SlideShare a Scribd company logo

CACR Director's Update 2015

Von Welch
Von Welch

The document provides an update from the director of CACR (Center for Applied Cybersecurity Research). It summarizes the upcoming spring seminar series speakers, thanks those involved in making the seminars possible, and discusses the current cybersecurity landscape including frequent software vulnerabilities and data breaches. It also outlines the director's wishes for better software evaluation tools, more sharing of breach details and intelligence, and increased funding spanning research and operations. Finally, it provides an overview of CACR's vision and role within Indiana University to interweave technical and policy expertise across disciplines to improve cybersecurity.

1 of 40
Download to read offline
CACR  Director’s  Update   Von  Welch   Director,  CACR   CACR  Seminar  Series   January  22nd,  2015  
Welcome   2015  Spring  Seminar  Series   •  02/05/2015  Cornell  University's  Rafael  Pass   •  02/19/2015  Penn  State's  Christopher  French   •  03/05/2015  Northeastern  University's  Engin  Kirda   •  04/02/2015  Duke's  Aswin  Machanavajjhala,  PhD   •  04/16/2015  Indiana  University's  ScoR  Shakelford   Latest:  hRp://www.cacr.iu.edu/events/674   January  22,  2015  CACR  Director's  Report  
Thank  yous   •  Marjorie  Young   •  Marion  Conaty   •  Dara  Eckart   •  Sarah  Portwood   •  And  everyone  else  who  make  these  talks   possible   January  22,  2015  CACR  Director's  Report  
Thank  you  to     Fred  H.  Cate   Founding  CACR   Director  2003-­‐2014     Now  a  CACR  Senior   Policy  Fellow   January  22,  2015  CACR  Director's  Report  
CACR  Administration  and  Staff   •  David  Delaney   Deputy  Director   •  Dara  Eckart   Administrave  Director       Associate  Directors:   •  Bill  BarneR   •  Mark  Bruhn   •  ScoR  Orr   •  Leslee  Cooper   •  Randy  Heiland   •  Craig  Jackson   •  Ryan  Kiser   •  Mark  Krenz   •  Sarah  Portwood   •  Susan  Sons   •  Marjorie  Young     Plus  many  fellows  and  students…   January  22,  2015  CACR  Director's  Report  
THE  CYBERSECURITY   LANDSCAPE   January  22,  2015  CACR  Director's  Report  
Software  Foundation   •  Heartbleed,   ShellShock,  NTP…   •  Foundaonal   socware  of  the   Internet  isn’t  as   solid  as  we  would   like.   January  22,  2015  CACR  Director's  Report  
Breaches,  breaches,  breaches…   •  Target,  Home  Depot,   etc.   •  Cybercrime  is  geeng   more  organized,  aiming   higher  and  geeng   beRer.   •  Our  different  networks   are  integrated.   January  22,  2015  CACR  Director's  Report  
We’re  not  changing  behavior   •  Password  “123456”  reigns  supreme   in  2014  …  Again!   •  Caveat  –  this  is  from  “leaked   passwords”   •  Why  not?   •  Are  people  not  directly  effected?   •  Consequences  too  distant?   January  22,  2015  CACR  Director's  Report  
Adoption  of  Two-­‐Factor  Auth  and   Password  Managers   January  22,  2015  CACR  Director's  Report  
Cybersecurity  as  Risk  Management   Growing  need  by   cybersecurity  professionals   to  understand   cybersecurity’s  role  in   supporng  the  mission  of   the  organizaon  by   managing  risk.   January  22,  2015  CACR  Director's  Report  
Transition  to  Practice   •  Widening  gap  between  sophiscaon  of   cybersecurity  research  and  what  is  applied.   •  Programs  in  NSF,  DHS,  etc.  focusing  on   geeng  research  into  pracce.   January  22,  2015  CACR  Director's  Report  
We’re  still  waiting  for  the  big  one…   January  22,  2015  CACR  Director's  Report  
MY  WISH  LIST   January  22,  2015  CACR  Director's  Report  
Learn  from  our  mistakes   •  Breach  reporng  is  nice,  but  knowing  what   actually  went  wrong  is  much  beRer.   •  Think  Naonal  Transportaon  Safety  Board   reports  –  not  fast,  but  detailed.   •  Mandiant  APT1  is  a  good  example.   •  More  sharing  of  intelligence,  mistakes  in  the   community  –  too  closed  right  now.   January  22,  2015  CACR  Director's  Report  
Better  Software/ConTiguration   Checking  Tools   •  Economics  are  against  cybersecurity   •  Race  to  develop,  deploy,  reconfigure,  sell   trumps  cybersecurity  in  most  cases.   •  Need  immediate  feedback  -­‐  tools  to  check   socware  and  configuraon  of  systems.   •  Easy,  integrated,  real  me  and  clear.   January  22,  2015  CACR  Director's  Report  
More  funding  spanning  research   and  operations   •  We  need  to  bring  together  those  wrestling   with  real-­‐world  problems  and  those  with   innovave  research  ideas.   •  Span  from  brainstorming  workshops,  through   experimentaon,  prototypes,  and   deployment.   •  Culture  change  needed  to  create  this  sort  of   collaboraon.   January  22,  2015  CACR  Director's  Report  
TURNING  TO  CACR   January  22,  2015  CACR  Director's  Report  
About  CACR   •  Part  of  Pervasive  Technology  Instute   •  p.iu.edu   •  Supported  by  VPIT,  NSF,  DHS,  DOE.   •  Partnership  with  University  Informaon   Technology  Services,  School  of  Informacs   and  Compung,  Maurer  School  of  Law,  Kelly   School  of  Business.     January  22,  2015  CACR  Director's  Report  
CACR  VISION   •  Interweave  technical  and  policy  experse.   •  Draw  on  Indiana  University’s  wide  range  of   scholarly  experse  in  computer  science,   informacs,  accounng  and  informaon   systems,  criminal  jusce,  law,  organizaonal   behavior,  public  policy,  and  other  disciplines.   •  Bridge  with  Indiana  University’s  extensive   praccal  experience  in  cybersecurity  of  its   operaonal  units.   January  22,  2015  CACR  Director's  Report  
CACR  And  IU   •  CACR  exists  to  serve  the  Naon,  State  and  IU.   •  Per  our  vision,  we  aim  to  improve   cybersecurity  at  IU  and  IU  through   cybersecurity.   •  Talk  to  us  about  coordinaon  of   cybersecurity  acvies,  or  collaboraon  on   cybersecurity  policy,  operaonal,  or  applied   research.   January  22,  2015  CACR  Director's  Report  
Cybersecurity  @  Indiana  University     Impressive!   • CACR   • REN-­‐ISAC   • SOIC    -­‐-­‐  Master’s  Degree  in  Cybersecurity   • University  Informaon  Security  Office   • University  Informaon  Policy  Office   • Many  researchers  and  praconers  in  other   schools  and  offices.   January  22,  2015  CACR  Director's  Report  
CACR  ACTIVITIES   January  22,  2015  CACR  Director's  Report  
Trustworthy  Science     Maintaining  the  trust  of  sciensts  and  the   public  in  the  CI,  data  and  science  is  crical.     Challenge  is  understanding  increasing   threats  to  computaonal  science,  cultural   and  requirements  of  individual  domains,   large  distribute  science  communies,   unique  assets  such  as  instruments,  data,   etc.   January  22,  2015  CACR  Director's  Report  
Science  pushes  IT  hard!   January  22,  2015  CACR  Director's  Report   HPC   HTC   Science   Gateways   Big  Data   Distributed   Everything   Bleeding-­‐edge   Networks  
TrustedCI.org:   Center  for  Trustworthy  ScientiTic   Cyberinfrastructure   Providing  leadership  and  addressing   cybersecurity  challenges  for  the  NSF  community.   January  22,  2015  CACR  Director's  Report  
CTSC  Accomplishments   •  Engaged  with  over  a   dozen  NSF  projects  -­‐   5  large  facilies.   •  Organized  NSF   Cybersecurity   Summits  for  Large   Facilies  and  CI     •  Training,  best   pracces   •  Developed   Cybersecurity   Program  Guide  for   NSF  CI   •  Authoring   cybersecurity   chapter  for  NSF   Large  Facilies   Manual   January  22,  2015  CACR  Director's  Report  
We  rely  increasingly  on   our  socware  stacks  –  both   the  ones  we  write  and   others.     Open  nature  leads  to   large  aRack  surfaces.     Socware  integrity  is   crical.   A  joint  effort:     Morgridge  Instute  for   Research  (lead)   University  of  Illinois   Urbana  Champaign   University  of  Wisconsin   –  Madison   Indiana  University     Funded  by  DHS   January  22,  2015  CACR  Director's  Report   Miron Livny, MIR Jim Basney, UIUC Bart Miller, UW Von Welch, IU https://continuousassurance.org/
A  Framework  for  Software  Assurance   January  22,  2015  CACR  Director's  Report   Results   Package   Package   Package   Tool   Tool   Tool   Pla'orm   Pla'orm   Pla'orm   Current:  396  &   bring  your  own   Current:  8   Perform   Assessment   Result   Viewer   Result   Viewer   Result   Viewer   Current:  2   Current:  700+  Cores   View   Results   Parse   Results   Parsed   Results   Current:  9  
IU’s  Role  in  SWAMP   •  CACR:  Cybersecurity   •  RT/  High  Throughput  Compung  (w/Global   Research  NOC):  User  Support  and  Monitoring   January  22,  2015  CACR  Director's  Report  
XSIM:  Extreme  Scale  Identity   Management  for  Science   Tradional  compung   with  users  all  managed   by  data  center.   January  22,  2015  CACR  Director's  Report   Image  credit:  Ian  Bird/CERN  Image credit: Lawrence Livermore National Laboratory (via Wikipedia) Modern  science  has   large  mulL-­‐site   collaboraLons.  
Science  collaboratory  identity   management   •  Based  on  interviews  with  18  sites  and  projects.   •  Simple  model  for  describing  collaboratory  IdM.   January  22,  2015  CACR  Director's  Report   •  IdenLfied  factors  that   inhibit  and  encourage   delegaLon  from   compuLng  center  to   collaboraLon.  
IU  NSA  CertiTication   •  Indiana  University  designated  as  a  Naonal   Center  of  Academic  Excellence  in  Informaon   Assurance/Cybersecurity  through  academic   year  2021.     •  Many  thanks  to  ScoR  Orr,  Drew  Simshaw,   and  all  the  faculty  and  staff  who  gather   needed  informaon.   January  22,  2015  CACR  Director's  Report  
Indiana  National  Guard   •  Parcipate  in  community-­‐building  cyber   discussions  with  the  Indiana  Naonal  Guard   •  Facilitate  tour  of  ING  cyber  training  facilies   at  Muscatatuck  by  senior  homeland  security   officials   •  Contribute  to  IU  leRer  of  support  for  ING’s   efforts  to  expand  its  cyber  force.     January  22,  2015  CACR  Director's  Report  
Consultation  to  NSA  on  Cyber   •  In  the  wake  of  Edward  Snowden’s  disclosures,   organized  a  day-­‐long  discussion  between  faculty  and   senior  NSA  officials  at  NSA  headquarters  in  Fort   Meade,  Maryland.   •  Guidance  on  privacy,  whistleblowing,  transparency,   secrecy,  and  related  topics.     •  Maurer  School  of  Law  Prof.  and  CACR  Senior  Fellow   David  Fidler’s  appointment  as  Scholar  in  Residence   of  the  President’s  Privacy  and  Civil  Liberes   Oversight  Board  (Jan-­‐Aug  2015).   January  22,  2015  CACR  Director's  Report  
DOD  Minerva  Proposal   Coordinated  the  development  of  a   muldisciplinary  cyber  research  proposal   through  the  defense  department’s  MINERVA   social  science  research  iniave.     Seven  faculty  from  six  IU  disciplines  (law,   journalism,  psychology,  policy,  linguiscs,   internaonal  affairs)  joined  the  effort  to   propose  a  study  of  societal  trust  and  stability.     January  22,  2015  CACR  Director's  Report  
CACR  Strategic  Plan   •  Strategic  Planning  acvies  Oct’14-­‐March’15   •  Expect  to…   Refresh  the  fellows  program   Establish  strong  connecons  with  more  schools  and   other  IU  campuses   Define  opportunies  to  provide  experse  to  the   community;  etc.   Refine  and  focus  Security  MaRers   •  Thoughts?  Input?  We’re  happy  to  chat.     January  22,  2015  CACR  Director's  Report  
2014  CACR  Cybersecurity  Summit   •  June  2014  Summit  in  Indianapolis   •  Featured  two  senior  Homeland  Security   officials  responsible  for  cyber  operaons  and   R&D.   News  about  2015  CACR  Cybersecurity  Summit   coming  soon!   January  22,  2015  CACR  Director's  Report  
Cyber  Faculty  Discussion   •  Feb.  25   •  Extending  from  the  MINERVA  collaboraon.   •  Professors  Shannon  Marn  and  Tony  Fargo   are  featured  speakers  in  a  faculty  discussion   of  their  cyber  research  interests  and   establishing  collaborave  research  teams  at   IU.   January  22nd,  2015  CACR  Director's  Report  
Thank  you       cacr.iu.edu     January  22,  2015  CACR  Director's  Report  

Recommended

Sgci nasa-esds-10-29-18
Sgci nasa-esds-10-29-18Sgci nasa-esds-10-29-18
Sgci nasa-esds-10-29-18
Nancy Wilkins-Diehr
 
Ethics in Technology – Example of RIPE Atlas
Ethics in Technology – Example of RIPE Atlas Ethics in Technology – Example of RIPE Atlas
Ethics in Technology – Example of RIPE Atlas
RIPE NCC
 
Ucsd research-it-09-11-18
Ucsd research-it-09-11-18Ucsd research-it-09-11-18
Ucsd research-it-09-11-18
Nancy Wilkins-Diehr
 
Sgci spf-2-23-17
Sgci spf-2-23-17Sgci spf-2-23-17
Sgci spf-2-23-17
Nancy Wilkins-Diehr
 
Ethics of Internet Measurements – Example of RIPE Atlas
Ethics of Internet Measurements – Example of RIPE AtlasEthics of Internet Measurements – Example of RIPE Atlas
Ethics of Internet Measurements – Example of RIPE Atlas
RIPE NCC
 
Trustworthy Computational Science: Lessons Learned and Next Steps
Trustworthy Computational Science: Lessons Learned and Next StepsTrustworthy Computational Science: Lessons Learned and Next Steps
Trustworthy Computational Science: Lessons Learned and Next Steps
Von Welch
 
Facilitating Scientific Collaborations by Delegating Identity Management
Facilitating Scientific Collaborations by Delegating Identity Management Facilitating Scientific Collaborations by Delegating Identity Management
Facilitating Scientific Collaborations by Delegating Identity Management
Von Welch
 
Cybersecurity for Science
Cybersecurity for ScienceCybersecurity for Science
Cybersecurity for Science
Von Welch
 

Recommended

Sgci nasa-esds-10-29-18
Sgci nasa-esds-10-29-18Sgci nasa-esds-10-29-18
Sgci nasa-esds-10-29-18
Nancy Wilkins-Diehr
 
Ethics in Technology – Example of RIPE Atlas
Ethics in Technology – Example of RIPE Atlas Ethics in Technology – Example of RIPE Atlas
Ethics in Technology – Example of RIPE Atlas
RIPE NCC
 
Ucsd research-it-09-11-18
Ucsd research-it-09-11-18Ucsd research-it-09-11-18
Ucsd research-it-09-11-18
Nancy Wilkins-Diehr
 
Sgci spf-2-23-17
Sgci spf-2-23-17Sgci spf-2-23-17
Sgci spf-2-23-17
Nancy Wilkins-Diehr
 
Ethics of Internet Measurements – Example of RIPE Atlas
Ethics of Internet Measurements – Example of RIPE AtlasEthics of Internet Measurements – Example of RIPE Atlas
Ethics of Internet Measurements – Example of RIPE Atlas
RIPE NCC
 
Trustworthy Computational Science: Lessons Learned and Next Steps
Trustworthy Computational Science: Lessons Learned and Next StepsTrustworthy Computational Science: Lessons Learned and Next Steps
Trustworthy Computational Science: Lessons Learned and Next Steps
Von Welch
 
Facilitating Scientific Collaborations by Delegating Identity Management
Facilitating Scientific Collaborations by Delegating Identity Management Facilitating Scientific Collaborations by Delegating Identity Management
Facilitating Scientific Collaborations by Delegating Identity Management
Von Welch
 
Cybersecurity for Science
Cybersecurity for ScienceCybersecurity for Science
Cybersecurity for Science
Von Welch
 
Trustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveTrustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade Perspective
Von Welch
 
Facilitating Scientific Collaborations by Delegating Identity Management
Facilitating Scientific Collaborations by Delegating Identity Management Facilitating Scientific Collaborations by Delegating Identity Management
Facilitating Scientific Collaborations by Delegating Identity Management
Von Welch
 
XSIM and CTSC OSG Satellite Presentations at 2015 OSG All Hands Meeting
XSIM and CTSC OSG Satellite Presentations at 2015 OSG All Hands MeetingXSIM and CTSC OSG Satellite Presentations at 2015 OSG All Hands Meeting
XSIM and CTSC OSG Satellite Presentations at 2015 OSG All Hands Meeting
Von Welch
 
Welch owasp-feb-2015
Welch owasp-feb-2015Welch owasp-feb-2015
Welch owasp-feb-2015
Von Welch
 
Cybersecurity for Science
Cybersecurity for ScienceCybersecurity for Science
Cybersecurity for Science
Von Welch
 
Extreme-scale Identity Management for Scientific Collaborations
Extreme-scale Identity Management for Scientific CollaborationsExtreme-scale Identity Management for Scientific Collaborations
Extreme-scale Identity Management for Scientific Collaborations
Von Welch
 
CACR Overview
CACR OverviewCACR Overview
CACR Overview
Von Welch
 
Open Sesame: Open Data, Data Liberation and Opportunities for Librarians
Open Sesame: Open Data, Data Liberation and Opportunities for LibrariansOpen Sesame: Open Data, Data Liberation and Opportunities for Librarians
Open Sesame: Open Data, Data Liberation and Opportunities for Librarians
Communication and Media Studies, Carleton University
 
How to access the AEDC data collections
How to access the AEDC data collectionsHow to access the AEDC data collections
How to access the AEDC data collections
Sonia Whiteley
 
Mapping Library Technology to Community Needs Webinar
Mapping Library Technology to Community Needs WebinarMapping Library Technology to Community Needs Webinar
Mapping Library Technology to Community Needs Webinar
ALATechSource
 
Rural Info Tech Alliance: Growing and Keeping IT Talent
Rural Info Tech Alliance: Growing and Keeping IT TalentRural Info Tech Alliance: Growing and Keeping IT Talent
Rural Info Tech Alliance: Growing and Keeping IT Talent
Ann Treacy
 
OneIS CANHEIT V03 NN
OneIS CANHEIT V03 NNOneIS CANHEIT V03 NN
OneIS CANHEIT V03 NN
Mark Roman
 
It resource needsassessment
It resource needsassessmentIt resource needsassessment
It resource needsassessment
MARIUM NASIR
 
Priority-Based Approaches to Accessible Procurement, Planning, and Implementa...
Priority-Based Approaches to Accessible Procurement, Planning, and Implementa...Priority-Based Approaches to Accessible Procurement, Planning, and Implementa...
Priority-Based Approaches to Accessible Procurement, Planning, and Implementa...
Nate Evans
 
Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222
KevinAlt1
 
UCT eResearch - Presentation for IT reps
UCT eResearch - Presentation for IT repsUCT eResearch - Presentation for IT reps
UCT eResearch - Presentation for IT reps
eResearchatUCT
 
Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04
kevin_donovan
 
Luciano uvi hackfest.28.10.2020
Luciano uvi hackfest.28.10.2020Luciano uvi hackfest.28.10.2020
Luciano uvi hackfest.28.10.2020
Joanne Luciano
 
Lasi local strategic 2014 final
Lasi local strategic 2014 finalLasi local strategic 2014 final
Lasi local strategic 2014 final
Kim Arnold
 
Hilary weir sqa
Hilary weir sqaHilary weir sqa
Hilary weir sqa
SLICINFO
 
development of information technology
development of information technologydevelopment of information technology
development of information technology
Biqie1995
 
July 14, 2016 Webcast for the Bioinformatics MS at NYU Tandon Online
July 14, 2016 Webcast for the Bioinformatics MS at NYU Tandon OnlineJuly 14, 2016 Webcast for the Bioinformatics MS at NYU Tandon Online
July 14, 2016 Webcast for the Bioinformatics MS at NYU Tandon Online
NYU Tandon Online
 

More Related Content

Viewers also liked

Trustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveTrustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade Perspective
Von Welch
 
Facilitating Scientific Collaborations by Delegating Identity Management
Facilitating Scientific Collaborations by Delegating Identity Management Facilitating Scientific Collaborations by Delegating Identity Management
Facilitating Scientific Collaborations by Delegating Identity Management
Von Welch
 
XSIM and CTSC OSG Satellite Presentations at 2015 OSG All Hands Meeting
XSIM and CTSC OSG Satellite Presentations at 2015 OSG All Hands MeetingXSIM and CTSC OSG Satellite Presentations at 2015 OSG All Hands Meeting
XSIM and CTSC OSG Satellite Presentations at 2015 OSG All Hands Meeting
Von Welch
 
Welch owasp-feb-2015
Welch owasp-feb-2015Welch owasp-feb-2015
Welch owasp-feb-2015
Von Welch
 
Cybersecurity for Science
Cybersecurity for ScienceCybersecurity for Science
Cybersecurity for Science
Von Welch
 
Extreme-scale Identity Management for Scientific Collaborations
Extreme-scale Identity Management for Scientific CollaborationsExtreme-scale Identity Management for Scientific Collaborations
Extreme-scale Identity Management for Scientific Collaborations
Von Welch
 
CACR Overview
CACR OverviewCACR Overview
CACR Overview
Von Welch
 

Viewers also liked (7)

Trustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveTrustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade Perspective
 
Facilitating Scientific Collaborations by Delegating Identity Management
Facilitating Scientific Collaborations by Delegating Identity Management Facilitating Scientific Collaborations by Delegating Identity Management
Facilitating Scientific Collaborations by Delegating Identity Management
 
XSIM and CTSC OSG Satellite Presentations at 2015 OSG All Hands Meeting
XSIM and CTSC OSG Satellite Presentations at 2015 OSG All Hands MeetingXSIM and CTSC OSG Satellite Presentations at 2015 OSG All Hands Meeting
XSIM and CTSC OSG Satellite Presentations at 2015 OSG All Hands Meeting
 
Welch owasp-feb-2015
Welch owasp-feb-2015Welch owasp-feb-2015
Welch owasp-feb-2015
 
Cybersecurity for Science
Cybersecurity for ScienceCybersecurity for Science
Cybersecurity for Science
 
Extreme-scale Identity Management for Scientific Collaborations
Extreme-scale Identity Management for Scientific CollaborationsExtreme-scale Identity Management for Scientific Collaborations
Extreme-scale Identity Management for Scientific Collaborations
 
CACR Overview
CACR OverviewCACR Overview
CACR Overview
 

Similar to CACR Director's Update 2015

Open Sesame: Open Data, Data Liberation and Opportunities for Librarians
Open Sesame: Open Data, Data Liberation and Opportunities for LibrariansOpen Sesame: Open Data, Data Liberation and Opportunities for Librarians
Open Sesame: Open Data, Data Liberation and Opportunities for Librarians
Communication and Media Studies, Carleton University
 
How to access the AEDC data collections
How to access the AEDC data collectionsHow to access the AEDC data collections
How to access the AEDC data collections
Sonia Whiteley
 
Mapping Library Technology to Community Needs Webinar
Mapping Library Technology to Community Needs WebinarMapping Library Technology to Community Needs Webinar
Mapping Library Technology to Community Needs Webinar
ALATechSource
 
Rural Info Tech Alliance: Growing and Keeping IT Talent
Rural Info Tech Alliance: Growing and Keeping IT TalentRural Info Tech Alliance: Growing and Keeping IT Talent
Rural Info Tech Alliance: Growing and Keeping IT Talent
Ann Treacy
 
OneIS CANHEIT V03 NN
OneIS CANHEIT V03 NNOneIS CANHEIT V03 NN
OneIS CANHEIT V03 NN
Mark Roman
 
It resource needsassessment
It resource needsassessmentIt resource needsassessment
It resource needsassessment
MARIUM NASIR
 
Priority-Based Approaches to Accessible Procurement, Planning, and Implementa...
Priority-Based Approaches to Accessible Procurement, Planning, and Implementa...Priority-Based Approaches to Accessible Procurement, Planning, and Implementa...
Priority-Based Approaches to Accessible Procurement, Planning, and Implementa...
Nate Evans
 
Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222
KevinAlt1
 
UCT eResearch - Presentation for IT reps
UCT eResearch - Presentation for IT repsUCT eResearch - Presentation for IT reps
UCT eResearch - Presentation for IT reps
eResearchatUCT
 
Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04
kevin_donovan
 
Luciano uvi hackfest.28.10.2020
Luciano uvi hackfest.28.10.2020Luciano uvi hackfest.28.10.2020
Luciano uvi hackfest.28.10.2020
Joanne Luciano
 
Lasi local strategic 2014 final
Lasi local strategic 2014 finalLasi local strategic 2014 final
Lasi local strategic 2014 final
Kim Arnold
 
Hilary weir sqa
Hilary weir sqaHilary weir sqa
Hilary weir sqa
SLICINFO
 
development of information technology
development of information technologydevelopment of information technology
development of information technology
Biqie1995
 
July 14, 2016 Webcast for the Bioinformatics MS at NYU Tandon Online
July 14, 2016 Webcast for the Bioinformatics MS at NYU Tandon OnlineJuly 14, 2016 Webcast for the Bioinformatics MS at NYU Tandon Online
July 14, 2016 Webcast for the Bioinformatics MS at NYU Tandon Online
NYU Tandon Online
 
DHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber Resilience
Dawn Yankeelov
 
Ratan "Are we there yet? Keeping the promise of open science"
Ratan "Are we there yet? Keeping the promise of open science"Ratan "Are we there yet? Keeping the promise of open science"
Ratan "Are we there yet? Keeping the promise of open science"
National Information Standards Organization (NISO)
 
Introducing the National Digital Stewardship Agenda
Introducing the National Digital Stewardship AgendaIntroducing the National Digital Stewardship Agenda
Introducing the National Digital Stewardship Agenda
Micah Altman
 
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
Florence Hudson
 
How you and your gateway can benefit from the services of the Science Gateway...
How you and your gateway can benefit from the services of the Science Gateway...How you and your gateway can benefit from the services of the Science Gateway...
How you and your gateway can benefit from the services of the Science Gateway...
Katherine Lawrence
 

Similar to CACR Director's Update 2015 (20)

Open Sesame: Open Data, Data Liberation and Opportunities for Librarians
Open Sesame: Open Data, Data Liberation and Opportunities for LibrariansOpen Sesame: Open Data, Data Liberation and Opportunities for Librarians
Open Sesame: Open Data, Data Liberation and Opportunities for Librarians
 
How to access the AEDC data collections
How to access the AEDC data collectionsHow to access the AEDC data collections
How to access the AEDC data collections
 
Mapping Library Technology to Community Needs Webinar
Mapping Library Technology to Community Needs WebinarMapping Library Technology to Community Needs Webinar
Mapping Library Technology to Community Needs Webinar
 
Rural Info Tech Alliance: Growing and Keeping IT Talent
Rural Info Tech Alliance: Growing and Keeping IT TalentRural Info Tech Alliance: Growing and Keeping IT Talent
Rural Info Tech Alliance: Growing and Keeping IT Talent
 
OneIS CANHEIT V03 NN
OneIS CANHEIT V03 NNOneIS CANHEIT V03 NN
OneIS CANHEIT V03 NN
 
It resource needsassessment
It resource needsassessmentIt resource needsassessment
It resource needsassessment
 
Priority-Based Approaches to Accessible Procurement, Planning, and Implementa...
Priority-Based Approaches to Accessible Procurement, Planning, and Implementa...Priority-Based Approaches to Accessible Procurement, Planning, and Implementa...
Priority-Based Approaches to Accessible Procurement, Planning, and Implementa...
 
Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222
 
UCT eResearch - Presentation for IT reps
UCT eResearch - Presentation for IT repsUCT eResearch - Presentation for IT reps
UCT eResearch - Presentation for IT reps
 
Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04Information security fasit-cait-20150129_v04
Information security fasit-cait-20150129_v04
 
Luciano uvi hackfest.28.10.2020
Luciano uvi hackfest.28.10.2020Luciano uvi hackfest.28.10.2020
Luciano uvi hackfest.28.10.2020
 
Lasi local strategic 2014 final
Lasi local strategic 2014 finalLasi local strategic 2014 final
Lasi local strategic 2014 final
 
Hilary weir sqa
Hilary weir sqaHilary weir sqa
Hilary weir sqa
 
development of information technology
development of information technologydevelopment of information technology
development of information technology
 
July 14, 2016 Webcast for the Bioinformatics MS at NYU Tandon Online
July 14, 2016 Webcast for the Bioinformatics MS at NYU Tandon OnlineJuly 14, 2016 Webcast for the Bioinformatics MS at NYU Tandon Online
July 14, 2016 Webcast for the Bioinformatics MS at NYU Tandon Online
 
DHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber Resilience
 
Ratan "Are we there yet? Keeping the promise of open science"
Ratan "Are we there yet? Keeping the promise of open science"Ratan "Are we there yet? Keeping the promise of open science"
Ratan "Are we there yet? Keeping the promise of open science"
 
Introducing the National Digital Stewardship Agenda
Introducing the National Digital Stewardship AgendaIntroducing the National Digital Stewardship Agenda
Introducing the National Digital Stewardship Agenda
 
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
 
How you and your gateway can benefit from the services of the Science Gateway...
How you and your gateway can benefit from the services of the Science Gateway...How you and your gateway can benefit from the services of the Science Gateway...
How you and your gateway can benefit from the services of the Science Gateway...
 

CACR Director's Update 2015

  • 1. CACR  Director’s  Update   Von  Welch   Director,  CACR   CACR  Seminar  Series   January  22nd,  2015  
  • 2. Welcome   2015  Spring  Seminar  Series   •  02/05/2015  Cornell  University's  Rafael  Pass   •  02/19/2015  Penn  State's  Christopher  French   •  03/05/2015  Northeastern  University's  Engin  Kirda   •  04/02/2015  Duke's  Aswin  Machanavajjhala,  PhD   •  04/16/2015  Indiana  University's  ScoR  Shakelford   Latest:  hRp://www.cacr.iu.edu/events/674   January  22,  2015  CACR  Director's  Report  
  • 3. Thank  yous   •  Marjorie  Young   •  Marion  Conaty   •  Dara  Eckart   •  Sarah  Portwood   •  And  everyone  else  who  make  these  talks   possible   January  22,  2015  CACR  Director's  Report  
  • 4. Thank  you  to     Fred  H.  Cate   Founding  CACR   Director  2003-­‐2014     Now  a  CACR  Senior   Policy  Fellow   January  22,  2015  CACR  Director's  Report  
  • 5. CACR  Administration  and  Staff   •  David  Delaney   Deputy  Director   •  Dara  Eckart   Administrave  Director       Associate  Directors:   •  Bill  BarneR   •  Mark  Bruhn   •  ScoR  Orr   •  Leslee  Cooper   •  Randy  Heiland   •  Craig  Jackson   •  Ryan  Kiser   •  Mark  Krenz   •  Sarah  Portwood   •  Susan  Sons   •  Marjorie  Young     Plus  many  fellows  and  students…   January  22,  2015  CACR  Director's  Report  
  • 6. THE  CYBERSECURITY   LANDSCAPE   January  22,  2015  CACR  Director's  Report  
  • 7. Software  Foundation   •  Heartbleed,   ShellShock,  NTP…   •  Foundaonal   socware  of  the   Internet  isn’t  as   solid  as  we  would   like.   January  22,  2015  CACR  Director's  Report  
  • 8. Breaches,  breaches,  breaches…   •  Target,  Home  Depot,   etc.   •  Cybercrime  is  geeng   more  organized,  aiming   higher  and  geeng   beRer.   •  Our  different  networks   are  integrated.   January  22,  2015  CACR  Director's  Report  
  • 9. We’re  not  changing  behavior   •  Password  “123456”  reigns  supreme   in  2014  …  Again!   •  Caveat  –  this  is  from  “leaked   passwords”   •  Why  not?   •  Are  people  not  directly  effected?   •  Consequences  too  distant?   January  22,  2015  CACR  Director's  Report  
  • 10. Adoption  of  Two-­‐Factor  Auth  and   Password  Managers   January  22,  2015  CACR  Director's  Report  
  • 11. Cybersecurity  as  Risk  Management   Growing  need  by   cybersecurity  professionals   to  understand   cybersecurity’s  role  in   supporng  the  mission  of   the  organizaon  by   managing  risk.   January  22,  2015  CACR  Director's  Report  
  • 12. Transition  to  Practice   •  Widening  gap  between  sophiscaon  of   cybersecurity  research  and  what  is  applied.   •  Programs  in  NSF,  DHS,  etc.  focusing  on   geeng  research  into  pracce.   January  22,  2015  CACR  Director's  Report  
  • 13. We’re  still  waiting  for  the  big  one…   January  22,  2015  CACR  Director's  Report  
  • 14. MY  WISH  LIST   January  22,  2015  CACR  Director's  Report  
  • 15. Learn  from  our  mistakes   •  Breach  reporng  is  nice,  but  knowing  what   actually  went  wrong  is  much  beRer.   •  Think  Naonal  Transportaon  Safety  Board   reports  –  not  fast,  but  detailed.   •  Mandiant  APT1  is  a  good  example.   •  More  sharing  of  intelligence,  mistakes  in  the   community  –  too  closed  right  now.   January  22,  2015  CACR  Director's  Report  
  • 16. Better  Software/ConTiguration   Checking  Tools   •  Economics  are  against  cybersecurity   •  Race  to  develop,  deploy,  reconfigure,  sell   trumps  cybersecurity  in  most  cases.   •  Need  immediate  feedback  -­‐  tools  to  check   socware  and  configuraon  of  systems.   •  Easy,  integrated,  real  me  and  clear.   January  22,  2015  CACR  Director's  Report  
  • 17. More  funding  spanning  research   and  operations   •  We  need  to  bring  together  those  wrestling   with  real-­‐world  problems  and  those  with   innovave  research  ideas.   •  Span  from  brainstorming  workshops,  through   experimentaon,  prototypes,  and   deployment.   •  Culture  change  needed  to  create  this  sort  of   collaboraon.   January  22,  2015  CACR  Director's  Report  
  • 18. TURNING  TO  CACR   January  22,  2015  CACR  Director's  Report  
  • 19. About  CACR   •  Part  of  Pervasive  Technology  Instute   •  p.iu.edu   •  Supported  by  VPIT,  NSF,  DHS,  DOE.   •  Partnership  with  University  Informaon   Technology  Services,  School  of  Informacs   and  Compung,  Maurer  School  of  Law,  Kelly   School  of  Business.     January  22,  2015  CACR  Director's  Report  
  • 20. CACR  VISION   •  Interweave  technical  and  policy  experse.   •  Draw  on  Indiana  University’s  wide  range  of   scholarly  experse  in  computer  science,   informacs,  accounng  and  informaon   systems,  criminal  jusce,  law,  organizaonal   behavior,  public  policy,  and  other  disciplines.   •  Bridge  with  Indiana  University’s  extensive   praccal  experience  in  cybersecurity  of  its   operaonal  units.   January  22,  2015  CACR  Director's  Report  
  • 21. CACR  And  IU   •  CACR  exists  to  serve  the  Naon,  State  and  IU.   •  Per  our  vision,  we  aim  to  improve   cybersecurity  at  IU  and  IU  through   cybersecurity.   •  Talk  to  us  about  coordinaon  of   cybersecurity  acvies,  or  collaboraon  on   cybersecurity  policy,  operaonal,  or  applied   research.   January  22,  2015  CACR  Director's  Report  
  • 22. Cybersecurity  @  Indiana  University     Impressive!   • CACR   • REN-­‐ISAC   • SOIC    -­‐-­‐  Master’s  Degree  in  Cybersecurity   • University  Informaon  Security  Office   • University  Informaon  Policy  Office   • Many  researchers  and  praconers  in  other   schools  and  offices.   January  22,  2015  CACR  Director's  Report  
  • 23. CACR  ACTIVITIES   January  22,  2015  CACR  Director's  Report  
  • 24. Trustworthy  Science     Maintaining  the  trust  of  sciensts  and  the   public  in  the  CI,  data  and  science  is  crical.     Challenge  is  understanding  increasing   threats  to  computaonal  science,  cultural   and  requirements  of  individual  domains,   large  distribute  science  communies,   unique  assets  such  as  instruments,  data,   etc.   January  22,  2015  CACR  Director's  Report  
  • 25. Science  pushes  IT  hard!   January  22,  2015  CACR  Director's  Report   HPC   HTC   Science   Gateways   Big  Data   Distributed   Everything   Bleeding-­‐edge   Networks  
  • 26. TrustedCI.org:   Center  for  Trustworthy  ScientiTic   Cyberinfrastructure   Providing  leadership  and  addressing   cybersecurity  challenges  for  the  NSF  community.   January  22,  2015  CACR  Director's  Report  
  • 27. CTSC  Accomplishments   •  Engaged  with  over  a   dozen  NSF  projects  -­‐   5  large  facilies.   •  Organized  NSF   Cybersecurity   Summits  for  Large   Facilies  and  CI     •  Training,  best   pracces   •  Developed   Cybersecurity   Program  Guide  for   NSF  CI   •  Authoring   cybersecurity   chapter  for  NSF   Large  Facilies   Manual   January  22,  2015  CACR  Director's  Report  
  • 28. We  rely  increasingly  on   our  socware  stacks  –  both   the  ones  we  write  and   others.     Open  nature  leads  to   large  aRack  surfaces.     Socware  integrity  is   crical.   A  joint  effort:     Morgridge  Instute  for   Research  (lead)   University  of  Illinois   Urbana  Champaign   University  of  Wisconsin   –  Madison   Indiana  University     Funded  by  DHS   January  22,  2015  CACR  Director's  Report   Miron Livny, MIR Jim Basney, UIUC Bart Miller, UW Von Welch, IU https://continuousassurance.org/
  • 29. A  Framework  for  Software  Assurance   January  22,  2015  CACR  Director's  Report   Results   Package   Package   Package   Tool   Tool   Tool   Pla'orm   Pla'orm   Pla'orm   Current:  396  &   bring  your  own   Current:  8   Perform   Assessment   Result   Viewer   Result   Viewer   Result   Viewer   Current:  2   Current:  700+  Cores   View   Results   Parse   Results   Parsed   Results   Current:  9  
  • 30. IU’s  Role  in  SWAMP   •  CACR:  Cybersecurity   •  RT/  High  Throughput  Compung  (w/Global   Research  NOC):  User  Support  and  Monitoring   January  22,  2015  CACR  Director's  Report  
  • 31. XSIM:  Extreme  Scale  Identity   Management  for  Science   Tradional  compung   with  users  all  managed   by  data  center.   January  22,  2015  CACR  Director's  Report   Image  credit:  Ian  Bird/CERN  Image credit: Lawrence Livermore National Laboratory (via Wikipedia) Modern  science  has   large  mulL-­‐site   collaboraLons.  
  • 32. Science  collaboratory  identity   management   •  Based  on  interviews  with  18  sites  and  projects.   •  Simple  model  for  describing  collaboratory  IdM.   January  22,  2015  CACR  Director's  Report   •  IdenLfied  factors  that   inhibit  and  encourage   delegaLon  from   compuLng  center  to   collaboraLon.  
  • 33. IU  NSA  CertiTication   •  Indiana  University  designated  as  a  Naonal   Center  of  Academic  Excellence  in  Informaon   Assurance/Cybersecurity  through  academic   year  2021.     •  Many  thanks  to  ScoR  Orr,  Drew  Simshaw,   and  all  the  faculty  and  staff  who  gather   needed  informaon.   January  22,  2015  CACR  Director's  Report  
  • 34. Indiana  National  Guard   •  Parcipate  in  community-­‐building  cyber   discussions  with  the  Indiana  Naonal  Guard   •  Facilitate  tour  of  ING  cyber  training  facilies   at  Muscatatuck  by  senior  homeland  security   officials   •  Contribute  to  IU  leRer  of  support  for  ING’s   efforts  to  expand  its  cyber  force.     January  22,  2015  CACR  Director's  Report  
  • 35. Consultation  to  NSA  on  Cyber   •  In  the  wake  of  Edward  Snowden’s  disclosures,   organized  a  day-­‐long  discussion  between  faculty  and   senior  NSA  officials  at  NSA  headquarters  in  Fort   Meade,  Maryland.   •  Guidance  on  privacy,  whistleblowing,  transparency,   secrecy,  and  related  topics.     •  Maurer  School  of  Law  Prof.  and  CACR  Senior  Fellow   David  Fidler’s  appointment  as  Scholar  in  Residence   of  the  President’s  Privacy  and  Civil  Liberes   Oversight  Board  (Jan-­‐Aug  2015).   January  22,  2015  CACR  Director's  Report  
  • 36. DOD  Minerva  Proposal   Coordinated  the  development  of  a   muldisciplinary  cyber  research  proposal   through  the  defense  department’s  MINERVA   social  science  research  iniave.     Seven  faculty  from  six  IU  disciplines  (law,   journalism,  psychology,  policy,  linguiscs,   internaonal  affairs)  joined  the  effort  to   propose  a  study  of  societal  trust  and  stability.     January  22,  2015  CACR  Director's  Report  
  • 37. CACR  Strategic  Plan   •  Strategic  Planning  acvies  Oct’14-­‐March’15   •  Expect  to…   Refresh  the  fellows  program   Establish  strong  connecons  with  more  schools  and   other  IU  campuses   Define  opportunies  to  provide  experse  to  the   community;  etc.   Refine  and  focus  Security  MaRers   •  Thoughts?  Input?  We’re  happy  to  chat.     January  22,  2015  CACR  Director's  Report  
  • 38. 2014  CACR  Cybersecurity  Summit   •  June  2014  Summit  in  Indianapolis   •  Featured  two  senior  Homeland  Security   officials  responsible  for  cyber  operaons  and   R&D.   News  about  2015  CACR  Cybersecurity  Summit   coming  soon!   January  22,  2015  CACR  Director's  Report  
  • 39. Cyber  Faculty  Discussion   •  Feb.  25   •  Extending  from  the  MINERVA  collaboraon.   •  Professors  Shannon  Marn  and  Tony  Fargo   are  featured  speakers  in  a  faculty  discussion   of  their  cyber  research  interests  and   establishing  collaborave  research  teams  at   IU.   January  22nd,  2015  CACR  Director's  Report  
  • 40. Thank  you       cacr.iu.edu     January  22,  2015  CACR  Director's  Report