- Trustworthy science requires secure data
- Trusted CI, an NSF Cybersecurity Center for Excellence, helps research institutions improve cyberinfrastructure
- One-on-one engagements uncover security issues and recommend protection plans
“There’s a joke in the cybersecurity community. It’s actually very easy to make a computer secure. You just chain it up and throw the whole thing to the bottom of the ocean.”
Originally known as the Center for Trustworthy Scientific Cyberinfrastructure (CTSC), Trusted CI focuses on safeguarding the integrity and trust of scientific data and supporting interoperability.
Ensuring data security is a vital task, but a computer in a safe at the bottom of the ocean isn’t much use to anyone. So what’s the middle ground between a sunken safe and a data security emergency — and how do you go about getting everyone to agree on where that is?
Unique scientific missions
Trusted CI was born out of a $4.297 million grant from the National Science Foundation (NSF) awarded five years ago. Working in partnership with the National Center for Supercomputing Applications (NCSA), Pittsburgh Supercomputing Center (PSC), and the University of Wisconsin (UW), the center has established a host of protocols and best practices to improve the cybersecurity of NSF projects.
The NSF currently supports $7 billion worth of science spread over nearly 11,000 projects. Having this many balls in the air makes it hard to implement security standards across all projects. The fact that each of these research endeavors has a unique scientific mission only compounds the complexity.
For example, the NSF’s US Antarctic Program (USAP) manages all US scientific research and related logistics in Antarctica. Scientists from dozens of institutions converge on three year-round research stations in the remote region, all bringing a variety of computers, scientific equipment, and personal devices.
To help this process run smoothly and securely, Trusted CI focused on how Antarctic science grant teams experience cybersecurity as they proceed through pre-deployment actions to reach an Antarctic research station.
“The most valuable aspect of the engagement was the ability to have a team with a new perspective looking at our existing processes,” says Tim Howard, USAP Information Security Manager.
While the USAP engagement focused on improving user experience while maintaining and improving security, sometimes criminal intent is a factor.
Tanya Berger-Wolf, a computer science professor at the University of Illinois at Chicago, has developed Wildbook, an autonomous computational system that helps scientists identify and analyze images of endangered species.
Computer vision algorithms combine with sophisticated data management to create a high-resolution information database enabling scientific inquiry, conservation, and citizen science.
But associated metadata may contain GPS coordinates, potentially allowing poachers to track and hunt the animals.
“The ability to identify individual animals in images, combined with the image's location and time, provides a wealth of information to wildlife scientists and conservation managers. It is also, unfortunately, highly valuable to poachers and wildlife criminals,” says Berger-Wolf.
“Our 6-month engagement with Trusted CI resulted in an Identity Management and Access Control framework that takes into consideration the complex data access and sharing options. This is the first step in ensuring that Wildbook's data on endangered species is not used to drive those species to extinction.”
The hunt for the right solution
The key to Trusted CI’s continued success is a focus on expert, non-biased advice. This dedication has led to recognition within the cybersec industry, including Trusted CI being named as an NSF Cybersecurity Center for Excellence.
Trusted CI also has an advantage because, as an independent consultant, it isn’t trying to sell a specific product. As Welch puts it, everybody else pushes their solutions rather than the right solution.
So what is the right solution?
There may not be a one-size-fits-all fix to every organization’s problem, but Trusted CI has outlined the most important information in their Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects.
The Guide can help walk an organization through the process of creating cybersecurity protocols. The templates cover everything from password policies to disaster recovery. But for situations when the Guide isn’t enough, Welch and his team offer one-on-one, in-depth engagements. (Interested institutions can apply through the Trusted CI website.)
Over a six-month period, Trusted CI takes a granular look at the specific security requirements of each project and creates a plan for the future. Welch’s 10-person team has engaged with more than two dozen institutions to date, from the US Antarctic Program to the Gemini Observatory. In this way, Trusted CI can help organizations avoid the pitfalls of poor data security while also encouraging similar protocols across research projects.
Continuity is a huge part of cybersecurity, and few institutions are doing the work that Trusted CI and the NSF are doing in this regard.
We may never be as secure as a computer at the bottom of the ocean, but that doesn’t mean places like Trusted CI can’t strive for a world where efficiency and security are equally valued.