ctsc+swamp: cybersecurity resources for your campus
TRANSCRIPT
Why Cybersecurity Matters: Trusted & Reproducible Science
Center for Trustworthy Scientific Cyberinfrastructure:The NSF Cybersecurity Center of Excellence● Mission: Provide the NSF community a coherent understanding of cybersecurity’s
role in producing trustworthy science and the information and know-how
required to achieve and maintain effective cybersecurity programs.
● Building Community: annual NSF Cybersecurity Summit, monthly webinars,
blog, email lists, partnerships, benchmarking surveys
● Sharing Knowledge: alerts, guides, templates, best practices, training
● Collaborative Engagements: tackling cybersecurity challenges for science projects
DHS Software Assurance Marketplace (SWAMP)● A no-cost resource to promote a more stable and secure software ecosystem
● 30 static analysis tools to check your code for weaknesses
● View results from multiple tools in one place, to identify and address the most
important problems in your code
● Continuous Assurance: assess your code throughout the development lifecycle
Miron Livny, MIR Jim Basney, NCSA Bart Miller, UW Von Welch, IU
SWAMP-in-a-Box● An open source software distribution for
establishing a Continuous Assurance facility
on your campus
● Operate your own local SWAMP on your
hardware behind your firewall
● Includes plugins for Eclipse & Jenkins
● Connect with your local AD/LDAP accounts
or use CILogon/InCommon
● Try mir-swamp.org then install your own
https://github.com/mirswamp/deployment
Software Assurance in the Classroom● Teaching secure coding practices to undergraduates and graduate students
● Students use mir-swamp.org to analyize and improve their code
● Partnership with Prof. Lethia Jackson at Bowie State University in Maryland
○ https://morgridge.org/story/can-cybersecurity-crack-the-undergraduate-curriculum/
Software Assurance for Scientific Cyberinfrastructure● Software is critical to science and
"must be reliable, robust, and secure"
(https://www.nsf.gov/cif21)
● Software Assurance is an important CTSC
thrust (training, engagements, best practice
guides, situational awareness)
● SWAMP is an important resource for
CTSC (e.g., engagements with perfSONAR,
SciGaP, OSG/HTCondor)
https://trustedci.org/software-assurance/
Cybersecurity Training for Scientists & CI Professionals● Secure Coding Practices and Automated Assessment Tools (e.g., SWAMP)
● Secure Software Engineering Practices
● Developing Cybersecurity Programs for Science Projects
● Incident Response and Log Analysis
● Federated Identity Management for Research Organizations
https://trustedci.org/onlinetraining/ https://trustedci.org/trainingmaterials/
Operating Secure Scientific Facilities● CTSC engagements with NSF Large
Facilities: DKIST, Gemini, IceCube,
LIGO, LSST, LTER, NEON, OOI
● NSF Large Facilities Security Working
Group (established January 2017)
● Annual NSF Cybersecurity Summit
(August 15-17 2017 in Arlington, VA)
● Open Science Cyber Risk Profile
(https://trustedci.org/oscrp/)
● CTSC partnership with REN-ISAC for
situational awareness
Cybersecurity for Science Gateways● CTSC partnership with Science Gateway
Community Institute (SGCI): cybersecurity
education for gateway developers and operators
● CTSC engagement with SciGaP
(https://trustedci.org/scigap/)
11
Cybersecurity Guides and Tools● Addressing concerns unique to science
● Policy templates:
Acceptable Use, Access Control,
Asset Management, Disaster Recovery, Incident
Response, Inventory, Awareness, Physical
Security, ...
● Risk assessment table
● Securing commodity IT
● Self-assessment Tool
● Identity Management Best Practices
https://trustedci.org/guide
CTSC
engagements, guides,
email lists, blog,
annual summit,
monthly webinars,
and training on
cybersecurity for science
SWAMP
continuous assurance
via mir-swamp.org
and
open source
SWAMP-in-a-Box
software distribution
&
For more info...
https://trustedci.org https://continuousassurance.org
CTSC is funded by NSF award #1547272. SWAMP is funded by DHS award #FA8750-12-2-0289.
Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not
necessarily reflect the views of the United States Government or any agency thereof.