Call for Participation

2016 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure

August 16 - 18 ✶ Westin Arlington Gateway ✶ Arlington, VA

http://trustedci.org/2016summit/

Theme:  Strengthening Trustworthy Science

It is our great pleasure to announce that the 2016 Summit will take place Tuesday, August 16th through Thursday, August 18th, at the Westin Arlington Gateway near the National Science Foundation Headquarters in Arlington, VA. On August 16th, the Summit will offer a full day of information security training tailored for the NSF community. The second and third days will follow a workshop format designed to increase the NSF community’s understanding of cybersecurity strategies that strengthen trustworthy science: what data, processes, and systems are crucial to the scientific mission, what risks they face, and how to protect them.

 

About the Summit

Since 2004, the annual NSF Cybersecurity Summit has served as a valuable part of the process of securing the NSF scientific cyberinfrastructure by providing the community a forum for education, sharing experiences, building relationships, and establishing best practices.

The NSF cyberinfrastructure ecosystem presents an aggregate of complex cybersecurity needs (e.g., scientific data and instruments, unique computational and storage resources, complex collaborations) as compared to other organizations and sectors. This community has a unique opportunity to develop information security practices tailored to these needs, as well as break new ground on efficient, effective ways to protect information assets while supporting science. The Summit will bring together leaders in NSF cyberinfrastructure and cybersecurity to continue the processes initiated in 2013-2015: Building a trusting, collaborative community, and seriously addressing that community’s core cybersecurity challenges.

 

The Summit seeks proposals for presentations, breakout and training sessions. It offers opportunities for student scholarships.

 

 

Proposing Content for the Summit

 

There are many ways to contribute to the Cybersecurity Summit.  We are open to proposals for full- or half-day training sessions, for plenary presentations, and for breakout sessions.  More specific information on each of those is available below.  Submissions should be sent to CFP@trustedci.org by June 10th.  Responses should go out by June 24th to ensure adequate planning time for presenters.

 

Proposing a Plenary Presentation

 

Please submit brief white papers focused on NSF Large Facilities’ unmet cybersecurity challenges, lessons learned, and/or significant successes for presentation during the Summit Plenary Session (Aug 17-18).  White papers (and presentations) may be in the form of position papers and/or narratives and may be one to five pages in length.

 

All submitted white papers will be included in the 2016 summit report. The Program Committee will select the most relevant, reasoned, and broadly interesting for presentation. A limited amount of funding is available to assist with travel for accepted submissions.

 

 

Submission deadline: June 10th

 

Submit to: CFP@trustedci.org

Word limit:  400 to 2000 words (~1-5 single spaced pages)

Notification of acceptance: June 24th

 

 

Proposing a Training Session

 

 

Training may be targeted at technical and/or management audiences, and be half-day or full-day in length.  Areas of interest include, but are not limited to: cybersecurity planning and programs, risk assessment and management, regulatory compliance, identity and access management, data management and provenance, networks security and monitoring, secure coding and software assurance, physical security in the context of information security, and information security of scientific and emerging technologies. The Program Committee will select the most community-relevant and broadly interesting training sessions for presentation during the first day of the summit (Aug 16).

 

We generally prefer  training sessions  with some hands-on or interactive component over those that can be equally well presented in a non-interactive format (e.g. online videos), whether that component is a series of review Q&As, the opportunity to work directly with a piece of software or other tool, or a planning/management activity.

 

 

Submission deadline: June 10th

 

Submit to: CFP@trustedci.org

Word Limit:  600 words

Notification of Acceptance:  June 24th

 

 

Proposing Table Top Sessions

 

 

In past years, the Summit has experimented with other formats for networking and information exchange, such as table-top topics at lunch.  Proposals for such an activity should be 1-2 pages in length and include who would run the activity, the activity’s intended audience, and a description of the activity itself and its expected benefits.

 

Submission deadline:  June 10th

 

Submit to: CFP@trustedci.org

Word limit:  400 to 800 words (~1-2 single spaced pages)

Notification of acceptance:  June 24th

 

Information for Students

 

Each year, the summit organizers invite several students to attend the summit.  Reimbursement of travel expenses may be available.  See http://trustedci.org/summit2016/students for more information.

 

Notes for First-Time Presenters

 

The Summit organizers want to encourage those who have not presented at previous Summits to share their experiences, expertise, and insights with the NSF cybersecurity community.  You don’t need to be perfectly polished, you just need to have something to share about your project or facility's experience with information security.  Feedback from last year’s Summit showed that there was a great deal of interest in “lessons learned” type presentations from projects who’ve faced cybersecurity challenges, and had to rethink some things afterwards.  We’ve put together a page of tips and ideas for new presenters, including proposal and presentation tips as well as suggested topics.  More direct coaching is available upon request.

 

Please contact CFP@trustedci.org with any questions, or to request help preparing a proposal or getting it ready to present at the Summit.

 

So you want to present at the 2016 NSF Cybersecurity Summit…

Welcome!  The Summit organizers wish to encourage and support participation from throughout the wider NSF community.  To further that mission, we’ve provided some information (below) to aid in the preparation of CFP responses.  Please don’t hesitate to direct questions to CFP@trustedci.org.

 

What to Present

 

This year’s theme is “Strengthening Trustworthy Science.”  This is a subject that is the underlying motivation for all of the cybersecurity activities we pursue.  The organizers especially appreciate proposals that drive this home, however, not every presentation, training session, or activity has to be centered around just that topic.  Please submit any idea that you think may be relevant to our audience.  If you would like to present, but aren’t sure of what topic to choose, consider the following suggestions:

  • Lessons Learned: Get beyond the brag session.  Tell the audience about something that DIDN’T go well for your project’s cybersecurity efforts and how you overcame it.  Even if you haven’t overcome it yet, share the questions you are struggling with and  open things up to the audience for Q&A or brainstorming.  Too often, those doing cybersecurity in our community only see the big successes that others do press releases about, but there is even more to learn about the things that don’t work.

  • Tools: Have you discovered a new or unusual tool  or technique that enables you in cybersecurity work?  Do a “getting started” tutorial to help others learn about it so that they can implement it for themselves.

  • Enabling Cybersecurity Professional Development: What do you do to find, train, and retain good people?  How do you enable them to keep their skills fresh and growing?

  • It would be great to get a session on approaches to building the cybersecurity workforce available to the science community.  

We strongly encourage proposals that address the 2015 Summit finding and recommendations:

  • Security budget strategy / budget & program effectiveness

  • Project leadership/stakeholders risk accountability and responsibility

  • Software assurance

More details on the recommendations can be found in the 2015 NSF summit report: http://hdl.handle.net/2022/20539

 

Additionally, the following ideas might help you build a presentation idea around this year’s theme, or work the theme into your presentation’s topic:

 

  • Supply chain requirements

  • What are your most valuable and/or sensitive data?

    • What assets have you had the most trouble protecting?

    • Where have you found the best resources?  For commodity technologies?  For your special equipment?

  • Have you gone through a process of formally identifying your information assets for security purposes?  What does the documentation look like?  What challenges have you faced (e.g., in classifying data)?

  • Did you find anything assets that surprised you…. that you didn’t think of as critical to the integrity of the scientific results?

  • How do you assign responsibility for / stewardship of specific information assets (or sets of assets that serve a process) within your organization?  When if ever does security have direct accountability for the security of these assets?

 

How to Build a CFP Response

 

The proposal you submit will be used in two ways: to tell the organizers about what you plan to present, and to be included in the summit findings as a sort of after-action report.  It should include:

  • An executive summary (short description of the topic and content).

  • Who the presenter(s) is/are.

  • Either a whitepaper discussion of the topic, or a narrative you’d like to share with the community.  (For activities that are not trainings or plenary sessions, this may be replaced with a description of the planned activity, any space or equipment needs, and the activity’s intended audience.)

  • Contact information (preferably email) for the presenter(s) in case the organizers have any questions.  This can be in a separate note in the email body instead of the proposal itself if presenter(s) don’t wish it to be published.

  • Expected length of the session/training/activity.  Generally, trainings are either full- or half-day and plenary sessions are about 50 minutes, but if a good idea takes more time than that, we will work with presenters to make it happen.

  • Any relevant references (e.g. link to the home page for the project the talk is about, or recommendations for further reading).

 

Our community has expressed in the past that many find it helpful if they can download a copy of a presentation’s slides.  If you are willing to publish your slides, please email a copy (or a link to where you prefer to host slides) to CFP@trustedci.org.

 

 

The easiest way to get help/feedback from the organizing committee prior to submitting your final proposal is to create a Google Doc containing your proposal and sending an edit link to CFP@trustedci.org.  Don’t share directly with that address, as the link will be passed on to a reviewer who will have their own google account.

 

 

Tips for Presenting

There are many different presentation formats that can work well, depending on the topic.  Consider the following:

 

Lecture format : The presenter(s) talk to the audience and show slides to support their dialogue, then do a short Q&A time at the end of the presentation.

 

 

Panel format: 3-5 persons answer questions offered by a moderator on a specific topic or set of topics, then do a short Q&A with the audience.  This tends to work out best when the panel contains people with very different backgrounds or viewpoints, and the moderator is good at keeping folks to the topic and time constraints.

 

 

Open Forum format: 2-3 persons answer questions offered by the audience.  Works best if there is an extra person gathering questions and presenting them, and if the speakers can keep things succinct so that the presentation keeps moving and many questions get answered.

 

 

Hands-on format: The presenter(s) walk the audience through a demo or tutorial as the audience follows along on their computers (or on paper, if the topic supports it).  If you are doing a training that will have many hands-on activities, consider having more than one presenter, or a presenter plus a helper or two who can go around the room and help participants who get stuck, allowing the group as a whole to move on.

 

 

Whatever format you choose, be sure to engage your audience by making eye contact (with them, not with the slide screen!), showing interest in what you are saying, and not rushing.  Most speakers appear most smooth and practiced when following a general outline they’ve practiced once or twice, rather than trying to read a prepared script verbatim.