4 Leading IU to help drive discovery

2021 saw CACR providing new opportunities and facilitating key projects to further the university’s research mission while serving as a key force in achieving IU’s strategic objectives.

SecureMyResearch’s rapid impact

Securing research data has grown to be a major challenge for IU researchers and departments, especially meeting new and stricter regulatory cybersecurity requirements in grants, contracts, and data use agreements. To help researchers and other stakeholders who support research, in August 2020 IU launched SecureMyResearch, a service co-sponsored by the Offices of the Vice President for Information Technology (OVPIT) and the Vice President for Research (OVPR).

SecureMyResearch marks the culmination of a decade-long effort that began with aligning IU’s research systems with HIPAA for biomedical research and leveraging them to create solutions for researchers. The service now plays a vital role in securing IU’s creative and research data.

SecureMyResearch began with a vision to accelerate research at IU by reducing the cybersecurity and compliance burden on researchers.  Metrics and testimonials from numerous engagements in 2021 show that this vision is now a reality.

SecureMyResearch 2021 highlights

  • Handled 211 service tickets covering nearly every research scenario.
  • Facilitated more than $130 million in sponsored research.
  • Achieved rapid service adoption. Assisted 460 researchers (equivalent to roughly 25% of all IU faculty) in 100 departments (70% of all IU academic departments and centers).
  • Expanded coverage beyond traditional, compliance-driven cybersecurity to areas such as physics, computer science, earth and atmospheric sciences, and social sciences.
  • Performed outreach by preemptively reaching out to faculty and staff and giving presentations at faculty meetings and in departments.
  • Provided holistic support by securing entire research workflows.
  • Established long-term relationships with more than 20 IU stakeholders that support research:
    • Invited to join the Social Sciences Research Commons (SSRC).
    • Became an integral resource for the Neurosurgery Clinical Research Services (NCRS).
    • Invited to be a key component in research software risk assessment for IRB submissions.
    • Became a critical resource for the Office of the Vice President for Research in resolving cybersecurity terms in grants, contracts, and data use agreements.
    • Helped researchers negotiate highly challenging Dept. of Defense (DOD) contract terms and conditions.

The impact of SecureMyResearch

“Reaching a landmark 460 researcher engagements in 100 departments in 2021 far exceeded our initial expectations, but it was just the tip of the iceberg. We ended up not only resolving individual issues but also establishing long-term relationships. Once researchers worked with us, they came back repeatedly when they encountered issues. We also became integrated into their research workflows, fulfilling another service hope. Our goal for 2022 is to continue the growth trend and serve even more researchers and increase collaborations with research support centers on campus.”

Anurag Shankar, manager of the SecureMyResearch service at CACR

“Thank you very much for helping us to navigate the challenges from the cybersecurity requirements presented in a site agreement between IU and two partners. I honestly don’t know how we would have resolved this matter without the service you offered.”

Carolyn York, administrator, Neurosurgery Clinical Research Services, IU School of Medicine (IUSM)

“I want to thank you again for your time and expertise with providing us with information about how best to ensure security for clinical and teaching encounters during the continued challenges of COVID. The suggestions and clarifications you provided were really helpful.”

Emily Delbridge, professor, Dept. of Family Medicine, IUSM

“Your help in relation to [our] study will have a cascading effect of making it possible to enable enterprise-level backups for our secure server, which hosts other research projects as well.”

Emily Meanwell, clinical associate professor, Dept. of Sociology, and director, Social Science Research Commons, IU Bloomington

“I would have been hopelessly lost without the assistance from you and your colleagues; and this comes from a reasonably tech savvy hard-core computer programmer.”

Nicholas Port, associate professor, School of Optometry, IU Bloomington

“The HIPAA office at IU would like it known that over the last year, SecureMyResearch has been pivotal in increasing the security posture of research at IU. The HIPAA office frequently refers researchers to the SecureMyResearch consulting services.”

Jason Bozarth, university HIPAA security officer

“SecureMyResearch has been an invaluable resource for Research Contracting in ORA. We have utilized their expertise on a regular basis. We are receiving more and more contracts–both funded projects and data use agreements–that incorporate various third-party cybersecurity requirements, and the team is always available and willing to help us to think through the projects and find a way to comply.”

Katie Morris, director of research contracting, IU Office of Research Administration (ORA)

Enabling secure health and defense research

CACR provided consulting to researchers and the Office of Research Administration on Department of Defense contracts that involve Controlled Unclassified Information (CUI) and DFARS 252.204-7012 and CMMC regulatory requirements. Additionally, CACR oversees HIPAA compliance for IU’s central research and enterprise systems. CACR continued working and improving numerous UITS systems, using a rigorous institutional approval process CACR helped to develop. The process leverages the NIST Risk Management Framework (RMF) and NIST 800-53 controls for comprehensivness and provides a single, reusable process for HIPAA and FISMA. CACR continued to facilitate the HIPAA compliance effort for UITS.

Continuing to meet the challenges of the pandemic

Challenges continue to persist with the pandemic, and university group meetings that are conducted online are still subject to Zoombombing (a crude practice that disrupts and maliciously interferes with a Zoom meeting). CACR led a collaborative outreach effort in response to multiple high-profile Zoombombing incidents at IU, providing proactive training for groups hosting publicly posted meetings. Direct outreach was provided to 21 groups at IU, including student groups and schools/departments. Efforts this year focused on providing consultation, training, and resources to Student Affairs offices and departmental Zoom support personnel at all IU campuses. This allowed for training and resources to be directly supplied at points-of-origin to student groups which are common targets of Zoombombing attacks.

2021 CACR Speaker Series

The Speaker Series brings cybersecurity experts from across the nation to present their current research and real-world experiences to IU faculty, staff, and students. This year’s series continued virtually, and average attendance held firm at 45 attendees. These presentations can yield some exciting collaborations that bring together faculty researchers, students, and even professionals from the private sector. The Speaker Series exposes IU faculty and students to a variety of applied cybersecurity challenges and collaboration opportunities.

January 28: Scott Orr & Keith Lehigh

The OmniSOC internship: engaging with students while adapting to COVID-19

February 25: Susan Landau

People count: contact tracing apps and public health (Co-hosted by Hamilton Lugar School of Global and International Studies and Luddy School of Informatics, Computing, and Engineering)

March 25: Meredith Harper

Journey to the C-suite: one black woman’s journey (Co-hosted by Kelley School of Business)

April 8: Patrick McDaniel

The challenges of machine learning in adversarial settings: a systems perspective (Co-hosted by Luddy School of Informatics, Computing, and Engineering)

April 22: Gary McGraw

Security engineering for machine learning

September 2: Enrigue Zapata

Govtech for policy delivery: cybersecurity (Co-hosted by Hamilton Lugar School of Global and International Studies and Luddy School of Informatics, Computing, and Engineering)

September 30: Kim Milford

Incident management

October 21: Russell Buchan

Live and let spy? Cyber espionage in international relations and international law (Co-hosted by Maurer School of Law)

November 11: Eli Sugarman

Making hard content moderation decisions: lessons learned from the first year of the Facebook Oversight Board (Co-hosted by Ostrom Workshop)

License

Center for Applied Cybersecurity Research Annual Report FY2021 Copyright © 2022 by Trustees of Indiana University. All Rights Reserved.

Share This Book