CTSC+SWAMP: cybersecurity resources for your campus

J
jbasney
Jim Basney jbasney@ncsa.illinois.edu & cybersecurity resources for your campus
Why Cybersecurity Matters: Trusted & Reproducible Science
Center for Trustworthy Scientific Cyberinfrastructure: The NSF Cybersecurity Center of Excellence ● Mission: Provide the NSF community a coherent understanding of cybersecurity’s role in producing trustworthy science and the information and know-how required to achieve and maintain effective cybersecurity programs. ● Building Community: annual NSF Cybersecurity Summit, monthly webinars, blog, email lists, partnerships, benchmarking surveys ● Sharing Knowledge: alerts, guides, templates, best practices, training ● Collaborative Engagements: tackling cybersecurity challenges for science projects
DHS Software Assurance Marketplace (SWAMP) ● A no-cost resource to promote a more stable and secure software ecosystem ● 30 static analysis tools to check your code for weaknesses ● View results from multiple tools in one place, to identify and address the most important problems in your code ● Continuous Assurance: assess your code throughout the development lifecycle Miron Livny, MIR Jim Basney, NCSA Bart Miller, UW Von Welch, IU
SWAMP-in-a-Box ● An open source software distribution for establishing a Continuous Assurance facility on your campus ● Operate your own local SWAMP on your hardware behind your firewall ● Includes plugins for Eclipse & Jenkins ● Connect with your local AD/LDAP accounts or use CILogon/InCommon ● Try mir-swamp.org then install your own https://github.com/mirswamp/deployment
Software Assurance in the Classroom ● Teaching secure coding practices to undergraduates and graduate students ● Students use mir-swamp.org to analyize and improve their code ● Partnership with Prof. Lethia Jackson at Bowie State University in Maryland ○ https://morgridge.org/story/can-cybersecurity-crack-the-undergraduate-curriculum/
Software Assurance for Scientific Cyberinfrastructure ● Software is critical to science and "must be reliable, robust, and secure" (https://www.nsf.gov/cif21) ● Software Assurance is an important CTSC thrust (training, engagements, best practice guides, situational awareness) ● SWAMP is an important resource for CTSC (e.g., engagements with perfSONAR, SciGaP, OSG/HTCondor) https://trustedci.org/software-assurance/
Cybersecurity Training for Scientists & CI Professionals ● Secure Coding Practices and Automated Assessment Tools (e.g., SWAMP) ● Secure Software Engineering Practices ● Developing Cybersecurity Programs for Science Projects ● Incident Response and Log Analysis ● Federated Identity Management for Research Organizations https://trustedci.org/onlinetraining/ https://trustedci.org/trainingmaterials/
Operating Secure Scientific Facilities ● CTSC engagements with NSF Large Facilities: DKIST, Gemini, IceCube, LIGO, LSST, LTER, NEON, OOI ● NSF Large Facilities Security Working Group (established January 2017) ● Annual NSF Cybersecurity Summit (August 15-17 2017 in Arlington, VA) ● Open Science Cyber Risk Profile (https://trustedci.org/oscrp/) ● CTSC partnership with REN-ISAC for situational awareness
Cybersecurity for Science Gateways ● CTSC partnership with Science Gateway Community Institute (SGCI): cybersecurity education for gateway developers and operators ● CTSC engagement with SciGaP (https://trustedci.org/scigap/)
11 Cybersecurity Guides and Tools ● Addressing concerns unique to science ● Policy templates: Acceptable Use, Access Control, Asset Management, Disaster Recovery, Incident Response, Inventory, Awareness, Physical Security, ... ● Risk assessment table ● Securing commodity IT ● Self-assessment Tool ● Identity Management Best Practices https://trustedci.org/guide
CTSC engagements, guides, email lists, blog, annual summit, monthly webinars, and training on cybersecurity for science SWAMP continuous assurance via mir-swamp.org and open source SWAMP-in-a-Box software distribution &
For more info... https://trustedci.org https://continuousassurance.org CTSC is funded by NSF award #1547272. SWAMP is funded by DHS award #FA8750-12-2-0289. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.
1 of 13

CTSC+SWAMP: cybersecurity resources for your campus

Download to read offline
Technology

Center for Trustworthy Scientific Cyberinfrastructure (CTSC) and Software Assurance Marketplace (SWAMP): cybersecurity resources for your campus. Presented at the March 2017 CASC Spring Meeting.

J
jbasney

Recommended

CISM IS Leadership Presentation CISM IS Leadership Presentation
CISM IS Leadership Presentation David Severski
666 views15 slides
Pitfalls of Cyber DataPitfalls of Cyber Data
Pitfalls of Cyber DataPhil Huggins FBCS CITP
2.4K views18 slides
NTXISSACSC2 - Software Assurance (SwA) by John WhitedNTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John WhitedNorth Texas Chapter of the ISSA
1.8K views63 slides
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond CyberPhil Huggins FBCS CITP
2.8K views22 slides
Ict 2015 saga - cisco cybersecurity rešenja- Viktor VargaIct 2015 saga - cisco cybersecurity rešenja- Viktor Varga
Ict 2015 saga - cisco cybersecurity rešenja- Viktor VargaDejan Jeremic
852 views28 slides
Resume justin kelso 2017Resume justin kelso 2017
Resume justin kelso 2017Justin Kelso
119 views2 slides

More Related Content

What's hot

What's hot(20)

Security Consulting MethodologySecurity Consulting Methodology
Security Consulting Methodology
ciso_insights1.9K views
NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...
NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...
North Texas Chapter of the ISSA2.1K views
Ict conf td-evs_pcidss-finalIct conf td-evs_pcidss-final
Ict conf td-evs_pcidss-final
Dejan Jeremic659 views
NTXISSACSC2 - Why Lead with Risk? by Doug LandollNTXISSACSC2 - Why Lead with Risk? by Doug Landoll
NTXISSACSC2 - Why Lead with Risk? by Doug Landoll
North Texas Chapter of the ISSA1.4K views
Security Consulting ServicesSecurity Consulting Services
Security Consulting Services
sahrens1728 views
Outpost24 webinar - Enhance user security to stop the cyber-attack cycleOutpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24103 views
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
NTXISSACSC2 - Information Security Opportunity: Embracing Big Data with Peopl...
North Texas Chapter of the ISSA2.3K views
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost2481 views
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
Health IT Conference – iHT2290 views
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOpsІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps
ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps
UA DevOps Conference64 views
Key Takeaways from Instructure's Successful Bug Bounty ProgramKey Takeaways from Instructure's Successful Bug Bounty Program
Key Takeaways from Instructure's Successful Bug Bounty Program
bugcrowd1.3K views
Crowdsourcing Cyber SecurityCrowdsourcing Cyber Security
Crowdsourcing Cyber Security
Toe Khaing35 views
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
OpenDNS906 views
Cyber Security: Challenges and Solutions for the CorporateCyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the Corporate
Albert Hui780 views
Collaborated cyber defense in pandemic times Collaborated cyber defense in pandemic times
Collaborated cyber defense in pandemic times
Denise Bailey147 views
CV-SMB-infographic-smallCV-SMB-infographic-small
CV-SMB-infographic-small
Jeff Geissler115 views
Multimedia content security in file based environments - sami guirguisMultimedia content security in file based environments - sami guirguis
Multimedia content security in file based environments - sami guirguis
samis1.1K views
Trustworthy Computational Science: Lessons Learned and Next StepsTrustworthy Computational Science: Lessons Learned and Next Steps
Trustworthy Computational Science: Lessons Learned and Next Steps
Von Welch704 views
Telesoft Cyber Threat Hunting InfographicTelesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting Infographic
Sarah Chandley1.8K views
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP Certification
Sam Bowne389 views

Viewers also liked

Protokol 20 03 2017Protokol 20 03 2017
Protokol 20 03 2017Andriy Gerus
1.5K views4 slides

Viewers also liked(18)

Employer Brand Research powered by Randstad - Synthèse des Randstad Awards 2017Employer Brand Research powered by Randstad - Synthèse des Randstad Awards 2017
Employer Brand Research powered by Randstad - Synthèse des Randstad Awards 2017
Groupe Randstad France4.8K views
MS-24 Jan June 2017MS-24 Jan June 2017
MS-24 Jan June 2017
Dharmendra Kumar Singh482 views
Resume Writing MistakesResume Writing Mistakes
Resume Writing Mistakes
Nick Crandell513 views
Protokol 20 03 2017Protokol 20 03 2017
Protokol 20 03 2017
Andriy Gerus1.5K views
JAX-RS 2.1 Reloaded @ DevoxxJAX-RS 2.1 Reloaded @ Devoxx
JAX-RS 2.1 Reloaded @ Devoxx
Santiago Pericas-Geertsen14.5K views
Workshop SEO + ECOMMERCE #ECOMTEAMWorkshop SEO + ECOMMERCE #ECOMTEAM
Workshop SEO + ECOMMERCE #ECOMTEAM
Señor Muñoz1K views
Apache BookKeeper: A High Performance and Low Latency Storage ServiceApache BookKeeper: A High Performance and Low Latency Storage Service
Apache BookKeeper: A High Performance and Low Latency Storage Service
Sijie Guo5.9K views
BlueStore, A New Storage Backend for Ceph, One Year InBlueStore, A New Storage Backend for Ceph, One Year In
BlueStore, A New Storage Backend for Ceph, One Year In
Sage Weil29.3K views
Sosiaalisen median perusteita ja ajankohtaiskatsaus Sosiaalisen median perusteita ja ajankohtaiskatsaus
Sosiaalisen median perusteita ja ajankohtaiskatsaus
Harto Pönkä4.6K views
Les « Gueules cassées » physiques et psychiques. Aux sources des traumatismes...Les « Gueules cassées » physiques et psychiques. Aux sources des traumatismes...
Les « Gueules cassées » physiques et psychiques. Aux sources des traumatismes...
Sandrine Heiser3.2K views
B2B Marketing and The Power of TwitterB2B Marketing and The Power of Twitter
B2B Marketing and The Power of Twitter
Steve Yanor10.1K views
The Marketer's Guide To Customer InterviewsThe Marketer's Guide To Customer Interviews
The Marketer's Guide To Customer Interviews
Good Funnel18.2K views
ELSA France "Teaching is us!" ELSA France "Teaching is us!"
ELSA France "Teaching is us!"
Adrian Scarlett48.6K views
The Be-All, End-All List of Small Business Tax DeductionsThe Be-All, End-All List of Small Business Tax Deductions
The Be-All, End-All List of Small Business Tax Deductions
Wagepoint19.1K views
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of Work
Volker Hirsch902K views
Diapo corte #2Diapo corte #2
Diapo corte #2
Angélica Casiani168 views
El cordero asadoEl cordero asado
El cordero asado
Frankling Aguilar290 views
Mec construindo a escola cidadãMec construindo a escola cidadã
Mec construindo a escola cidadã
Mario Lucio Silva1.9K views

Similar to CTSC+SWAMP: cybersecurity resources for your campus

CACR OverviewCACR Overview
CACR OverviewVon Welch
598 views32 slides
Rachel ResumeRachel Resume
Rachel ResumeRachel Adamick
253 views3 slides

Similar to CTSC+SWAMP: cybersecurity resources for your campus(20)

CACR OverviewCACR Overview
CACR Overview
Von Welch598 views
08252016 John D Resume ITIL PMP CISSP CSM CISA108252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA1
jjdoylecomcast926 views
Rachel ResumeRachel Resume
Rachel Resume
Rachel Adamick253 views
A Strategy for Addressing Cyber Security Challenges A Strategy for Addressing Cyber Security Challenges
A Strategy for Addressing Cyber Security Challenges
Cybersecurity Education and Research Centre1.4K views
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
Florence Hudson30 views
SGCI - Science Gateways - Technology-Enhanced Research Under Consideration of...SGCI - Science Gateways - Technology-Enhanced Research Under Consideration of...
SGCI - Science Gateways - Technology-Enhanced Research Under Consideration of...
Sandra Gesing451 views
Sgci all-hands-9-16-16Sgci all-hands-9-16-16
Sgci all-hands-9-16-16
Nancy Wilkins-Diehr2.1K views
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)
April Mardock CISSP236 views
Architecture centric support for security orchestration and automationArchitecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automation
Chadni Islam366 views
Jenkins_ Carlasha 2016 v1Jenkins_ Carlasha 2016 v1
Jenkins_ Carlasha 2016 v1
Carlasha Jenkins216 views
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersApplication Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Denim Group659 views
SGCI - Science Gateways Bootcamp: Strategies for Developing, Operating and Su...SGCI - Science Gateways Bootcamp: Strategies for Developing, Operating and Su...
SGCI - Science Gateways Bootcamp: Strategies for Developing, Operating and Su...
Sandra Gesing198 views
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
Splunk1.8K views
Funding Software in AcademiaFunding Software in Academia
Funding Software in Academia
Daniel S. Katz1.7K views
Securing Industrial Control Systems - CornCON II: The Wrath Of CornSecuring Industrial Control Systems - CornCON II: The Wrath Of Corn
Securing Industrial Control Systems - CornCON II: The Wrath Of Corn
Eric Andresen466 views
NSF SI2 program discussion at 2013 SI2 PI meetingNSF SI2 program discussion at 2013 SI2 PI meeting
NSF SI2 program discussion at 2013 SI2 PI meeting
Daniel S. Katz812 views
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
robbiesamuel479 views
DHS Cybersecurity Services for Building Cyber ResilienceDHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber Resilience
Dawn Yankeelov685 views
DangThomas_1PageResume_ArchitectDangThomas_1PageResume_Architect
DangThomas_1PageResume_Architect
Thomas Dang113 views
Managed Security Operations Centre Alternative - Managed Security Service Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service
Netpluz Asia Pte Ltd115 views

More from jbasney

More from jbasney(20)

Guidance and Survey Results from the Trustworthy Data Working GroupGuidance and Survey Results from the Trustworthy Data Working Group
Guidance and Survey Results from the Trustworthy Data Working Group
jbasney161 views
Federated Identity Needs for the Large Synoptic Survey Telescope (LSST)Federated Identity Needs for the Large Synoptic Survey Telescope (LSST)
Federated Identity Needs for the Large Synoptic Survey Telescope (LSST)
jbasney181 views
CILogon & SciTokens: OIDC/OAuth FederationCILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth Federation
jbasney156 views
CILogon 2.0 - IAM Online Webinar SeriesCILogon 2.0 - IAM Online Webinar Series
CILogon 2.0 - IAM Online Webinar Series
jbasney190 views
Lightweight Cybersecurity Risk Assessment Tools for CyberinfrastructureLightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
jbasney474 views
CILogon 2.0 at Oct 2017 CICI PI meetingCILogon 2.0 at Oct 2017 CICI PI meeting
CILogon 2.0 at Oct 2017 CICI PI meeting
jbasney621 views
11th FIM4R Workshop: US Projects Update11th FIM4R Workshop: US Projects Update
11th FIM4R Workshop: US Projects Update
jbasney574 views
CILogon PEARC17CILogon PEARC17
CILogon PEARC17
jbasney370 views
CILogon 2.0 at 2017 Internet2 Global SummitCILogon 2.0 at 2017 Internet2 Global Summit
CILogon 2.0 at 2017 Internet2 Global Summit
jbasney419 views
CILogon: An Integrated Identity and Access Management Platform for ScienceCILogon: An Integrated Identity and Access Management Platform for Science
CILogon: An Integrated Identity and Access Management Platform for Science
jbasney547 views
CILogon 2.0 MAGIC SC16CILogon 2.0 MAGIC SC16
CILogon 2.0 MAGIC SC16
jbasney836 views
CILogon 2.0 Update at TechEx 2016CILogon 2.0 Update at TechEx 2016
CILogon 2.0 Update at TechEx 2016
jbasney513 views
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
jbasney717 views
Cybersecurity for ConservationCybersecurity for Conservation
Cybersecurity for Conservation
jbasney653 views
CTSC at TNC16CTSC at TNC16
CTSC at TNC16
jbasney463 views
CILogon 2.0 at 2016 Internet2 Global SummitCILogon 2.0 at 2016 Internet2 Global Summit
CILogon 2.0 at 2016 Internet2 Global Summit
jbasney678 views
SAML Security ContactsSAML Security Contacts
SAML Security Contacts
jbasney791 views
FeduShare TechEx15FeduShare TechEx15
FeduShare TechEx15
jbasney805 views
CILogon 2.0 at REFEDS 30CILogon 2.0 at REFEDS 30
CILogon 2.0 at REFEDS 30
jbasney1.1K views
CILogon and InCommon: Technical UpdateCILogon and InCommon: Technical Update
CILogon and InCommon: Technical Update
jbasney1K views

Recently uploaded

Recently uploaded(20)

Green Leaf Consulting: Capabilities DeckGreen Leaf Consulting: Capabilities Deck
Green Leaf Consulting: Capabilities Deck
GreenLeafConsulting170 views
Samsung: CMM-H Tiered Memory Solution with Built-in DRAMSamsung: CMM-H Tiered Memory Solution with Built-in DRAM
Samsung: CMM-H Tiered Memory Solution with Built-in DRAM
CXL Forum96 views
Data-centric AI and the convergence of data and model engineering: opportunit...Data-centric AI and the convergence of data and model engineering: opportunit...
Data-centric AI and the convergence of data and model engineering: opportunit...
Paolo Missier19 views
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Splunk170 views
Transcript: The Details of Description Techniques tips and tangents on altern...Transcript: The Details of Description Techniques tips and tangents on altern...
Transcript: The Details of Description Techniques tips and tangents on altern...
BookNet Canada99 views
"Fast Start to Building on AWS", Igor Ivaniuk"Fast Start to Building on AWS", Igor Ivaniuk
"Fast Start to Building on AWS", Igor Ivaniuk
Fwdays31 views
AMD: 4th Generation EPYC CXL DemoAMD: 4th Generation EPYC CXL Demo
AMD: 4th Generation EPYC CXL Demo
CXL Forum117 views
Microchip: CXL Use Cases and Enabling EcosystemMicrochip: CXL Use Cases and Enabling Ecosystem
Microchip: CXL Use Cases and Enabling Ecosystem
CXL Forum107 views
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...
Vadym Kazulkin45 views
Micron CXL product and architecture updateMicron CXL product and architecture update
Micron CXL product and architecture update
CXL Forum23 views
MemVerge: Past Present and Future of CXLMemVerge: Past Present and Future of CXL
MemVerge: Past Present and Future of CXL
CXL Forum105 views
AI: mind, matter, meaning, metaphors, being, becoming, life valuesAI: mind, matter, meaning, metaphors, being, becoming, life values
AI: mind, matter, meaning, metaphors, being, becoming, life values
Twain Liu 刘秋艳28 views
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk76 views
CXL at OCPCXL at OCP
CXL at OCP
CXL Forum183 views
Level-up Your Cloud Visibility Into AWS With ThousandEyesLevel-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyes
ThousandEyes74 views
[2023] Putting the R! in R&D.pdf[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf
Eleanor McHugh34 views
"Quality Assurance: Achieving Excellence in startup without a Dedicated QA", ..."Quality Assurance: Achieving Excellence in startup without a Dedicated QA", ...
"Quality Assurance: Achieving Excellence in startup without a Dedicated QA", ...
Fwdays29 views
Business Analyst Series 2023 - Week 2 Session 3Business Analyst Series 2023 - Week 2 Session 3
Business Analyst Series 2023 - Week 2 Session 3
DianaGray10307 views
ThroughputThroughput
Throughput
Moisés Armani Ramírez28 views
ChatGPT and AI for Web DevelopersChatGPT and AI for Web Developers
ChatGPT and AI for Web Developers
Maximiliano Firtman152 views

CTSC+SWAMP: cybersecurity resources for your campus

  • 2. Why Cybersecurity Matters: Trusted & Reproducible Science
  • 3. Center for Trustworthy Scientific Cyberinfrastructure: The NSF Cybersecurity Center of Excellence ● Mission: Provide the NSF community a coherent understanding of cybersecurity’s role in producing trustworthy science and the information and know-how required to achieve and maintain effective cybersecurity programs. ● Building Community: annual NSF Cybersecurity Summit, monthly webinars, blog, email lists, partnerships, benchmarking surveys ● Sharing Knowledge: alerts, guides, templates, best practices, training ● Collaborative Engagements: tackling cybersecurity challenges for science projects
  • 4. DHS Software Assurance Marketplace (SWAMP) ● A no-cost resource to promote a more stable and secure software ecosystem ● 30 static analysis tools to check your code for weaknesses ● View results from multiple tools in one place, to identify and address the most important problems in your code ● Continuous Assurance: assess your code throughout the development lifecycle Miron Livny, MIR Jim Basney, NCSA Bart Miller, UW Von Welch, IU
  • 5. SWAMP-in-a-Box ● An open source software distribution for establishing a Continuous Assurance facility on your campus ● Operate your own local SWAMP on your hardware behind your firewall ● Includes plugins for Eclipse & Jenkins ● Connect with your local AD/LDAP accounts or use CILogon/InCommon ● Try mir-swamp.org then install your own https://github.com/mirswamp/deployment
  • 6. Software Assurance in the Classroom ● Teaching secure coding practices to undergraduates and graduate students ● Students use mir-swamp.org to analyize and improve their code ● Partnership with Prof. Lethia Jackson at Bowie State University in Maryland ○ https://morgridge.org/story/can-cybersecurity-crack-the-undergraduate-curriculum/
  • 7. Software Assurance for Scientific Cyberinfrastructure ● Software is critical to science and "must be reliable, robust, and secure" (https://www.nsf.gov/cif21) ● Software Assurance is an important CTSC thrust (training, engagements, best practice guides, situational awareness) ● SWAMP is an important resource for CTSC (e.g., engagements with perfSONAR, SciGaP, OSG/HTCondor) https://trustedci.org/software-assurance/
  • 8. Cybersecurity Training for Scientists & CI Professionals ● Secure Coding Practices and Automated Assessment Tools (e.g., SWAMP) ● Secure Software Engineering Practices ● Developing Cybersecurity Programs for Science Projects ● Incident Response and Log Analysis ● Federated Identity Management for Research Organizations https://trustedci.org/onlinetraining/ https://trustedci.org/trainingmaterials/
  • 9. Operating Secure Scientific Facilities ● CTSC engagements with NSF Large Facilities: DKIST, Gemini, IceCube, LIGO, LSST, LTER, NEON, OOI ● NSF Large Facilities Security Working Group (established January 2017) ● Annual NSF Cybersecurity Summit (August 15-17 2017 in Arlington, VA) ● Open Science Cyber Risk Profile (https://trustedci.org/oscrp/) ● CTSC partnership with REN-ISAC for situational awareness
  • 10. Cybersecurity for Science Gateways ● CTSC partnership with Science Gateway Community Institute (SGCI): cybersecurity education for gateway developers and operators ● CTSC engagement with SciGaP (https://trustedci.org/scigap/)
  • 11. 11 Cybersecurity Guides and Tools ● Addressing concerns unique to science ● Policy templates: Acceptable Use, Access Control, Asset Management, Disaster Recovery, Incident Response, Inventory, Awareness, Physical Security, ... ● Risk assessment table ● Securing commodity IT ● Self-assessment Tool ● Identity Management Best Practices https://trustedci.org/guide
  • 12. CTSC engagements, guides, email lists, blog, annual summit, monthly webinars, and training on cybersecurity for science SWAMP continuous assurance via mir-swamp.org and open source SWAMP-in-a-Box software distribution &
  • 13. For more info... https://trustedci.org https://continuousassurance.org CTSC is funded by NSF award #1547272. SWAMP is funded by DHS award #FA8750-12-2-0289. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.