Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CTSC+SWAMP: cybersecurity resources for your campus

401 views

Published on

Center for Trustworthy Scientific Cyberinfrastructure (CTSC) and Software Assurance Marketplace (SWAMP): cybersecurity resources for your campus. Presented at the March 2017 CASC Spring Meeting.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

CTSC+SWAMP: cybersecurity resources for your campus

  1. 1. Jim Basney jbasney@ncsa.illinois.edu & cybersecurity resources for your campus
  2. 2. Why Cybersecurity Matters: Trusted & Reproducible Science
  3. 3. Center for Trustworthy Scientific Cyberinfrastructure: The NSF Cybersecurity Center of Excellence ● Mission: Provide the NSF community a coherent understanding of cybersecurity’s role in producing trustworthy science and the information and know-how required to achieve and maintain effective cybersecurity programs. ● Building Community: annual NSF Cybersecurity Summit, monthly webinars, blog, email lists, partnerships, benchmarking surveys ● Sharing Knowledge: alerts, guides, templates, best practices, training ● Collaborative Engagements: tackling cybersecurity challenges for science projects
  4. 4. DHS Software Assurance Marketplace (SWAMP) ● A no-cost resource to promote a more stable and secure software ecosystem ● 30 static analysis tools to check your code for weaknesses ● View results from multiple tools in one place, to identify and address the most important problems in your code ● Continuous Assurance: assess your code throughout the development lifecycle Miron Livny, MIR Jim Basney, NCSA Bart Miller, UW Von Welch, IU
  5. 5. SWAMP-in-a-Box ● An open source software distribution for establishing a Continuous Assurance facility on your campus ● Operate your own local SWAMP on your hardware behind your firewall ● Includes plugins for Eclipse & Jenkins ● Connect with your local AD/LDAP accounts or use CILogon/InCommon ● Try mir-swamp.org then install your own https://github.com/mirswamp/deployment
  6. 6. Software Assurance in the Classroom ● Teaching secure coding practices to undergraduates and graduate students ● Students use mir-swamp.org to analyize and improve their code ● Partnership with Prof. Lethia Jackson at Bowie State University in Maryland ○ https://morgridge.org/story/can-cybersecurity-crack-the-undergraduate-curriculum/
  7. 7. Software Assurance for Scientific Cyberinfrastructure ● Software is critical to science and "must be reliable, robust, and secure" (https://www.nsf.gov/cif21) ● Software Assurance is an important CTSC thrust (training, engagements, best practice guides, situational awareness) ● SWAMP is an important resource for CTSC (e.g., engagements with perfSONAR, SciGaP, OSG/HTCondor) https://trustedci.org/software-assurance/
  8. 8. Cybersecurity Training for Scientists & CI Professionals ● Secure Coding Practices and Automated Assessment Tools (e.g., SWAMP) ● Secure Software Engineering Practices ● Developing Cybersecurity Programs for Science Projects ● Incident Response and Log Analysis ● Federated Identity Management for Research Organizations https://trustedci.org/onlinetraining/ https://trustedci.org/trainingmaterials/
  9. 9. Operating Secure Scientific Facilities ● CTSC engagements with NSF Large Facilities: DKIST, Gemini, IceCube, LIGO, LSST, LTER, NEON, OOI ● NSF Large Facilities Security Working Group (established January 2017) ● Annual NSF Cybersecurity Summit (August 15-17 2017 in Arlington, VA) ● Open Science Cyber Risk Profile (https://trustedci.org/oscrp/) ● CTSC partnership with REN-ISAC for situational awareness
  10. 10. Cybersecurity for Science Gateways ● CTSC partnership with Science Gateway Community Institute (SGCI): cybersecurity education for gateway developers and operators ● CTSC engagement with SciGaP (https://trustedci.org/scigap/)
  11. 11. 11 Cybersecurity Guides and Tools ● Addressing concerns unique to science ● Policy templates: Acceptable Use, Access Control, Asset Management, Disaster Recovery, Incident Response, Inventory, Awareness, Physical Security, ... ● Risk assessment table ● Securing commodity IT ● Self-assessment Tool ● Identity Management Best Practices https://trustedci.org/guide
  12. 12. CTSC engagements, guides, email lists, blog, annual summit, monthly webinars, and training on cybersecurity for science SWAMP continuous assurance via mir-swamp.org and open source SWAMP-in-a-Box software distribution &
  13. 13. For more info... https://trustedci.org https://continuousassurance.org CTSC is funded by NSF award #1547272. SWAMP is funded by DHS award #FA8750-12-2-0289. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.

×