S ecurity A ssured C yberinfrastructure in P ennsylvani a June - PowerPoint PPT Presentation

S ecurity A ssured C yberinfrastructure in P ennsylvani a June 14-15, 2018 Pittsburgh This workshop is part of the following project funded by the National Science Foundation (NSF) NSF Award #1642117: CICI: Regional: SAC-PA: Towards Security Assured Cyberinfrastructure in Pennsylvania

Basic Information n Breakfast, coffee breaks n Meals Live Google Doc for all to use during the workshop n Lunch provided both days for capturing thoughts, n Light Reception (5-6PM) ideas, and questions. We n Supported by PittCyber, SCI/LERSAIS will use it to build the attendee survey that will n WiFi password:VNMGD3 come out shortly after the n Need help? workshop. https://goo.gl/dpSZcy n Kelly Shaffer, Program Director at SCI n Runhua Xu, LERSAIS PhD student n Project team 2

NSF CICI (Cybersecurity Innovation for Cyberinfrastructure) Objective : n ”is to develop, deploy and integrate security solutions that benefit the scientific community by ensuring the integrity, resilience and reliability of the end-to-end scientific workflow” Collaboration, Shared cyberinfrastructure for Science & Engineering n Two areas in 2016 n Resilient Security Architecture (for research cyberinfrastructure) n Regional Cybersecurity Collaboration n Current focus: n Secure Scientific Cyberinfrastructure n Collaborative Security Response Center n Research Data Protection n 3

Motivation: SAC-PA project Data-driven scientific research & n discovery An unprecedented opportunity!! n Cybersecurity is a growing n concern/challenge Regional collaboration and n partnership among cyberinfrastructure providers and users critical !!

SAC-PA Project Objectives Establish a regional collaboration and partnership n framework, SAC-PA, within the state of Pennsylvania Provide critical support to smaller academic institutions n (schools and colleges, etc.), including resource constrained regional institutions that serve under- represented groups Enable concerted activities to promote the use of n effective cybersecurity techniques and practice of security-assured cyberinfrastructure. SAC-PA will provide a regional cybersecurity collaboration and partnership model that can be adopted by other regions, or be extended for national level collaborations.

Key Tasks: Task 1: Develop and Deliver Regional n Workshops for Cybersecurity 3 workshops in Pittsburgh area n Goals : n Understanding of CI resources and Cybersecurity capabilities, & challenges n Understand/Explore existing/emerging cybersecurity challenges and solutions n Develop regional collaboration and partnership

SAC-PA Workshops SAC-PA 1 Workshop (June, 2017) • Identify regional resources related to cyberinfrastructure & cybersecurity that relates to the scientific research community • Presentations and discussion on cybersecurity challenges to the scientific research community • ---- SAC-PA 2 Workshop (June, 2018) • Cybersecurity Research to Practice • Cybersecurity Tools and Techniques • Security Standards, Best Practices, etc. SAC-PA 3 Workshop (TBD) • Delivery of training/tutorial modules developed • Research, tools and techniques

Task 2: Training and Awareness Materials Task 2: Collaboratively Develop Training/Awareness Materials n Develop and share cybersecurity training and awareness materials based on the needs and capabilities identified in the workshops Cybersecurity/privacy tools; n Cybersecurity administration; n Cybersecurity standards (NIST, ISO, FISMA); n Cybersecurity risk management; n Cybersecurity regulations/compliances issues; n Cyberforensics; n Cyber-operational issues; n Cybersecurity incident handling, disaster management, and business continuity n planning; Host, Network and Cyberinfrastucture – prevention, detection and response; n Threat Management, etc. Please consider contributing to the development/sharing of training/awareness materials

Task 3: SAC-PA Collaboration/partnership n Task 3: Establish Regional Partnerships and a Shared Repository of Cybersecurity SAC PA Resources/Capabilities. n Integrated and Shared Repository Security Education, Training and Awareness n Knowledge Sharing (SETA) materials Collaboration Practical Tools n Integrative, Concerted Efforts Online resources (standards, guidelines, ..) Innovation & discovery n Expertise, Capabilities Standard/effective practices n …

Initial Partners for Collaboration Pittsburgh Supercomputing Center Keystone Initiative for Network Based } n Education and Research (KINBER) REN-ISAC } University of Pittsburgh’s CSSD’s National Cyber-Forensics & Training n } Alliance (NCFTA) Information Security Team Federal Bureau of Investigation (FBI, Open Science Grid } n Pittsburgh) Center of Trustworthy Scientific n Computing (CTSC) University of Pittsburgh Medical } Center (UPMC) – IT Security Internet2 n SEI-CERT }

Project Team James Joshi (PI), Professor, SCI, University of Pittsburgh n Brian Stengel (Co-PI), University of Pittsburgh n Balaji Palanisamy (Co-PI), Assistant Professor, SCI n Michael B. Spring (Co-PI), Associate Professor, SCI n Prashant Krishnamurthy (Co-PI), Professor, SCI n David Tipper (Co-PI), Professor, SCI n Project Page: http://www.sis.pitt.edu/lersais/research/sac-pa/ LERSAIS Page: http://www.sis.pitt.edu/lersais/

Initial Idea Collaboration SAC PA Partnership 12

Key Stakeholders Board of Governors External Advisory Any entity engaged in Cybersecurity (Governance Body – Body or Cyberinfrastructure related to state level) research and education – as solution Collaboration providers, facilitators, users, customers etc. External Collaboration Coordination Council & Partnership (Executive body) - Universities, Colleges, Schools Entities - IT departments - Cybersecurity and CI • Research & Coordinated SAC researchers/users/provi Development Focused groups PA ders • Cyber (Agile / Issue specific / operation/forensics ad-hoc) - Research Centers/Labs and • Security Management/ Partnership Institutes (e.g., PSC) standards / Best Focus group 1 - Public, non-profit entities (e.g., practices NCFTA) • Law, Policy, Ethics Focus group 2 - Government entities (e.g., FBI) • Research data curation - Private sector (e.g., ??) • High Performance/Super Focus group 3 computing • Cyber threats/intelligence Broader representation; analysis Elected/Selected • Cybercrime, IP • SETA (e.g., CAEs) • ….. Coordinate, Provide, Use, Manage Facilitate collaboration Coordinated/Integrated/Interconnected & Shared (Cybersecurity and CI resources, Expertise, Educational/Training/Awareness, Symposia/Workshops, etc.) Science & Engg. Software/ Security & privacy Research Data Legal/Ethical/Reg Hardware Tools Standards/Best Cyberinfrastructure Repository ulatory Guidelines Resource pool repository practices 13

SAC-PA Collaboration and Partnership framework – to work out n Membership – broad coverage n Mission, vision & Strategic plans n Information and resource sharing architecture, platform, n CI related SETA Program and/or networking events n Sustainability model n …. We welcome your active participation and collaboration towards establishing it!! 14