Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CTSC+SWAMP: cybersecurity resources for your campus


Published on

Center for Trustworthy Scientific Cyberinfrastructure (CTSC) and Software Assurance Marketplace (SWAMP): cybersecurity resources for your campus. Presented at the March 2017 CASC Spring Meeting.

Published in: Technology
  • I pasted a website that might be helpful to you: ⇒ ⇐ Good luck!
    Are you sure you want to  Yes  No
    Your message goes here
  • Hello! I can recommend a site that has helped me. It's called ⇒ ⇐ So make sure to check it out!
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

CTSC+SWAMP: cybersecurity resources for your campus

  1. 1. Jim Basney & cybersecurity resources for your campus
  2. 2. Why Cybersecurity Matters: Trusted & Reproducible Science
  3. 3. Center for Trustworthy Scientific Cyberinfrastructure: The NSF Cybersecurity Center of Excellence ● Mission: Provide the NSF community a coherent understanding of cybersecurity’s role in producing trustworthy science and the information and know-how required to achieve and maintain effective cybersecurity programs. ● Building Community: annual NSF Cybersecurity Summit, monthly webinars, blog, email lists, partnerships, benchmarking surveys ● Sharing Knowledge: alerts, guides, templates, best practices, training ● Collaborative Engagements: tackling cybersecurity challenges for science projects
  4. 4. DHS Software Assurance Marketplace (SWAMP) ● A no-cost resource to promote a more stable and secure software ecosystem ● 30 static analysis tools to check your code for weaknesses ● View results from multiple tools in one place, to identify and address the most important problems in your code ● Continuous Assurance: assess your code throughout the development lifecycle Miron Livny, MIR Jim Basney, NCSA Bart Miller, UW Von Welch, IU
  5. 5. SWAMP-in-a-Box ● An open source software distribution for establishing a Continuous Assurance facility on your campus ● Operate your own local SWAMP on your hardware behind your firewall ● Includes plugins for Eclipse & Jenkins ● Connect with your local AD/LDAP accounts or use CILogon/InCommon ● Try then install your own
  6. 6. Software Assurance in the Classroom ● Teaching secure coding practices to undergraduates and graduate students ● Students use to analyize and improve their code ● Partnership with Prof. Lethia Jackson at Bowie State University in Maryland ○
  7. 7. Software Assurance for Scientific Cyberinfrastructure ● Software is critical to science and "must be reliable, robust, and secure" ( ● Software Assurance is an important CTSC thrust (training, engagements, best practice guides, situational awareness) ● SWAMP is an important resource for CTSC (e.g., engagements with perfSONAR, SciGaP, OSG/HTCondor)
  8. 8. Cybersecurity Training for Scientists & CI Professionals ● Secure Coding Practices and Automated Assessment Tools (e.g., SWAMP) ● Secure Software Engineering Practices ● Developing Cybersecurity Programs for Science Projects ● Incident Response and Log Analysis ● Federated Identity Management for Research Organizations
  9. 9. Operating Secure Scientific Facilities ● CTSC engagements with NSF Large Facilities: DKIST, Gemini, IceCube, LIGO, LSST, LTER, NEON, OOI ● NSF Large Facilities Security Working Group (established January 2017) ● Annual NSF Cybersecurity Summit (August 15-17 2017 in Arlington, VA) ● Open Science Cyber Risk Profile ( ● CTSC partnership with REN-ISAC for situational awareness
  10. 10. Cybersecurity for Science Gateways ● CTSC partnership with Science Gateway Community Institute (SGCI): cybersecurity education for gateway developers and operators ● CTSC engagement with SciGaP (
  11. 11. 11 Cybersecurity Guides and Tools ● Addressing concerns unique to science ● Policy templates: Acceptable Use, Access Control, Asset Management, Disaster Recovery, Incident Response, Inventory, Awareness, Physical Security, ... ● Risk assessment table ● Securing commodity IT ● Self-assessment Tool ● Identity Management Best Practices
  12. 12. CTSC engagements, guides, email lists, blog, annual summit, monthly webinars, and training on cybersecurity for science SWAMP continuous assurance via and open source SWAMP-in-a-Box software distribution &
  13. 13. For more info... CTSC is funded by NSF award #1547272. SWAMP is funded by DHS award #FA8750-12-2-0289. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.