Training Sessions *August 17* 2015 NSF Cybersecurity Summit

Monday, August 17 will feature a full day of training, available to all registrants.  All but the Bro Platform Training Workshop and Developing Cybersecurity Programs for NSF Projects are half-day offerings. Seating may fill for some or all sessions, and pre-event registration for individual sessions is required to reserve a seat. Please register by August 12 to guarantee seating, and help us make final preparations. Direct inquiries to Amy Starzynski Coddens (astarzyn@indiana.edu).

Concurrent Morning Sessions

Bro Platform Training Workshop (Full Day)

Click here for slides. 

Instructors: Justin Azoff (NCSA),  Adam Slagell (NCSA), Johanna Amann (ICSI)

Bro is a powerful network analysis framework used for security monitoring and network analysis. The user community includes major universities, research labs, supercomputing centers, and government and corporate organizations. In order to gain the most utility out of Bro we encourage users to attend training workshops and participate in the greater online community. The NSF Cybersecurity Summit presents the ideal opportunity to fulfill our responsibility of supporting NSF-funded sites. 

The Bro development team is prepared to deliver a full day workshop focusing on such topics as Bro administration, examining logs, learning out-of-the-box and custom Bro scripts, using BroControl, and other new features in Bro's v2.4 release. The morning session will focus on explaining what is Bro, how is it used, and out-of-the-box features. The afternoon session will focus on topics for more experienced users. 

Developing Cybersecurity Programs for NSF Projects (Full Day)

Click here for slides.

Instructors: Bob Cowles, Craig Jackson, Jim Marsteller, Susan Sons (CTSC)

Team members of the Center for Trustworthy Scientific Cyberinfrastructure (CTSC) will present two interactive half day sessions on developing cybersecurity programs for NSF science and engineering projects. Attendees may register for one or both sessions. 

Morning Session. This instructional morning session will be based on a cybersecurity planning guide (see, trustedci.org/guide) developed with input from the Daniel K. Inouye Solar Telescope (DKIST) project, and in use at a number of NSF facilities and projects. The Guide was developed to address the information security requirements outlined in NSF cooperative agreements, and provide solid guidance, tools, and resources. This session will be appropriate both for attendees of last year’s training of the same name, as well as newcomers. Though there will be a good deal of overlap, we will be updating our presentation, and supporting opportunities to explore areas in greater depth based on participants’needs. Some of the topics that will be covered include:

  • Building or Improving an Information Security Program
  • Unique and Critical Science Requirements, Constraints, and Security Controls
  • Information Security Policies and Procedures
  • The Role of Project Leadership and Risk Acceptance
  • Establishing a Risk Management Approach to Information Security
  • Defining, Identifying, and Classifying Information Assets
  • The Role of Risk Assessments within the Program Lifecycle
  • Baseline Controls and Best Practices
  • Topical Information Security Considerations: Third‐Party Relationships, Asset Management,
  • Access Control, Physical Security, Monitoring, Logging, and Retention
  • Program Assessment and Evaluation

While this session will be instructional in nature, it is also intended to be an interactive session to seek constructive feedback from attendees to further improve the guide. There will be significant opportunities for discussion and Q&A. 

Afternoon Session. We encourage registrants for this afternoon session to come prepared to share their experiences, ask questions, and learn from one another. The afternoon session will entail facilitated discussion and deep dives into two topics areas:

1) Cybersecurity Program Governance, Risk Acceptance, and Intra‐organization Communication. In most organizations, the people writing code, maintaining the network, and administering systems have the most information about the organization’s information assets and risks thereto. Most decisions about resourcing and risk acceptance, however, are made much higher up the chain, and the greatest concentration of information security expertise likely lies somewhere in between. Meanwhile, technologists and managers often have very different ways of thinking and communicating about information security issues. In this module, we’ll talk about common failure modes in organizational management and communication around information security that can cause poor decisions in organizational risk management to be made on the back of bad information.

2) Securing Novel Technologies. Science often relies on specialized systems, including one‐of‐a‐kind instruments and sensors, ICS/SCADA components, and custom software. Securing these systems requires more than applying industry best practices ‐‐ by definition, mature best practices don’t yet exist ‐‐ it calls for technical analysis and communities of practice. In this module, we’ll talk about helpful resources, and ways of tackling the security of these challenging systems.

Vulnerabilities, Threats, and Secure Coding Practices

Instructors: Barton P. Miller & Elisa Heymann

Security is crucial to the software that we develop and use. With the incredible growth of cyberinfrastructure services, security is becoming even more critical. 

This tutorial is relevant to anyone wanting to learn about minimizing security flaws in the software they develop or manage. We share our experiences gained from performing vulnerability assessments of critical middleware. You will learn skills critical for software developers and analysts concerned with security. 

This tutorial starts by presenting basic concepts related to threats, weaknesses and vulnerabilities. We will also show you how to think like an attacker. The rest of the tutorial presents coding practices that lead to vulnerabilities, with examples of how they commonly arise, techniques to prevent them, and exercises to reinforce you skills in avoiding them. Examples come from a wide variety of languages, including Java, C, C++, C#, Perl, Python, and Ruby, and come from real code belonging to Web, Cloud and Grid systems we have assessed. This tutorial is an outgrowth of our experiences in performing vulnerability assessment of critical middleware and services including well-known systems such as Google Chrome, Wireshark, and HTCondor.

Industrial Control Systems, Networking, and Cybersecurity

Click here for slides. 

Instructor: Phil Salkie (Jenariah Industrial Automation)

This presentation is a combination of three shorter programs originally presented at Penguicon 2014 and 2015: "Introduction to Programmable Controls," "Notes from the DHS ICS Cybersecurity 301 Class," and "Designing Secure Industrial Controls System Networks."

The training starts with an introduction to the basic hardware and software of modern industrial automation systems, which are used in industrial, scientific, and technical settings worldwide. 

The next section is an overview of the monthly course offered by the Department of Homeland Security on securing ICS systems, its schedule, how to apply for admission to the class, how to prepare in advance of attending, and what to expect from the week-long event. 

The "Designing Secure ICS Networks" component is an effort to provide a foundation for assessing and improving legacy controls system networks as well as architecting new networks to maximize the security of ICS/SCADA systems. Participants will obtain a useable set of results which flow from the lessons learned in the DHS course - sort of a "day six" of the five-day DHS curriculum. 

Concurrent Afternoon Sessions

Bro Platform Training Workshop (continued)

See full description above. 

Developing Cybersecurity Programs for NSF Projects (continued)

See full description above. 

Aligning your Research Cyberinfrastructure with HIPAA and FISMA

Click here for slides.

Instructor: Anurag Shankar (Indiana University)

With biomedical research emerging as a formidable computing challenge needing support, providers of large scale research cyberinfrastructure such as high performance computing (HPC) shops are increasingly facing a new challenge, namely regulatory compliance. Also, new grants and contracts are beginning to require compliance with federal cybersecurity standards for protecting research data, whether or not biomedical. This half-day training session will familiarize participants with relevant regulations, how they apply, the challenges they present, and offer a standards-based risk management approach to tackling them. 

Topics covered will include: 

  • HIPAA and FISMA Demystified.  History and introduction to the regulations, what they mean for NSF facilities, what they do not.
  • The NIST Risk Management Framework.  Managing information security risk (NIST 800-39), conducting risk assessments (NIST 800-30), security and privacy controls (NIST 800-53), and assessing the controls (NIST 800-53A).
  • Leveraging the Framework.  Scoping, planning, implementing risk assessments, risk mitigation, documentation, ongoing risk management, reviews, and training, implementation at IU as example.

Incident Response Training

Click here for slides.

Instructor: Randy Butler (NCSA)

Computer incident response is a required capability for any project or activity that is running internet connected services. This tutorial will provide basic information on setting up an incident response program so that the students can prepare their project team or organization for handling an incident investigation. The initial focus of the tutorial will be on identifying the processes, policies, information, and monitoring services that will be required to effectively respond to a security incident. This first section will additionally discuss investigation and analysis tools that might be useful for investigations.  The second part of the tutorial will identify a series of questions that the incident response team can use to guide them through both the investigation and the mitigation process. The final section will highlight several actual security incidents. Each of these incidents will be discussed in detail starting with how the incident was discovered and then continue through the investigation and mitigation process. The participant should leave the session with an understanding of the basic steps needed to create an incident response program and what to do when an incident occurs.