Episodit
-
NSF's major facilities represent some of the most significant research facilities on the globe. The forthcoming revision to the Research Infrastructure Guide (or RIG) details NSF's guidance on securing these facilities and its expectations for cybersecurity programs at the major facilities. This presentation will explain how we approached shaping this guidance, the unique challenges we faced, and offer a peek at some of the resulting guidance the revised RIG will provide.
Speaker Bio: Michael Corn has been a CISO at four institutions (UIUC, Illinois System, Brandeis University, and most recently UC San Diego). A regular author on a variety of privacy, cybersecurity and identity related topics, he is currently the Cybersecurity Advisor for Research Infrastructure in the Office of the Chief Officer for Research Facilities and additionally provides support to the Office of the Chief of Research Security Strategy and Policy within NSF. A recent online presentation on cybersecurity policy can be found at https://bit.ly/3JIpI8w. -
Cybersecurity and privacy threats increasingly impact our daily lives, our national infrastructures, and our industry. Recent newsworthy attacks targeted nationally important infrastructure, our government, our researchers, and research facilities. The landscape of what needs to be protected and from what threats is rapidly evolving as new technologies are released and threat actors improve their capabilities through experience and close collaboration. Meanwhile, defenders often work in isolation, use private data and facilities, and produce defenses that are quickly outpaced by new threats. To transform cybersecurity and privacy research into a highly integrated, community-wide effort, researchers need a common, rich, representative research infrastructure that meets the needs across all members of the community, and facilitates reproducible science.
To meet these needs, USC Information Sciences Institute and Northeastern University have been funded by the NSF mid-scale research infrastructure program to build Security and Privacy Heterogeneous Environment for Reproducible Experimentation (SPHERE). This infrastructure will offer access to an unprecedented variety of hardware, software, and other resources connected by user-configurable network substrate, and protected by a set of security policies uniquely aligned with cybersecurity and privacy research needs. SPHERE will offer six user portals, closely aligned with needs of different user groups. It will support reproducible research through a combination of infrastructure services (easy experiment packaging, sharing and reuse) and community engagement activities (development of realistic experimentation environments and contribution of high-quality research artifacts).
Speaker Bios:
Dr. Jelena Mirkovic is Principal Scientist at USC-ISI and Research Associate Professor at USC. She received her MS and PhD from UCLA, and her BSc from University of Belgrade, Serbia. Jelena's research interests span networking and cybersecurity fields, as well as testbed experimentation. Her current research is focused on authentication, use of machine learning for network attack detection, large-scale dataset labeling for security, and user privacy. She is the lead PI on the SPHERE project.
Mr. David Balenson is Senior Supervising Computer Scientist and Associate Director of the Networking and Cybersecurity Division at USC-ISI. He received his MS and BS in Computer Science from the University of Maryland. His current research interests include cybersecurity and privacy for critical infrastructure and cyber-physical systems including automotive and autonomous vehicles, experimentation and test, technology transition, and multidisciplinary research. He is the Community Outreach Director for SPHERE. -
Puuttuva jakso?
-
The ACCORD cyberinfrastructure project at the University of Virginia (UVA) successfully developed and deployed a community infrastructure providing access to secure research computing resources for users at underserved, minority-serving, and non-PhD-granting institutions. ACCORD's operational model is built around balancing data protection with accessibility. In addition to providing secure research computing resources and services, key outcomes of ACCORD include creation of a set of policies that enable researchers external to UVA to access and use ACCORD. While the ACCORD expedition achieved its technical and operational goals, its broader mission of broadening access to underserved users had limited success. Toward gaining a better understanding of the barriers to researchers accessing ACCORD, our team carried out two community outreach efforts to engage with researchers and computing service leaders to hear their pain points as well as solicit their input for an accessible community infrastructure.
In this talk, we will describe the ACCORD infrastructure and its operational model. We will also discuss insights from our effort to develop policies to balance accessibility with security. And finally, we wil share lessons learned from community outreach efforts to understand institutional and social barriers to access.
Speaker Bios:
Ron Hutchins: In the early 1980’s, Ron worked at the Georgia Institute of Technology to create a networking laboratory in the College of Computing teaching data communications courses there. After moving to the role of Director of Campus Networks in 1991, Ron founded and led the Southern Crossroads network aggregation (SoX) across the Southeast. In 2001 after receiving his PhD in computer networks, he took on the role of Chief Technology Officer for the campus. In August of 2015, Ron moved into the role of Vice President of Information Technology for the University of Virginia, working to build partnerships across the campus. Recently, Ron has moved from VP to research faculty in the Computer Science department at UVA and is participating broadly across networking and research computing in general including work with the State of California building out the broadband fiber network backbone across the state.
Tho Nguyen is a computer science and policy expert. He served as project manager for the ACCORD effort from 2019-2021, and continues to support the project implementation and growth. Nguyen is currently a Senior Program Officer at the National Academies of Sciences, Engineering, and Medicine. From 2015-2021 Nguyen was on the research staff in the Department of Computer Science at the University of Virginia where he worked on compute-in-memory and developing HPCs for research. Prior to UVA, he was a AAAS Science and Technology Policy Fellow at the National Science Foundation where he worked primarily on the Cyber Physical Systems program. Nguyen holds a PhD in Systems & Controls (Electrical Engineering) from the University of Washington. -
The envisioned advantage of sharing research data lies in its potential for reuse. Although many scientific disciplines are embracing data sharing, some face constraints on the data they can share and with whom. It becomes crucial to establish a secure method that efficiently facilitates sharing and verification of data and metadata while upholding privacy restrictions to enable the reuse of scientific data. This presentation highlights our NSF-funded Open Science Chain (OSC) project, accessible at https://www.opensciencechain.org. Developed using blockchain technologies, the OSC project aims to address challenges related to the integrity and provenance of research artifacts. The project establishes an API-based data integrity verification management service for data-driven research platforms and hubs, aiming to minimize data information loss and provide support for managing diverse metadata standards and access controls.
Speaker Bio:
Subhashini Sivagnanam is the manager of the Cyberinfrastructure Services and Solutions (CISS) group at the San Diego Supercomputer Center/ UCSD. Her research interests predominantly lie in distributed computing, cyberinfrastructure development, scientific data management, and reproducible science. She serves as the PI/Co-PI on various NSF/NIH projects related to scientific data integrity and developing cyberinfrastructure software. Furthermore, she oversees the management of UC San Diego’s campus research cluster known as the Triton Shared Computing Cluster. -
As the use of wastewater for public health surveillance continues to expand, inevitably sample collection will move from centralized wastewater treatment plants to sample collection points within the sewer collection system to isolate individual neighborhoods and communities. Collecting data at this geospatial resolution will help identify variation in select biomarkers within neighborhoods, ultimately making the wastewater-derived data more actionable. However a challenge in achieving this is the nature of the wastewater collection system, which aggregates and commingles wastewater from various municipalities. Thus various stakeholders from different cities must collectively provide information to separate wastewater catchments to achieve neighborhood-specific public health information. Data sharing restrictions and the need for anonymity complicates this process.
This talk presents our approaches to enabling data privacy in wastewater-based epidemiology. Our methodology is built upon a cryptographic technique, Homomorphic Encryption (HE), ensuring privacy. Additionally, we outline a technique to enhance the performance of HE, which could be of independent interest.
Speaker Bio:
Ni Trieu is currently an Assistant Professor at Arizona State University (ASU). Her research interests lie in the area of cryptography and security, with a specific focus on secure computation and its applications such as private set intersection, private database queries, and privacy-preserving machine learning. Prior to joining ASU, she was a postdoc at UC Berkeley. She received her Ph.D. degree from Oregon State University. -
More than a decade ago, Clemson University outlined the requirements needed to integrate several campus-wide enterprise applications in a way that would automate the exchange of data between them, and establish the relationships of that data to the unique identities that represented all users within the system, including faculty, staff, students, alumni and applicants. There would be no direct access of data, except through applications that were approved and had established Memorandum of Understanding (MOU) contracts in place. This project was known as the Clemson Vault.
Within the Identity Management space, solutions for automating the provisioning of identities are offered by several vendors these days. However, mileage and cost vary when you wish to integrate arbitrary university resources, such as mailing lists, disk storage, building card access, and course registrations. Open source solutions, with all of the above requirements, are non-existent.
At Clemson University, we combined licensed vendor software and in-house apps, scripts and procedures to create a data integration solution that met the original requirements. This implementation has served us well for many years, but many of the drawbacks to the current design prompted us to begin pulling out many of these features into its own project, where we could collaborate on features and enhancements for the future with institutions outside of our own organization. The patterns, interfaces, and source code that emerged from the original vault were extracted out, embellished and migrated into an open source repository known as Adaptive Framework (https://github.com/afw-org/afw).
Clemson University has been working on this project for several years now, and has recently released this open source framework for building data access solutions that provide web service API’s, data transformation tools, real-time data provisioning and an authorization architecture. The framework that has emerged offers a built-in scripting language, pre-compiled server-side applications and an administrative web interface.
Although it was originally designed for the implementation of an open source identity vault, we envision a broader adoption of this framework for other data-driven needs, such as extending databases with metadata, building policy-based authorization systems, and integrating data repositories with a metadata catalog, and varying levels of access control, across federated environments.
Our goal with this project is to gather external support from both commercial and public institutions to help make this framework sustainable moving forward.
Speaker Bio:
Jeremy Grieshop is a software engineer (B.S. Miami University, M.S. Clemson University) and has been employed by Clemson University since 2001. His role has been in software development for the Identity Management team and has been directly involved in the software design and implementation of many of the authentication and provisioning software, along with self service tools that are in place at Clemson University today. -
Ransomware has become a global problem. Given the reality that ransomware will eventually strike your system, we focus on recovery and not on prevention. The assumption is that the attacker did enter the system and rendered it inoperative to some extent.
We start by presenting the broad landscape of how ransomware can affect a computer system, suggesting how the IT manager, system designer, and operator might prepare to recover from such an attack.
We show the ways in which ransomware can (and sometimes cannot) attack each component of the systems. For each attack scenario, we describe how the system might be subverted, the ransom act, the impact on operations, difficulty of accomplishing the attack, the cost to recover, the ease of detection of the attack, and frequency in which the attack is found in the wild (if at all). We also describe strategies that could be used to recover from these attacks.
Some of the ransomware scenarios that we describe reflect attacks that are common and well understood. Many of these scenarios have active attacks in the wild. Other scenarios are less common and do not appear to have any active attacks. In many ways, these less common scenarios are the most interesting ones as they pose an opportunity to build defenses ahead of attacks.
The Ransomware Report they discussed during the presentation is here:
https://hdl.handle.net/2142/118242
And, the latest version of our Guide to Securing Scientific Software, is here:
https://hdl.handle.net/2142/118240
Speaker Bios:
Barton Miller is the Vilas Distinguished Achievement Professor and the Amar & Belinder Sohi Professor in Computer Sciences at the University of Wisconsin-Madison. He is a co-PI on the Trusted CI NSF Cybersecurity Center of Excellence, where he leads the software assurance effort and leads the Paradyn Tools project, which is investigating performance and instrumentation technologies for parallel and distributed applications and systems. His research interests include software security, in-depth vulnerability assessment, binary and malicious code analysis and instrumentation, extreme scale systems, and parallel and distributed program measurement and debugging. In 1988, Miller founded the field of Fuzz random software testing, which is the foundation of many security and software engineering disciplines. In 1992, Miller (working with his thenstudent Prof. Jeffrey Hollingsworth) founded the field of dynamic binary code instrumentation and coined the term “dynamic instrumentation”. Miller is a Fellow of the ACM and recent recipient of the Jean Claude Laprie Award for dependable computing.
Miller was the chair of the Institute for Defense Analysis Center for Computing Sciences Program Review Committee, member of the U.S. National Nuclear Safety Administration Los Alamos and Lawrence Livermore National Labs Cyber Security Review Committee (POFMR), member of the Los Alamos National Laboratory Computing, Communications and Networking Division Review Committee, and has been on the U.S. Secret Service Electronic Crimes Task Force (Chicago Area).
Elisa Heymann is a Senior Scientist on TrustedCI, the NSF Cybersecurity Center of Excellence at the University of Wisconsin-Madison, and an Associate Professor at the Autonomous University of Barcelona. She co-directs the MIST software vulnerability assessment at the Autonomous University of Barcelona, Spain.
She coordinates in-depth vulnerability assessments for NFS Trusted CI, and was also in charge of the Grid/Cloud security group at the UAB, and participated in two major Grid European Projects: EGI-InSPIRE and European Middleware Initiative (EMI). Heymann's research interests include software security and resource management for Grid and Cloud environments. Her research is supported by the NSF, Spanish government, the European Commission, and NATO. -
Thousands of people fall for online scams every year. Anyone can be scammed, but older adults in the US are the most targeted population in the world. By far. Those over age 60 lost over $3 Billion last year—and that’s just the ones who reported it. One of the fastest growing scams aimed at seniors is romance scams, especially those involving cryptocurrency, which is largely impossible for US law enforcement to prosecute. Websites and education programs to inform seniors about scams exist, but they’re not interactive and engaging and often treat seniors like they are clueless. Our project – Deception Awareness and Resilience Training (DART) is building a fun, spy themed mobile video game for senior citizens that will be released this summer. This talk will give some background on how the latest scams work, especially ones based around cryptocurrency, and show you how we’ve assembled a multidisciplinary team, including a professional game development company, to arm seniors to defend themselves against scammers!
Speaker Bio:
Anita Nikolich is a Research Scientist and the Director of Research and Technology Innovation at the University of Illinois's School of Information Sciences and Director of Research at Inca Digital, a digital asset analytics company. She is Co-PI of the NSF-funded FABRIC Midscale Research Infrastructure, Co-PI of an NSF-funded Convergence Accelerator project, Deception Awareness and Resilience Training (DART) and PI on a DARPA funded SBIR, Mapping the Impact of Digital Financial Assets (MIDFA). -
On September 1, 2022, the U.S. National Science Foundation (NSF) ACCESS Cyberinfrastructure started production operations, ushering in a new era following two decades of cooperative cyberinfrastructure partnerships among several leading centers for High Performance Computing (HPC) at U.S. universities and research institutions under the NSF TeraGrid and XSEDE projects. The NSF ACCESS Cyberinfrastucture is composed of five funded projects, including an ACCESS Coordination Office and four tracks representing (1) resource allocations, (2) user support and training, (3) operations, including cybersecurity, data management and networking, and (4) monitoring and measurement services. ACCESS Resource Provider (RP) sites include several NSF-funded HPC systems deployed at U.S. universities and research facilities nationwide, on which computing time and storage are allocated on a peer-reviewed basis managed through the ACCESS project.
In this webinar, we will describe the functions and activities of the ACCESS Cybersecurity Operations Group, and summarize the progress, challenges, and lessons learned in its first year. Topics will include authentication and identity management (AIM), cybersecurity communications and readiness, policy development, and future directions.
Speaker Bio:
Derek Simmel's career in Cybersecurity and HPC spans over four decades. Derek joined the technical staff of the CERT Coordination Center at Carnegie Mellon University's Software Engineering Institute in 1995. He brought his experience to the Pittsburgh Supercomputing Center (PSC) in 2001. Derek is currently a co-PI for the U.S. National Science Foundation (NSF) ACCESS COre National Ecosystem for CyberinfrasTructure (CONECT) project, and leads Cybersecurity Operations for ACCESS. He also provides infrastructure design, cybersecurity and scientific workflow support for PSC's NSF-funded Bridges-2 system, and PSC's NIH-funded Brain Image Library, HuBMAP, and ANTON projects. Since 2011, Derek has chaired The Americas Grid Policy Management Authority (TAGPMA), one of three PMAs that comprise the Interoperable Global Trust Foundation (IGTF). He has served on the Technical Steering Committee for the Linux Foundation OpenHPC project since 2016, and on the Governing Board for OpenHPC since 2019. -
The Internet2 Routing Integrity Initiative aims to improve the research and education (R&E) community’s adoption of best practices that strengthen the resilience and reliability of data movement across the R&E network ecosystem to support our shared missions. Routing integrity is an end-to-end challenge that requires the participation of the entire Internet2-networked community and beyond. This presentation will cover the pillars of the Routing Integrity Program and review resources you can use better to understand your organization's adoption of these practices:
Measurement and Reporting
Education
Global Coordination
Outreach and Advocacy
Adoption of Best Practices
Speaker Bio:
As Internet2’s Director of Routing Integrity, Steve Wallace promotes the adoption and improvement of routing security and integrity throughout the Internet2 community. He has been an active community member for over 24 years, having started as the engineer responsible for the team that built Abilene, Internet2's first network. -
The NIH Common Fund Data Ecosystem (CFDE) aims to enable the broad use of Common Fund (CF) data sets to accelerate discovery. CF programs generate a wide range of diverse and valuable data sets designed to be used by the research community. However, these data sets reside in different locations, and it is challenging or even impossible to work with multiple data sets in an accessible and user-friendly way. To help remedy this problem, the CFDE has created an online discovery portal that helps make CF data sets FAIR (Findable, Accessible, Interoperable, and Reusable) and enables researchers to search across CF data sets to ask scientific and clinical questions from a single access point. The CFDE Coordinating Center oversees CFDE activities and works closely with participating data coordinating centers from other CF programs on an initial subset of data sets, with plans to expand to additional CF data sets. As the security officer for the CFDE Coordinating Center, Rick used the Trusted CI Framework to focus cybersecurity efforts on protecting the trust amongst the CFDE participants. This mission-driven approach significantly clarified the CFDE's cybersecurity planning.
Speaker Bio:
Rick Wagner is a Principal Research Systems Integration Engineer at UCSD. Rick began his career using cyberinfrastructure as a tool for research in astrophysics, working on problems in cosmology and supersonic turbulence. His research was largely done on campus, NSF, and DOE computing resources, the same kinds of systems he later managed for SDSC. Rick took a break from UCSD to work for Globus at the University of Chicago, helping researchers with data management solutions. Now Rick is part of the Research IT team, helping to design solution for projects that cut across the campus and beyond it. He is also trying to smooth the boundary between cybersecurity and research, and was a 2021 Trusted CI Fellow. -
Remote monitoring and control of industrial control systems are protected using firewalls and user passwords. Cyberattacks that get past firewalls have unfettered access to command industrial control systems with potential to harm digital assets, environmental resources, and humans in proximity to the compromised system. In this talk, I will discuss our approach to prevent and mitigate such harms in scientific industrial control systems by enhancing the security of open-source cyberinfrastructure: the open-source Real-Time Executive for Multiprocessor Systems (RTEMS) real-time operating system and the Experimental Physics and Industrial Control System (EPICS) software and networks. The RTEMS and EPICS software projects are widely used cyberinfrastructure for controlling scientific instruments. This talk will discuss security problems that we have explored with these communities, and examine the salient challenges and opportunities presented by working with open-source communities on their cybersecurity needs.
Speaker Bio:
Gedare Bloom received his Ph.D. in computer science from The George Washington University in 2013. He joined the University of Colorado Colorado Springs as an Assistant Professor of Computer Science in 2019 and Associate Professor in 2022. He was an Assistant Professor of Computer Science at Howard University from 2015-2019. His research expertise is computer system security with emphasis on real-time embedded systems. He has published over sixty peer reviewed articles, serves as a program committee member and technical referee for flagship conferences and journals, and is an associate editor for the IEEE Transactions on Vehicular Technology.
Since 2011 Dr. Bloom has been a maintainer for the RTEMS open-source hard real-time operating system, which is used in robotics frameworks, unmanned vehicles, satellites and space probes, automotive, defense, building automation, medical devices, industrial controllers, and more. Some of his key contributions to RTEMS include the first 64-bit architectural port of RTEMS, design and implementation of a modern thread scheduling infrastructure, support for running RTEMS as a paravirtualized guest for avionics hypervisors, and implementation of POSIX services required to be compliant with the FACE avionics standard. Additionally, he mentors and guides students around the world through learning about and developing with RTEMS. He co-authored the textbook “Real-Time Systems Development with RTEMS and Multicore Processors” published by CRC Press in 2020. -
A Science DMZ is a special network architecture designed to improve the speed at which large science data transfers can be made over the Internet while maintaining security of the assets. This webinar will provide an overview of the Science DMZ architecture, how to secure it, and cover use cases such as the statewide science network in Arkansas.Speaker Bios:Mark Krenz: Mark Krenz is the Chief Security Analyst at the Indiana University Center for Applied Cybersecurity Research and the Deputy CISO of Trusted CI. He is focused on cybersecurity operations, research and education. He has more than two decades of experience in system and network administration and has spent the last decade focused on cybersecurity.Don DuRousseau: Don is Director of Research Technology at the University of Arkansas. He has over 20 years leadership experience in research technologies, cyberinfrastructures, cybersecurity, and informatics. He is an active researcher and contributor in areas of programmable networking, advanced computing, bioinformatics, and human systems engineering. He leads the NSF CC* CIRA: Shared Arkansas Research Plan for Community Cyberinfrastructure (SHARP) project in planning the statewide research cyberinfrastructure (RCI) operations and researcher training and support strategy for providing HPC and other research resources and services to all the universities and colleges in Arkansas.Don was responsible for the operation and growth of the 100-G R&E Network (CAAREN) Capital Area Advanced Research and Education Network in Washington D.C. In addition, he led the operations of the HPC resources and distributed support services on campus and built the Capital Region Advanced Cyber Range (CRACR) through the NSF CICI: Regional: Substrate for Cybersecurity Education; a Path to Training, Research and Experimentation project carried out at The George Washington University.Kathy Benninger is Manager of Networking Research at Pittsburgh Supercomputing Center.
-
Keeping up on the newest Federal regulations or supporting it appropriately is a full time job even though it is rarely able to be a dedicated position. We will share how a new community of practice on the block is lowering the barrier to entry by elevating the entire community’s regulated research programs through: 1) Building relationships 2) Collecting best practices 3) Opening the dialogue on challenges by broadly sharing lessons learned 4) Aligning with other communities 5) Simplifying compliance 6) Advocating for the community
Regulated Research Community of Practice (RRCoP) is a partner of Trusted CI looking to extend the reach towards research compliance and advocacy of the special circumstances that make research in academic institutions different from industry.
Join us for glimpse of RRCoP roots, recent contributions, lessons learned, and what the future holds.
Speaker Bios:
Carolyn Ellis is the CMMC Program Manager at University of California, San Diego, where she builds and leads sustainable regulated research programs. Carolyn has significant experience in grants, research, and implementing the security enclaves for DOD contracts. As leadership of NSF award # 2201028, Building a Community of Practice for Supporting Regulated Research, Carolyn is passionate about growing future leaders within the research compliance community. Her community building efforts also include mentoring within various women in STEM communities such as WiCys (Women in Cybersecurity).
Erik Deumens has a PhD in computational nuclear and chemical physics and has done research in modeling of chemical reactions and designed complex computational software. Since 2011, he is the full time director of the department of Research Computing in UFIT at the University of Florida. Starting 2015, he and his staff have been in charge of a FISMA 800-53 moderate computing environment for research. During 2018 a second generation system was completed to meet both FISMA and CUI 800-171 requirements. The new system has the advantage that it is more cost effective for research budgets. The system was assessed for compliance by a 3PAO. See https:///www.rc.ufl.edu for details on UFIT RC. -
The Trusted CI Information Security Office (ISO) team will be presenting a webinar on the CIS Controls. This will include background and information on the CIS controls, our recent experiences using the controls to assess Trusted CI’s own cybersecurity program and operations, and how that can be applied to your own project.
Topics include:
* Who Trusted CI is and why we have a cybersecurity program.
* Background on the CIS controls and what an assessment is.
* What led us to perform a CIS assessment.
* Overview and discussion of our results.
* Differences between control versions 7.1 and 8.
* Discussion on methodology and tools that can be used in assessments.
Speaker Bios:
Shane Filus serves as a Senior Security Engineer at the Pittsburgh Supercomputer Center, and works with Trusted CI, XSEDE/ACCESS, and HuBMAP projects on all aspects of cybersecurity; from operations, to incident response, to policy, and everything in between.
Mark Krenz serves as Chief Security Analyst at Indiana University’s Center for Applied Cybersecurity Research. Mark’s focus is on cybersecurity operations, research and education. He has more than two decades of experience in system and network administration and has spent the last decade focused on cybersecurity. He serves as the CISO of the ResearchSOC and the Deputy CISO of Trusted CI. -
The education industry has unceremoniously emerged as the second most common target for ransomware. It continues to evolve in how it is used as a fund-raiser for criminal organizations and how the technology works, to keep its victims guessing as to defense and eradication. Institutions face the difficult challenge of preserving academic freedom, easy access to information, and open collaboration while defending from threat actors who exploit these same characteristics. This presentation will focus on the current threats and provide guidance on protecting against ransomware attacks.
Speaker Bios:
Sarah Bigham: joined the REN-ISAC in March 2014. As Lead Security Analyst, her day-to-day responsibilities include managing the REN-ISAC Blended Threat Workshops, working closely with the National Council of ISACs (NCI), FBI, DHS, and other state and federal peers to stay abreast of new and emerging threats, as well as special projects, and member relations. Before coming to the REN-ISAC, Sarah worked at Harvard University as a Systems Support Specialist focusing on campus-wide Identity & Access Management (IdM) and HIPAA compliance for Harvard University Health Services. Prior to that, Sarah was a defense contractor at the United States Naval Academy where she focused on user and desktop support across the Yard for all faculty, staff, and midshipmen. Sarah holds an Associate of Applied Science in Computer Network Management from Anne Arundel Community College (Annapolis, MD) and a Bachelor of Science in Information Systems Management from University of Maryland Global Campus.
Krysten Stevens joined REN-ISAC as Director of Technical Operations in 2020. She has a background in IT security analysis and cyber threat intelligence from Purdue University, where she used her leadership and expertise to train other security analysts, create security awareness programs, and develop threat intelligence strategies on an organizational level. Krysten graduated from Purdue University Global with an MS Cybersecurity Management in 2020, and she holds CISSP and GCTI certifications. When not at work, Krysten enjoys spending time with her husband, two children, five cats, and two golden retrievers (who refuse to retrieve). -
The Trusted CI Framework is a minimum standard for cybersecurity programs. In response to cybersecurity guidance focused narrowly on cybersecurity controls, the Trusted CI Framework provides a more holistic and mission-focused standard for managing cybersecurity. In order to encourage adoption of the Trusted CI Framework, we have created a program called the Framework Cohort, where representatives from multiple NSF Major Facilities and other "Key Projects" participate in a group engagement with Trusted CI focused on adoption and implementation of the Framework.This webinar will provide updates from the inaugural cohort, currently in progress, and discuss the opportunity to participate in future cohorts.More information about the Framework can be found at:
https://www.trustedci.org/framework
Speaker Bio:
Scott Russell is a Senior Policy Analyst at the Indiana University Center for Applied Cybersecurity Research. Scott was previously the Postdoctoral Fellow in Information Security Law & Policy. Scott’s work thus far has emphasized private sector cybersecurity best practices, data aggregation and the First and Fourth Amendments, and cybercrime in international law. Scott studied Computer Science and History at the University of Virginia and received his J.D. from the Indiana University, Maurer School of Law. -
This webinar presents the results of Trusted CI's 2021 examination of the state of software assurance in scientific computing, and also gives an overview of the contents of its recently released Guide to Securing Scientific Software (GS3), aimed at helping developers of software used in scientific computing improve the security of that software.See our blog post announcing the report:https://blog.trustedci.org/2021/12/publication-of-trusted-ci-guide-to.htmlSpeaker Bios: Dr. Elisa Heymann is a Senior Scientist on the NSF Cybersecurity Center of Excellence at the University of Wisconsin, and an Associate Professor at the Autonomous University of Barcelona. She was in charge of the Grid/Cloud security group at the UAB, and participated in two major Grid European Projects: EGI‐InSPIRE and European Middleware Initiative (EMI). Heymann's research interests include security and resource management for Grid and Cloud environments. Her research is supported by the NSF, Spanish government, the European Commission, and NATO.Prof. Barton Miller is the Vilas Distinguished Achievement Professor and Amar & Belinder Sohi Professor in computer science at the University of Wisconsin-Madison. Prof. Miller founded the field of fuzz random testing, which is foundational to computer security and software testing. In addition, he founded (with his then-student Prof. Jeffrey Hollingsworth) the field of dynamic binary instrumentation, which is a widely used, critical technology for cyberforensics. Prof. Miller advises the Department of Defense on computer security issues though his position at the Institute for Defense Analysis and was on the Los Alamos National Laboratory Computing, Communications and Networking Division Review Committee and the US Secret Service Electronic Crimes Task Force (Chicago Area). He is currently an advisor to the Wisconsin Security Research Council. Prof. Miller is a fellow of the ACM.Dr. Sean Peisert leads applied research and development in computer security at the Berkeley Lab and UC Davis. He is also chief cybersecurity strategist for CENIC; co-lead of Trusted CI, the NSF Cybersecurity Center of Excellence; editor-in-chief of IEEE Security & Privacy; a member of the Distinguished Expert Review Panel for the NSA Annual Best Scientific Cybersecurity Paper Competition; a member of the DARPA Information Science and Technology (ISAT) Study Group; an ACSA Senior Fellow; past chair of the IEEE Technical Committee on Security & Privacy' and is a steering committee member and past general chair of the IEEE Symposium on Security and Privacy ("Oakland").
-
At one time, higher-ed was the requestor of HECVAT's - now we are being called to populate them for our peers. The Higher Education Community Vendor Assessment Toolkit (HECVAT) has become the de facto standard for vendor risk and security assessment in higher education and the number of universities around the globe using the HECVAT in their assessment process is well into the hundreds. As researchers, and those in the academic mission, consume services of academic research providers (e.g., the Ohio Supercomputer Center, OSC), and thus sharing institutional data, their security offices are increasingly conducting security and risk assessment of these providers to ensure they are meeting the risk tolerance of their institution.
Taking a proactive approach to mitigate unnecessary burden in this space, Trusted CI lead an engagement looking to provide response guidance for these academic research service providers on how to properly represent the security state(s) of their environment. Join Kyle Earley, High Performance Computing Security Engineer from the Ohio Supercomputer Center and Charlie Escue, Information Security Manager at Indiana University and co-chair of EDUCAUSE's HECVAT Users Community Group, as they discuss this collaboration and the tangible guidance that was produced during the engagement.
Speaker Bios:
Charles Escue manages Indiana University's Extended Information Security (EIS) team, a pioneering effort focused on improving university incident remediation capabilities and the handling of imminent threats, beyond the scope of our traditional security office. With over fourteen years of information technology (IT) experience at Indiana University, Charles proudly leads and contributes his expertise as co-chair of EDUCAUSE's HECVAT Users Community Group.
Kyle Earley serves as the High Performance Computing Security Engineer for the Ohio Supercomputer Center (OSC). He is the single security resource for the center covering everything from day-to-day security operations to specific engagements and audits. Kyle graduated with a bachelor's degree in Management of Information Systems Enterprise Security from Georgia Southern University. Prior to his time at OSC, he worked for Accenture on a wide array of projects from Department of Defense (DoD) contracts to Fortune 500 clients, last serving as a Senior Security Analyst in the consulting track. - Näytä enemmän