cybersecurity challenges and opportunities anita nikolich program director, advanced...
TRANSCRIPT
![Page 1: Cybersecurity Challenges and Opportunities Anita Nikolich Program Director, Advanced Cyberinfrastructure October 2015](https://reader036.vdocument.in/reader036/viewer/2022062805/5697bfe01a28abf838cb32d6/html5/thumbnails/1.jpg)
Cybersecurity Challenges and Opportunities
Anita NikolichProgram Director, Advanced
CyberinfrastructureOctober 2015
![Page 2: Cybersecurity Challenges and Opportunities Anita Nikolich Program Director, Advanced Cyberinfrastructure October 2015](https://reader036.vdocument.in/reader036/viewer/2022062805/5697bfe01a28abf838cb32d6/html5/thumbnails/2.jpg)
2
Why Worry about Security in the Scientific Environment?
Integrity of data and results Embarrassment, damage to reputation High value assets – understand and
manage risk Scientific Collaborations based on trust Being used to harm others would be
damaging to one’s reputation Rutgers – 4 attacks in 5 months. Cost 2
Bitcoin, or ~$500! Knocked out Wi-Fi, course registration, email. Goal to annoy.
![Page 3: Cybersecurity Challenges and Opportunities Anita Nikolich Program Director, Advanced Cyberinfrastructure October 2015](https://reader036.vdocument.in/reader036/viewer/2022062805/5697bfe01a28abf838cb32d6/html5/thumbnails/3.jpg)
3
Facilities Security (FacSec)
Group of NSF Program Directors with responsibility for large projects or facilities (ie, LSST, OOI, Polar)
Quarterly meetings to exchange best practices, share information
Facilitated by ACI
![Page 4: Cybersecurity Challenges and Opportunities Anita Nikolich Program Director, Advanced Cyberinfrastructure October 2015](https://reader036.vdocument.in/reader036/viewer/2022062805/5697bfe01a28abf838cb32d6/html5/thumbnails/4.jpg)
4
Secure and Trustworthy Cyberspace (SaTC)
Cross Directorate Program Aims to support fundamental scientific advances and
technologies to protect cyber-systems from malicious behavior, while preserving privacy and promoting usability.
Develop the foundations for engineering systems inherently resistant to malicious cyber disruption
Cybersecurity is a multi-dimensional problem, involving both the strength of security technologies and variability of human behavior.
Encourage and incentivize socially responsible and safe behavior by individuals and organizations
Focus on Privacy: Dear Colleague Letter for new collaborations between Computer and Social Scientists, including a focus on privacy. $75M
Annually
![Page 5: Cybersecurity Challenges and Opportunities Anita Nikolich Program Director, Advanced Cyberinfrastructure October 2015](https://reader036.vdocument.in/reader036/viewer/2022062805/5697bfe01a28abf838cb32d6/html5/thumbnails/5.jpg)
5
SaTC FY15 Funding Areas
Access controlAnti-malwareAnticensorshipApplied cryptographyAuthenticationCellphone network securityCitizen scienceCloud securityCognitive psychologyCompetitionsCryptographic theoryCyber physical systemsCybereconomics
CyberwarDigital currenciesEducationForensicsFormal methodsGovernanceHardware securityHealthcare securityInsider threatIntrusion detectionMobile securityNetwork securityOperating systems
PersonalizationPrivacyProvenanceSecurity usabilitySituational awarenessSmart GridSocial networksSociology of securitySoftware securityVehicle securityVerifiable computationVoting systems securityWeb security
![Page 6: Cybersecurity Challenges and Opportunities Anita Nikolich Program Director, Advanced Cyberinfrastructure October 2015](https://reader036.vdocument.in/reader036/viewer/2022062805/5697bfe01a28abf838cb32d6/html5/thumbnails/6.jpg)
6
SaTC: Transition to Practice (TTP)
Supports later stage activities in the research and development lifecycle such as prototyping and experimental deployment ACI Funded Looking for early adopters Review Criteria:
Impact on deployed environment Value in terms of needed capability and potential impact
across the NSF community Feasibility, utility, and interoperability in operation Project plan including goals, milestones, demonstration
and evaluation Tangible metrics to evaluate effectiveness of capabilities
developed
![Page 7: Cybersecurity Challenges and Opportunities Anita Nikolich Program Director, Advanced Cyberinfrastructure October 2015](https://reader036.vdocument.in/reader036/viewer/2022062805/5697bfe01a28abf838cb32d6/html5/thumbnails/7.jpg)
7
Center for Trustworthy Scientific Cyberinfrastructure (CTSC)
PI: Von Welch, Indiana University
Mission: Establish a coherent cybersecurity ecosystem for NSF computational science and engineering, while allowing projects to focus on their science endeavors.
Trustedci.org - webinars, project documents, best practices, online free training, etc
Hosts annual Large Facilities Cybersecurity Summit, 120+ attendees
![Page 8: Cybersecurity Challenges and Opportunities Anita Nikolich Program Director, Advanced Cyberinfrastructure October 2015](https://reader036.vdocument.in/reader036/viewer/2022062805/5697bfe01a28abf838cb32d6/html5/thumbnails/8.jpg)
8
CTSC Community Engagements
• Building or reviewing a cybersecurity plan• Software assessment• Design review• Advanced challenges (federated IdM,
delegation, etc.)• Topics as needed by the community.
No cost outside of time and effort. Can be answering a question, a phone
call to advise, a day-long review, or week-to-month of collaboration.
Examples:
trustedci.org
![Page 9: Cybersecurity Challenges and Opportunities Anita Nikolich Program Director, Advanced Cyberinfrastructure October 2015](https://reader036.vdocument.in/reader036/viewer/2022062805/5697bfe01a28abf838cb32d6/html5/thumbnails/9.jpg)
9
CTSC: Security TrainingFor PI’s or Technical Staff
• Secure coding• Identity Management/InCommon• Developing a cybersecurity plan• Present at existing conferences (XSEDE, SC,
NSF Cybersecurity Summit, etc.) or can come to you
TrustedCI Forum for users:https://trustedci.groupsite.orgQuestions, discussions regarding NSF cybersecurity
• * Did I mention it’s at no cost to you? Contact [email protected]
![Page 10: Cybersecurity Challenges and Opportunities Anita Nikolich Program Director, Advanced Cyberinfrastructure October 2015](https://reader036.vdocument.in/reader036/viewer/2022062805/5697bfe01a28abf838cb32d6/html5/thumbnails/10.jpg)
10
Cybersecurity Innovation for Cyberinfrastructure (CICI) NSF
15-549Activities that impact the security of science,
engineering and education environmentsTarget community is operational cyberinfrastructure
FY15 $11M/13 awards. FY15 Areas:Cybersecurity Center of Excellence ($5M award,
still pending)Secure Data Provenance ($500K awards)Secure Architecture Design ($500K awards)
![Page 11: Cybersecurity Challenges and Opportunities Anita Nikolich Program Director, Advanced Cyberinfrastructure October 2015](https://reader036.vdocument.in/reader036/viewer/2022062805/5697bfe01a28abf838cb32d6/html5/thumbnails/11.jpg)
11
FY16 Areas TBD Focus on security of scientific workflow
and operational cyberinfrastructure What are your greatest privacy,
security, identity management challenges?
Cybersecurity Innovation for Cyberinfrastructure (CICI)
![Page 12: Cybersecurity Challenges and Opportunities Anita Nikolich Program Director, Advanced Cyberinfrastructure October 2015](https://reader036.vdocument.in/reader036/viewer/2022062805/5697bfe01a28abf838cb32d6/html5/thumbnails/12.jpg)
12
Examples of ACI Funded Security Projects
Bro IDS - ubiquitous at large sites and campuses ShellOS Malware Detection – UNC-Chapel Hill
deploys in production . More accurate and useful than off the shelf appliances.
CICI: Mini Science DMZ for Scientific Instruments (IU)
CICI: Provenance-Based Trust Management for Collaborative Data Curation (UPenn)
CICI: CapNet: Secure Scientific Workloads with Capability Enabled Networks (Utah)
![Page 13: Cybersecurity Challenges and Opportunities Anita Nikolich Program Director, Advanced Cyberinfrastructure October 2015](https://reader036.vdocument.in/reader036/viewer/2022062805/5697bfe01a28abf838cb32d6/html5/thumbnails/13.jpg)
13
Security within ACI programs
Data/DIBBs – Focus on privacy and integrity of data sets
Software/SI2 – Focus on trustworthy software. Vulnerability assessments throughout process
HPC – Focus on integrity of results and secure interoperability of computing resources
LWD – Integration of training and education through CICI
![Page 14: Cybersecurity Challenges and Opportunities Anita Nikolich Program Director, Advanced Cyberinfrastructure October 2015](https://reader036.vdocument.in/reader036/viewer/2022062805/5697bfe01a28abf838cb32d6/html5/thumbnails/14.jpg)
14
How Can NSF Help?
Tell me your biggest security challenge – lack of tools? Lack of people? Lack of time to think about security? Not wanting to impede the scientific workflow?
Talk to me todayor email me: