This funding will establish the Center for Trustworthy Scientific Cyberinfrastructure (CTSC), a three-year-old collaboration between the aforementioned institutions, as the NSF Cybersecurity Center of Excellence, an entity focused on addressing cybersecurity challenges of NSF scientific research.
Ensuring scientific computing remains trustworthy and uncorrupted is essential in protecting the nation's science. In its role as a Cybersecurity Center of Excellence, the CTSC will provide readily available cybersecurity services tailored to the NSF science community. These resources will include leadership and coordination across organizations, and education and training to expand the pool of available cybersecurity expertise.
"NSF-funded cyberinfrastructure presents unique challenges for operational security personnel and impacts other important areas of research affecting society, including ocean sciences, natural hazards, engineering, biology and physics", stated Anita Nikolich, cybersecurity programme director within NSF's advanced cyberinfrastructure division. "Organisations that host cyberinfrastructure must find the right balance of security, privacy and usability while maintaining an environment in which data are openly shared. Many research organisations lack expertise in technical and policy security, and could benefit from an independent, shared security resource pool."
The CTSC will collaborate directly with NSF-funded research organisations to address their cybersecurity challenges and provide forums for cybersecurity collaboration across organisations. For example, Jim Basney of the National Center for Supercomputing Applications will lead CTSC support activities on the topic of identity and access management for research organisations.
"Cybersecurity is no longer solely a technical matter - it's a critical part of any organisation's risk management", stated Von Welch, director of Indiana University's Center for Applied Cybersecurity Research (CACR) and CTSC principal investigator. "Addressing the cybersecurity risks to science requires a comprehensive understanding of research and the threats it faces. Many of these threats are those faced by other organisations on the Internet, but others are unique to the science community with its collaborative nature and use of high-end information technology and cyberinfrastructure."
The CTSC will also convene an annual NSF Cybersecurity Summit, led by PSC Chief Information Security Officer James A. Marsteller, to share experiences, provide training and discuss cybersecurity challenges.
"Organized with significant input from the NSF community, the annual Summit provides a key opportunity to share experiences, lessons learned and advances with other NSF projects", James A. Marsteller stated. "The forum provides an opportunity to discuss serious issues around implementing cybersecurity not only of a technical nature, but also cultural, managerial and budgetary and the like."
An example of a safeguard the CTSC will promote is software assurance, as experienced, respected names in that field, such as Barton Miller, professor at University of Wisconsin-Madison, will offer their expertise to reduce the risks of vulnerabilities and breaches for researchers.
"Every day the news continues to document why truly excellent research in highly applied cybersecurity is a national priority", stated Brad Wheeler, IU vice president for information technology and interim dean of the IU School of Informatics and Computing. "This award adds to the many national distinctions that CACR has achieved in its 13 years as part of IU's formidable cybersecurity capabilities in education, research and operations."
Additionally, the CTSC will collaborate with the U.S. Department of Energy's Energy Science Network (ESnet) to develop a threat profile for open science.
"The Department of Energy and NSF enable scientific discovery in a range of domains critical to our nation's future", stated Greg Bell, director for ESnet and division director at the Lawrence Berkeley National Laboratory. "Working together to understand cybersecurity threat models shared by these collaborations is an important step forward for the two agencies, and ESnet is delighted to be collaborating on this effort."