersecurity
CACR continued its ongoing leadership in protecting the cybersecurity of more than $7B in NSF-funded research. CACR is the lead organization for Trusted CI, in collaboration with the National Center for Supercomputing Applications, the Pittsburgh Supercomputing Center, Internet2, Lawrence Berkeley National Laboratory (Berkeley Lab), and the University of Wisconsin–Madison. CACR also leads the ResearchSOC, collaborating with the Pittsburgh Supercomputing Center, Duke University, and
the University of California San Diego.
Trusted CI: The NSF Cybersecurity Center of Excellence
Now in its eighth year of service, Trusted CI has been at the forefront of the NSF research community in building a set of technical, policy, and cultural best practices necessary to ensure the security of that infrastructure and ensure the trustworthy nature of the science it produces. Trusted CI has now impacted over 400 NSF projects through its webinars, engagements, and other activities.
In 2020, CACR’s Kelli Shute accepted the role of Trusted CI executive director to ensure CACR’s broad team of experts continues to move forward in an effective and coordinated manner.
View the Trusted CI Annual Report at go.iu.edu/3wcH.
NSF Cybersecurity Summit: Promoting collaboration to improve cybersecurity
As the lead organization for Trusted CI, CACR hosted a virtual version of the annual NSF Cybersecurity Summit. Two hundred and eighty-seven individuals attended, representing 142 NSF projects and 16 of the 20 NSF Large Facilities. The total attendance includes a significant increase in student participation, with 27 students attending, up from 10 in 2019. The NSF summit promoted a platform where communities interested in supporting NSF science projects collaborated to address core cybersecurity challenges. In 2020, Kate Starbird, assistant professor of human centered design and engineering, University of Washington, presented the keynote speech, “Disinformation During Crisis Events: The Perfect Storm of COVID-19 and the 2020 Election.”
PACT: Addressing the most demanding environments
The Principles-based Assessment for Cybersecurity Toolkit (PACT) is a tool for assessing the toughest cybersecurity problems. CACR chief policy analysts developed the tool in collaboration with NSWC Crane. As a naval installation, Crane uses technologies that many would consider atypical, and which require custom cybersecurity solutions. Such was the case with the Virginia International Gateway terminal, a high-throughput, high-automation facility. The PACT team delivered their final report for the engagement with the Virginia International Gateway in 2020. In collaboration with the United States Coast Guard, the team incorporated Lieutenant Commander Michael DeVolld, Coast Guard Cyber Command, into the assessment team and received report feedback from eight offices. The team also used encrypted video teleconferences, the Federal Risk and Authorization Management Program cloud environment, and on-site meetings to facilitate discovery.
ResearchSOC: Delivering cybersecurity services to the nation’s greatest research
In 2020, ResearchSOC was fully engaged in onboarding its first clients, the National Radio Astronomy Observatory (NRAO), the Geodetic Facility for the Advancement of Geoscience (GAGE) facility, and the Gemini Observatory. The developing relationship has led to agreement for a CISO advisory for NRAO and exploration of virtual cybersecurity teams for two others.
Launched in October 2018, ResearchSOC is unique in the world—it is the only organization with the mission to provide operational cybersecurity services to NSF-funded facilities and projects, while at the same time seeking to further research in cybersecurity. Funded by a $5M award from the NSF, ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. CACR leads this collaborative effort that brings together existing cybersecurity services and expertise from Indiana University, including the OmniSOC and the Research and Education Networks Information Sharing and Analysis Center (REN-ISAC); Duke University; the Pittsburgh Supercomputing Center; and the University of California San Diego.
Concluding the SWAMP engagement
In 2020, CACR concluded its work with the Morgridge Institute for Research and the University of Wisconsin on the Software Assurance Marketplace (SWAMP). Funded by the Department of Homeland Security, the SWAMP project was built and executed on the foundation of a commitment to the goal of promoting effectiveness and adoption of software assurance. The project pioneered the concept of “continuous software assurance” and followed a multipronged approach to create an open source, portable, continuous assurance platform that addressed the needs of an evolving ecosystem of software assurance practices. Targeting software developers, tool developers, educators and researchers, the project created an open platform that demonstrated the power of continuous software assurance. The SWAMP public facility and SWAMP-in-the-Box software provided a working blueprint for the architecture and functionality of a continuous assurance capability with the ability to be fully integrated into the software development life cycle. The SWAMP project brought the power of hands-on, continuous software assurance to individual developers, small development groups, classrooms, and training sessions that would not have otherwise been able to access such resources without being in large organizations with well-established software assurance programs.
Providing research cybersecurity as a service
Leveraging its experience in providing virtual cybersecurity leadership, expertise, and consulting for scientific research projects, CACR expanded its portfolio of research “cybersecurity as a service” clients. CACR provided cybersecurity leadership and consulting services to the following projects by serving as the projects’ chief information security officers or as cybersecurity consultants providing input on best practices.
Custos
The Custos project, a collaboration within PTI and led by PTI’s Cyberinfrastructure Integration Research Center (CIRC), provides an innovative integration of major security capabilities needed by science gateways. These include identity management, secrets management for third-party resource integration, and group and sharing management for securely controlling permissions and broader access to the digital object science gateways.
ImPACT
CACR is contributing its cybersecurity expertise to a three-year, $3M project funded by the NSF. The Infrastructure for Privacy-assured CompuTations (ImPACT) project, led by the Renaissance Computing Institute (RENCI), will allow researchers to focus more fully on science by building a technology infrastructure that supports best practices in moving data, managing data, ensuring security, and preserving privacy.
OSG, IRIS-HEP, and PATh
The Open Science Grid (OSG), the Institute for Research and Innovation in Software for High Energy Physics (IRIS–HEP), and the Partnership to Advance Throughput computing (PATh) are a set of three closely related research computing projects that have turned to CACR to provide a single security team across the projects to protect their security while supporting the tight integration of services. PATh brings together the Center for High Throughput Computing and the OSG to advance the nation’s campuses and science communities through the use of distributed high throughput computing. The OSG facilitates access to distributed high throughput computing for research in the U.S. and worldwide. IRIS-HEP serves as an active center for software R&D and transforms the operational services required to ensure the success of the Large Hadron Collider.
IRIS (RENCI)
CACR continued its partnership with RENCI on the Integrity Introspection for Scientific Workflows (IRIS) project. IRIS automatically detects, diagnoses, and pinpoints the source of unintentional integrity anomalies in scientific workflows executing on distributed computing infrastructure. CACR is supporting IRIS through expert guidance on cybersecurity and privacy challenges. RENCI is a partnership between the University of North Carolina–Chapel Hill, Duke University, and the city of Durham, N.C. RENCI leads a project allowing scientists to share and analyze data across institutional boundaries. The three-year project was funded by a $3M NSF grant.
Facilitating the development of a cyberinfrastructure CoE
Building on its expertise leading the NSF Cybersecurity Center of Excellence, CACR is part of a team awarded a $3M grant to conduct a pilot study for a potential Cyberinfrastructure Center of Excellence (CoE). The goal of this pilot program is to develop a model for a full CoE that will serve the NSF community in developing and operating the software and hardware systems critical to the nation’s research.
During 2020, the pilot team primarily worked with the National Ecological Observatory Network (NEON), an NSF major facility tracking ecological changes across North America. The pilot’s objective during this time was to make improvements to NEON’s operational cyberinfrastructure that would enable NEON to better serve the needs of the environmental research community. As a part of this broader effort, CACR staff assisted NEON in successfully developing and integrating a federated identity management solution for the portal, which is used by researchers to access the data collected by the various ground stations and sensor networks operated by NEON. Lessons learned during this effort will inform future work carried out by the pilot to help NSF projects solve cyberinfrastructure problems.
Piloting C4L
Drawn from years of experience across multiple projects, the Cybersecurity for Leadership (C4L) initiative is an executive education program designed to provide senior leaders with both an executive-level understanding of cybersecurity and a usable framework for evaluating and managing their cybersecurity challenges. The program was piloted with officials from the United States Virgin Islands in late 2020 with feedback being incorporated
into 2021 planning.
Facilitating AI for cybersecurity research
CACR led a team piloting evaluation of a research prototype application designed to highlight collections of indicators, such as alerts, which represent attacker behavior during different types of cyberattacks, including novel attacker behavior. The ASSERT application, a collaboration with Ahmet Okutan and S. Jay Yang at Rochester Institute of Technology, uses theoretical-based measures to perform unsupervised learning from intrusion alerts across platforms. Over time, the system learns to build attack models, which may prove valuable for identifying attacks, determining their potential impact, and predicting future attacker behaviors. CACR worked closely with OmniSOC to validate the methodology and test the research prototype for use at OmniSOC for applicability to SOC workflows. The project used only data OmniSOC aggregated from IU as an exploration of machine learning approaches.
Leading the national conversation
CACR continued its leadership role in providing forums to further the exchange of knowledge and ideas through hosting/co-hosting or conducting workshops at key community events. Even as 2020 saw these events transition to a virtual format, attendance and participation remained strong.
NSF Summit on Cybersecurity and Cyberinfrastructure
In its role as lead organization for Trusted CI, CACR hosted a virtual version of the annual NSF Cybersecurity Summit. There were 287 members in attendance from 142 NSF projects and 16 of 20 NSF Large Facilities, including 27 students.
The CI/CS Workshop: The Community Together
ResearchSOC also co-sponsored and co-hosted the two-day “Cybersecurity and Cyberinfrastructure Workshop: The Community Together” with the Cyberinfrastructure Center of Excellence Pilot project. Over 200 professionals attended.
Trusted CI webinars
In 2020, Trusted CI hosted nine talks with 245 total attendees across 51 NSF projects, and over 700 total views.
ResearchSOC webinars
Throughout the year, ResearchSOC sponsored six webinars addressing key cybersecurity operational issues, with over 400 total attendees.
The fourth Workshop on Trustworthy Scientific Cyberinfrastructure (TrustedCI@PEARC20)
The Workshop on Trusted Scientific Cyberinfrastructure at PEARC20 provided an opportunity for sharing experiences, recommendations, and solutions for addressing cybersecurity challenges in research computing. It included a COVID-19-focused presentation: “Analysis of attacks targeting remote workers and scientific computing infrastructure during the COVID-19 pandemic at NCSA/UIUC.” Held as part of the virtual PEARC event, the workshop provided a forum for information sharing and discussion among a broad range of attendees, including cyberinfrastructure operators, developers, and users. The workshop featured six presentations with over 60 professionals attending.
Cybersecurity engagement in a research environment workshop
In December, ResearchSOC held a free workshop addressing the challenges of providing cybersecurity for research projects in higher education. The “Cybersecurity Engagement in a Research Environment” workshop was a training and development opportunity for researcher-facing cybersecurity professionals. These professionals are responsible for applying standard security operations to the heterogeneous research ecosystem to develop research-specific cybersecurity approaches at their home institutions. Thirty-seven higher education security professionals attended the three-day virtual event.