Description

Hands-on Zeek Scripting training. Aashish Sharma will walk attendees through the fundamentals of Zeek Scripting along with some practical exercises. This training will cover scripting basics, and will then advance through various Zeek script frameworks. In the training, we will cover how to work with Zeek events and datatypes, how to create custom datatypes, how to create custom log-files and notices, how to use probabilistic datastructures, how to load data into Zeek. We also will talk about some clusterization techniques. The training will end by walking attendees through the process of developing a new heuristic and wrapping it into a package. This will be a hands-on training. There will be an introduction for each topic, followed by hands-on exercises.

Presenter bio

Aashish Sharma is a member of the cybersecurity team of the Lawrence Berkeley National Laboratory. He is a long-time daily user of Zeek, part of the Zeek leadership team, and active in the Zeek community. Aashish is a prolific script-writer, as well as an author of several papers using Zeek data.

Description:

We will aim to give attendees the ability to run a real-world Zeek installation on their own hardware. We will start by introducing attendees to the basic architecture of Zeek. This includes showing attendees how to run and customize Zeek on the command line. It also includes guidance on how to do basic log analysis. We will also talk about what real-world deployments of Zeek look like, using examples used by R&E institutions. We will teach attendees how to set up their own Zeek cluster deployments in production together with all the cluster components, and the new Zeek management framework. Other topics that we cover include the Zeek package manager, the configuration framework, the intelligence framework, customizing logging, and the input framework. This is a hands-on training, where attendees will be able to run Zeek on their laptops.

Presenters’ bios

Fatema Bannat Wala is a security engineer at ESNet. She has more than nine years of experience in cybersecurity. She is a member of the Zeek Leadership Team, and an active contributor to the Zeek community and other open-source projects. Fatema is well-known among security professionals for developing new technologies that solve real-world security related challenges, for implementing new research ideas and for instigating operational improvements in organizations. She also is a frequent public speaker in well-renowned security conferences around the globe. Fatema is enthusiastic about learning new technologies, especially when they relate to cybersecurity defense.

Christian Kreibich is technical lead (Open Source) @ Corelight by day and Zeek wizard with exceptional Zeek-magic skills by night. Also, he is a Zeek LT Member

Keith Lehigh has served at UISO at Indiana University for 10 years running Zeek on large .edu networks and is currently a Zeek LT Member

Security and Privacy for Humans

Description

Traditionally, security and privacy research focused mostly on technical mechanisms and was based on the naive assumptions that Alice and Bob were capable, attentive, and willing to jump through any number of hoops to communicate securely. However, 25 years ago that started to change when a seminal paper asked "Why Johnny Can't Encrypt" and called for usability evaluations and usable design strategies for security. Today a substantial body of interdisciplinary literature exists on usability evaluations and design strategies for both security and privacy. In August, the Symposium On Usable Privacy and Security (SOUPS) held its 20th conference. Nonetheless, it is still difficult for most people to encrypt their email, manage their passwords, and configure their social network privacy settings. In this talk I will highlight some of the research from my lab that evaluates security and privacy for humans, proposes some new solutions, and is finding its way into products and services that people use.

Bio

Lorrie Faith Cranor (lorrie.cranor.org) is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems University Professor of Computer Science and Engineering and Public Policy at Carnegie Mellon University. She
directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the Privacy Engineering masters program.  In 2016 she served as Chief Technologist at the US Federal Trade Commission. She is also a co-founder of Wombat Security Technologies, Inc., a security awareness training company that was acquired by Proofpoint. She has authored over 200 research papers on online privacy, usable security, and other topics. She founded the Symposium On Usable Privacy and Security (SOUPS) and co-founded the Conference on Privacy Engineering Practice and Respect (PEPR). She has served on a number of boards, including the Electronic Frontier Foundation Board of Directors, the Electronic Privacy Information Center Advisory Board, the Computing Research Association Board of Directors, and the Aspen Institute Cybersecurity Group. She was elected to the ACM CHI Academy and named a Fellow of IEEE, ACM, and AAAS. She was previously a researcher at AT&T-Labs Research. She holds a doctorate in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative  Inquiry at Carnegie Mellon University where she worked on fiber arts projects, including a quilted visualization of bad passwords that was featured in Science Magazine as well as bad passwords dress that she frequently wears when talking about her research. She plays soccer, walks to work, sews her own clothing with pockets, and tries not to embarrass her three young adult children.

Description

In this tutorial you will learn skills critical for software developers and analysts concerned with security. It focuses on Web programming practices that can lead to security vulnerabilities, on automated tools, and on software assurance tools. We will present the most common vulnerabilities found in Web applications, Cross-Site Scripting (XSS) and Cross Site Request Forgery (CSRF), and how to mitigate them. Dependency analysis tools – tools that find weaknesses in the software supply chain and develop a software bill of materials (SBoM) – are the first line of defense in assessing the security of a software project. These tools can catch flaws in the packages and libraries a program depends upon, and that affects the safety of the application. Software assurance tools – tools that scan the source or binary code of a program to find weaknesses – can catch flaws in a program that affect both the correctness and safety of the code. This tutorial is also relevant to anyone wanting to learn how to use these automated assessment tools to minimize security flaws in the software they develop or manage. The tutorial includes a hands-on session, where the attendees will gain experience with automated assessment tools and dependency analysis tools, applied to a web application we crafted for learning about security weaknesses that lead to vulnerabilities. We will provide all the required software, installed, and configured, on a virtual machine.

Presenters’ bios

Barton Miller is the Vilas Distinguished Achievement Professor and the Amar & Belinder Sohi Professor in Computer Sciences at the University of Wisconsin-Madison. He is the Software Assurance lead on the NSF Cybersecurity Center of Excellence. In addition, he co-directs the MIST software vulnerability assessment project in collaboration with his colleagues at the Autonomous University of Barcelona. He also leads the Paradyn Parallel Performance Tool project, which is investigating performance and instrumentation technologies for parallel and distributed applications and systems. His research interests include systems security, binary and malicious code analysis and instrumentation of extreme scale systems, parallel and distributed program measurement and debugging, and mobile computing. Miller's research is supported by the U.S. Department of Homeland Security, U.S. Department of Energy, National Science Foundation, NATO, and various corporations. In 1988, Miller founded the field of Fuzz random software testing, which is the foundation of many security and software engineering disciplines. In 1992, Miller (working with his then-student, Prof. Jeffrey Hollingsworth), founded the field of dynamic binary code instrumentation and coined the term "dynamic instrumentation". Dynamic instrumentation forms the basis for his current efforts in malware analysis and instrumentation.

Elisa Heymann is a senior scientist on the NSF Cybersecurity Center of Excellence at the University of Wisconsin-Madison, and an associate professor at the Autonomous University of Barcelona. She co-directs the MIST software vulnerability assessment at the Autonomous University of Barcelona, Spain. She coordinates in-depth vulnerability assessments for NFS Trusted CI, and was also in charge of the Grid/Cloud security group at the UAB, and participated in two major Grid European Projects: EGI-InSPIRE and European Middleware Initiative (EMI). Heymann's research interests include software security and resource management for Grid and Cloud environments. Her research is supported by the NSF, Spanish government, the European Commission, and NATO.

Description

Cybersecurity rules and regulations in individual grants, contracts, and data use agreements have long been a challenge for researchers and organizations. The burden is now shifting as a new regulatory landscape is poised to subject the entire research enterprise to compliance. The steady arrival of new regulations has caused the number of research institutions with compliance expertise to grow, providing a new community for the uninitiated, but there is still no central resource that introduces compliance holistically. This training is designed to address this gap and introduce attendees to current and upcoming rules and regulations that affect research and strategies to tackle them.

Presenters' bios

Anurag Shankar is a senior security analyst at the Center for Applied Cybersecurity at Indiana University. He leads the HIPAA compliance effort for the IU Office of the Vice President for Information Technology and is responsible for developing IU's nationally renowned SecureMyResearch program. He specializes in regulatory compliance for research, cybersecurity risk management, and research cybersecurity. Anurag has over three decades of experience conducting academic research, teaching, developing and delivering research computing services, building compliant solutions for biomedical researchers, performing cybersecurity assessments, and consulting. He has a Ph.D. in astronomy from the University of Illinois at Urbana-Champaign.

Tim Daniel is an information security analyst at the Center for Applied Cybersecurity at Indiana University and a member of IU's SecureMyResearch team. Previously, Tim worked for a contract research organization carrying out phase 1 and pre-phase 1 clinical trials for veterinary medicine. He holds a bachelor’s degree in biology with a focus in chemistry, and an associate's degree in applied biotechnology. After high school, Tim worked for Stone Belt, a nonprofit that provides resources and supports for individuals with disabilities, where he learned patience and listening skills, critical to the success of SecureMyResearch.

Will Drake is a senior security analyst, CISO, and the SecureMyResearch lead at the Center for Applied Cybersecurity at Indiana University. Will has worked in various IT roles with Indiana University since 2012, including operations supervisor for Data Center Operations and lead systems engineer for the Campus Communications Infrastructure team where he was responsible for ensuring the security of IU’s critical telecommunications infrastructure. Will holds an associate’s degree in computer information technology from Ivy Tech and is currently pursuing a bachelor’s degree in informatics with a specialization in legal informatics from Indiana University's School of Informatics and Computing.

Moderator:

Rick Wagner

Alumni Fellows: Ramazan Aygun, Melissa Cragin, Lori Sussman, Charles McElroy,Sanchieh (Jay) Yang, Richard Wagner, Stephen Streng, Shuyuan Metcalfe, Jerry Perez, Smriti Bhatt, David White, Phuong Cao

Description:

This BOF session is an informal meeting of the Minority Serving - Cyberinfrastructure Consortium (MS-CC) Cybersecurity Community of Practice (CoP). The purpose of the MS-CC Cybersecurity CoP is community-driven experience sharing to support and raise awareness of and best practices related to Cyberinfrastructure (CI) Cybersecurity at historically black colleges and universities (HBCUs), tribal colleges and universities (TCUs), and other minority-serving institutions (MSIs) for faculty, researchers, staff, and students. This BOF is an opportunity for all Summit attendees who are interested in this topic to meet and give input on future plans for the MS-CC Cybersecurity CoP. For more information, please see: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fms-cc.org%2Fcommunity-resources%2Fcybersecurity-community-of-practice%2F&data=05%7C02%7Cdborecky%40iu.edu%7Cd9c9fdd00f0646f8879908dcd99bdb36%7C1113be34aed14d00ab4bcdd02510be91%7C0%7C0%7C638624510639899462%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=G%2FuG%2FnBUOUP85DHFDg2WFMhZ2H0ph9Ne5Z6vGWUuBKs%3D&reserved=0

Presenter bio:

Jim Basney is Senior Advisor of Trusted CI, the NSF Cybersecurity Center of Excellence. He is a Principal Research Scientist at the National Center for Supercomputing Applications at the University of Illinois. Jim received his Ph.D. in Computer Sciences from the University of Wisconsin-Madison

Description

The rise of Generative AI (including LLMs) has raised many questions on how cybersecurity defense can benefit from it and how cyberspace security can be threatened further by it. The fast evolving nature of both Generative AI and cyberspace also makes it difficult for practitioners to catch up and differentiate what is useful and what are noises. This BoF session (1~1.5 hr) will invite whoever is interested to share their experiences and findings. Prof. Yang will engage the audience to discuss research advances, experiences through a pilot training program on "AI for Incident Response," and future directions of how cybersecurity practitioners can keep up with the changes in AI.

Presenter bio

Dr. Shanchieh (Jay) Yang received his BS degree in Electronics Engineering from National Chaio-Tung University in Taiwan in 1995, and MS and Ph.D. degrees in Electrical and Computer Engineering from the University of Texas at Austin in 1998 and 2001, respectively. He is currently a Professor in Computer Engineering and the Director of Global Outreach for Global Cybersecurity Institute at Rochester Institute of Technology. His research focuses on advancing machine learning, modeling, and simulation for predictive cyber intelligence and anticipatory cyber defense. His research group has been supported by NSF, IARPA, DARPA, NSA, AFRL, ONR, and ARO. His earlier work introduced Variable Length Markov Models (F-VLMM), Virtual Terrain (VTAC), and Attack Social Graphs (ASG) for predictive cyber situation awareness (FuSIA, VTAC, & ViSAw). More recently, his team develops a holistic body of work that contains ASSERT to continuously learn and update emerging statistical attack models, CASCADES to simulate synthetic scenarios grounded with a theoretical understanding of adversary behaviors, and CAPTURE to forecast cyberattacks using unconventional signals in the public domain. He was a 2019 NSF Trusted CI Open Science Fellows and a 2020 NSF Trusted CI TTP Fellow. He received IEEE Region 1 Outstanding Teaching in an IEEE Area of Interest Award for outstanding leadership and contributions to cybersecurity and computer engineering in 2019. He received Norman A. Miles Award for Academic Excellence in Teaching in 2007, and was also a co-chair for IEEE Joint Communications and Aerospace Chapter in Rochester NY in 2005, when the chapter was recognized as an Outstanding Chapter of Region 1. As an innovative and collaborative leader in academia, he has also established several international partnership programs and collaborations with universities across Europe and Asia.

Moderator:

Anita Nikolich - University of Illinois, Research Scientist and Director of Technology Innovation

Panelists:

Hyrum Anderson - CTO at Robust Intelligence

Joe Lucas - Nvidia, Senior AI Security Researcher 

Perri Adams - Special Assistant to the Director, DARPA

Description

This talk focuses on overcoming operational and design related challenges when integrating traditional security with modern cloud-native technologies such as Kubernetes, emphasizing the potential for learning and adaptation with respect to differences in security architecture and operations.

Presenter bio

Kapil Agrawai is a security engineer with Energy Sciences Network (ESnet) where he focuses on Kubernetes platform security, developing tools for security automation, and anything and everything DevSecOps. Prior to moving into a cybersecurity- focused role, he worked as a network engineer for several years with multiple research and education ISPs and a HPC data center and is now a recovering network engineer.

Description: Regulations that affect research are a constantly moving target right now. Some rules are in the Final Rule stage, some are Proposed Rules, some are awaiting comments. This session will cover at a high level the regulations that apply to research, where they are in the rulemaking process(es), and what we expect from them. Regulations that may be discussed: Cybersecurity Maturity Model Certification (CMMC), DFARS and FAR updates related to CUI, NIST SP 800-171, NSF CUI program, NSPM-33 Note: The exact status of each regulation can change significantly from June through October, and new ones may be introduced, so the specific regulations this session will cover may vary.

Presenter bio

Laura Raderman has been in the cybersecurity industry for more than 20 years, first as a consultant to Fortune 50 companies, and now as a policy and compliance coordinator for Carnegie Mellon University’s Information Security Office for the last 10 years. At Carnegie Mellon University, Laura is responsible for assisting all departments at the university to comply with various laws, regulations and contractual agreements controlling information security. Laura is an active contributor to EDUCAUSE working groups, participating in comments on NIST standards and federal rule making related to research security. Laura is a Certified CMMC Assessor (CCA) and authorized to participate in Cybersecurity Maturity Model Certification (CMMC) Level 2 Assessments under the US Department of Defense’s CMMC Program.

Description

Regulated Research Community of Practice (RRCoP) is the newest service of Trusted CI. While new to Trusted CI, RRCoP has been rapidly growing for three years and delivering resources to more than 300 institutions. RRCoP supports a broad variety of roles at research institutions that are subject to compliance regulations. During the last decade, researchers and institutions have seen a shift in who holds the burden of such compliance. Shared infrastructures and increased ownership in the cybersecurity protections of the research data has begun encompassing many distinct roles that support research subject to compliance regulations. Compliance adds the strategic edge that helps verify that collaborators are securing the research data to the same requirements. Compliance may also require senior-level signatures bringing the entire research portfolio into risk. With this new spotlight on the impact of a small fraction of the entire research portfolio comes new challenges and processes required to support these compliance efforts. RRCoP focuses on sharing lessons learned from institutions who’ve also established these processes, developed a governance or cost model, used shared infrastructure, or have completed possible assessments of their regulated research. Through the use of an active community, institutions are able to make faster strides in supporting new regulations that the research contracts require. At this session, attendees will learn how RRCoP can help with these compliance regulations and how to participate in this community.

Presenter bio

Carolyn Ellis is a PI of the Regulated Research Community of Practice where she works at a national level to support higher education institutions handle regulated research. She is a director of Research Cybersecurity and Compliance at Arizona State University. Carolyn has significant experience in grants, research, and implementing the security enclaves for DOD contracts. Her community- building efforts and dedication to growing more cybersecurity leaders include mentoring women in STEM communities such as WiCys (Women in Cybersecurity).

Description

The Department of Defense has developed the Cybersecurity Maturity Model Certification (CMMC) 2.0 program. It streamlines requirements to three levels of cybersecurity controls and aligns the requirements at each level with well-known and widely accepted NIST cybersecurity standards. CMMC compliance is expected for all institutions conducting government business by 2026. To meet this requirement, a scalable and secure Regulated Research Enclave (RRE) is needed given the high regulatory controls, standards, and reporting requirements that come with DoD related grants and contracts subject to the Defense Federal Acquisition Regulation Supplement (DFARS) that include CMMC clauses. This presentation will cover the issues and processes MSU had to manage to identify technical capabilities and gaps, convince leadership that a secure environment was needed, and ultimately architect and build a cloud-only solution as a starting point for the RRE. Due to the complexity of implementing the NIST 800-171r2 controls across all the University systems touching CUI data for a relatively few DoD contracts, MSU decided to seek out a 3rd party approach for evaluating MSU’s administrative and technology readiness and providing recommendations on moving forward with either a campus-only, hybrid, or cloud-only solution for supporting research projects with CUI data requirements. To find the RRE solution best suited to the university’s capabilities and needs, we did the following: 1. Engaged with a 3rd party cybersecurity SME to perform a CMMC scope and inheritance review and sent recommendations to IT and admin leadership. 2. Leadership approved a vendor-managed RRE Hub-N-Spoke architectural design that would be isolated from the university network and require minimal interaction by MSU technical and security staffs. 3. OR&I and MSU IT developed and released an RFP to several cloud service providers requesting a contract to design, build, and operate a hosted RRE solution that will meet current CUI regulatory requirements and be ready for a CMMC assessment of the RRE by the end of 2025 (1 Year). 4. The selected vendor solution for the RRE will be built in the Microsoft Azure GCC-High cloud platform using a Hub-N-Spoke architecture that is sufficient to meet all the NIST-800-171r2 compliance requirements and onboard existing research projects while also preparing the university for a CMMC certification assessment by end of 2025 (6 Months). 5. Worked with vendor on CUI/CMMC requirements gathering and GCCH system design, build, and enablement for onboarding and protecting research projects with CUI data (12 weeks) 6. Completed system walk throughs and training by MSU administrative, technical, and security staffs for oversight of the RRE and management of interactions with the vendor for RRE operations, project intake, provisioning, security, and researcher support. (2 1/2 Years) 7. Made the decision to pursue CMMC compliance for the RRE by engaging with an approved 3rd party CMMC assessor and successfully completed the certification process. (6 – 9 Months)

Presenter bio

Don DuRousseau has more than 20 years of leadership experience in research technologies, cyberinfrastructures, cybersecurity, and policy development. His work has involved the broad dissemination of advanced analytical methods and systems working through cross-functional partners to deliver next-generation solutions that impact research and education communities across the country and around the world. Don is an active researcher leading numerous federally sponsored R&D projects and has more than 30 publications on topics including real-time signal processing, large-scale data science and analytics, adaptive human systems, and performance engineering technologies. He holds a master’s degree in international business and computer science from George Washington University and a bachelor’s degree in neurobiology and neurosciences from University of California, Berkley. He is experienced in advanced research technologies and cyberinfrastructures in higher education and leads the research operations and support services for on-campus and affiliated researchers and students with computational and qualitative analyses, research design, and agency-specific compliance requirements. He also provides guidance to senior leadership in understanding the breadth of research at MSU, the existing capabilities and gaps in meeting current goals for research, and the level of planning needed to meet the demands for rapid growth in campus research and the need for regional scale cyberinfrastructure and support services. These resources are required to expand opportunities for campus researchers to develop multi-institutional collaborations leading to advancement in R1 standings. Specialties: cyberinfrastructure, cybersecurity, cognitive neuroscience, artificial intelligence, neural networks, deep learning, big data analytics, real-time signal processing, software defined networking, IoT, and smart cities and farms.

Description

The goal of security log analysis is to more efficiently leverage log collection in order to identify threats and anomalies in your research organization. This half-day training will help you tie together various log and data sources to provide a more rounded, coherent picture of a potential security event. It will also help you understand log analysis as a life cycle (collection, event management, analysis, response) that continues to become more efficient over time. Interactive demonstrations will cover both automated and manual analysis using multiple log sources, with examples from real security incidents. 45% of the sessions will be devoted to hands-on exercises where students will analyze real log files in order to find security incidents. A knowledge of Unix commands such as grep, awk and wc are ideal for this class, but not required as the algorithmic methods can be applied to other systems. A brief primer on these commands will be provided. We have expanded our exercise this time to include both command line and Elastic Stack based analysis. This will be an interactive session allowing Q&A and also will feature interactive polls to enhance the audience’s learning experience.

Presenters bios

Mark Krenz Chief Security Analyst Mark Krenz is focused on cybersecurity operations, research and education. He has more than two decades of experience in system and network administration and has spent the last decade focused on cybersecurity. He serves as the CISO of the ResearchSOC and also the Deputy CISO of Trusted CI.

Ishan Abhinit has worked as a security risk analyst co-op at GMO, Boston, as well as an SOC engineer and IT security analyst at Infosys Ltd and IBM India Pvt. Ltd. He holds a master’s degree from the cybersecurity program at Northeastern University.

Phuong Cao is a research scientist at the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign. He is a TrustedCI Fellow. His research mission is to secure cyberinfrastructure, in particular high performance scientific computing, e.g., Blue Waters supercomputer. Prior to joining NCSA, Phuong has operational experience in the network security industry, including reverse engineering of polymorphic computer viruses, responding to globally distributed denial of service attacks (Akamai’s CDN, LinkedIn), securing the Watson Health Cloud (IBM T.J. Watson Research, zSystems group), and formal verification of smart contracts and OAuth protocols (Microsoft Research, RiSE group). Phuong graduated from Hanoi University of Science and Technology (Vietnam) and University of Illinois at Urbana-Champaign.

Mohammad Nasir Moradi is a Master of Science student in Secure Computing at Indiana University, set to graduate in Spring 2025. He holds a Bachelor of Science in Information Technology with a focus on Cybersecurity. He currently works as a Security Operations Technician in the University Information Security Office (UISO) at Indiana University and serves as a Student Fellow at the Center for Applied Cybersecurity Research (CACR). In his fellowship role, he is mentored by Mark Krenz, Chief Security Analyst, and Robert Templeman, Executive Director of Cybersecurity Innovation. His primary interests are Security Log Analysis, Penetration Testing, Threat Hunting, and Incident Response

Description

Network packet processing faces significant performance challenges due to kernel overheads. These issues have become more pronounced with the rapid growth of network traffic, often leading to performance limitations in software-based security appliances. To address these challenges, the Data Plane Development Kit (DPDK) was developed. DPDK bypasses the kernel and operates directly in userspace, offering significant improvements in performance and latency for packet processing tasks. However, DPDK's steep learning curve presents a barrier to entry for developers and network administrators. In recent years, P4 has emerged as a language specifically designed for expressing packet processing data paths. Building on this development, P4-DPDK has been introduced as a new technology that bridges P4 and DPDK. It allows developers to create P4 code which is then translated into a DPDK pipeline, combining the expressiveness of P4 with the performance benefits of DPDK. This workshop aims to provide researchers, students, developers, and practitioners with an introduction to P4-DPDK, followed by hands-on implementation of applications for mitigating cyberattacks. The workshop will cover the fundamentals of P4, including P4 building blocks, parser implementation, and match-action tables. It will then progress to cybersecurity applications, such as identifying heavy hitters and mitigating SYN flood and DNS amplification attacks, with 100Gbps traffic rates. Through hands-on experiments, participants will gain practical experience in using P4-DPDK to address common network security challenges. It will consist of presentations covering technical topics, followed by hands-on laboratory experiments.

Presenter bio

Elie Kfoury is an assistant professor in the College of Engineering and Computing at the University of South Carolina (USC). As a member of the Cyberinfrastructure Lab at USC, he developed training materials using virtual labs on high-speed networks, TCP congestion control, programmable switches, SDN, and cybersecurity. He is the co-author of a book “High-Speed Networks: A Tutorial,” that is being used nationally for deploying, troubleshooting, and tuning Science DMZ networks. Kfoury's training activities were funded by NSF Cybertraining grants. His research interests include P4 programmable data planes, computer networks, cybersecurity, and Blockchain. Kfoury received a Ph.D. degree in informatics from USC, in 2023.

Jorge Crichigno is a professor in the College of Engineering and Computing at the University of South Carolina (USC) and the director of the Cyberinfrastructure Lab at USC. He has more than 15 years of experience in the academic and industry sectors. Dr. Crichigno’s research focuses on P4 programmable switches, implementation of high-speed networks, network security, TCP optimization, offloading functionality to programmable switches, and IoT devices. His work has been funded by private industry and U.S. agencies such as the NSF, the Department of Energy, and the Office of Naval Research (ONR). He received his Ph.D. in computer engineering from the University of New Mexico in Albuquerque in 2009.

Kfoury and Crichigno have extensive experience in developing training materials and organizing hands-on workshops (activities primarily funded by NSF Cybertraining grants). The team has co-organized workshops with ESnet, the Minority Serving Cyberinfrastructure Consortium (MS-CC), TACC, WASTC, NYSERNet, FABRIC (RENCI), and others. A list of workshops can be found at https://research.cec.sc.edu/cyberinfra/workshops, and a list of training materials can be found at https://research.cec.sc.edu/cyberinfra/cybertraining.

Samia Choueiri is a Ph.D. student in the College of Engineering and Computing at the University of South Carolina (USC). Her research interests include SmartNICs, P4 switches, cybersecurity, and robotics. She received her master's in computer and communications engineering with emphasis in mechatronics engineering from the American University of Science and Technology in Beirut, where she also was a teaching assistant and lab instructor.

Description

Cybersecurity operations tasks such as vulnerability management, network security and defense, open source software security, and others are increasingly ripe and data-rich areas for Artificial Intelligence (AI)-enabled analytics techniques such as generative AI, natural language processing, network science, and others play a pivotal role. However, significant development of AI-enabled operational cybersecurity efforts remains within the confines of academic research arenas, with few transitioning their way to practitioner environments. Similarly, how to effectively integrate the human in the loop of AI-enabled operational cybersecurity artifact usage and adoption remains a critically important yet understudied topic. To this end, there is a significant need to (1) identify how researchers can effectively scope their AI-enabled analytics projects, (2) access appropriate data and facilitate effective data-sharing practices, and (3) effectively transition AI-enabled operational cybersecurity artifacts into operational environments. This workshop seeks to gather academics and practitioners engaging in AI-enabled operational cybersecurity to present and discuss topics related to three major areas: 1. Data - The crux of modern AI is the heavy reliance on data to train models. To this end, a core component of the workshop will be on effective ways to collect and share operational cybersecurity data. Topics to be covered include data sources, metadata, collection strategies, best practices for sharing, and lessons learned from past experiences. Obstacles and ways to overcome them will be clearly identified. 2. Artifacts - AI-enabled analytics algorithms and systems can often make their way into academic publications but still require significant efforts to effectively transition them into operational environments. Therefore, this workshop will also seek to examine how to properly scope the development of such artifacts, evaluate them, and effectively set up transition pipelines to practical environments. 3. Software sharing - AI-enabled analytics for operational cybersecurity environments have various confidentiality and privacy issues due to the data upon which they are trained. Consequently, there are often issues with the manner in which they can be shared (compared to other types of AI-enabled analytics). However, such sharing can often be critical for accelerating the adoption of AI-enabled practices across different operational cybersecurity environments. Therefore, this workshop will seek to discuss mechanisms and best practices for model sharing, storage, retraining, etc.

Presenters' bio

Dr. Sagar Samtani is an associate professor and Arthur M. Weimer Fellow in the Department of Operations and Decision Technologies at the Kelley School of Business at Indiana University (IU). He is the founding and executive director of IU’s Data Science and Artificial Intelligence Lab (DSAIL). Samtani graduated with his Ph.D. in 2018 from the AI Lab in the University of Arizona’s Management Information Systems (MIS) department in the Eller College of Management. From 2014 – 2017, Samtani served as a NSF CyberCorps Scholarship-for-Service (SFS) Fellow in the AZSecure Program at the University of Arizona. Dr. Samtani’s research focuses on developing AI-enabled analytics approaches for cybersecurity (open-source software security, cyber threat intelligence, advanced cyberinfrastructure security, AI risk management, dark web analytics), mental health, and business intelligence. Samtani has published more than 85 journal and conference papers on these topics in leading information systems venues such as MIS Quarterly, Information Systems Research, Journal of MIS, cybersecurity venues such as IEEE TDSC, ACM TOPS, IEEE Security and Privacy (S&P), and Computers and Security, machine learning venues such as ACM TKDD, ACM KDD, IEEE TKDE, IEEE ICDM, IEEE Intelligent Systems, and health outlets such as IEEE ICDH and CHITA. His research has received over $5M in funding from NSF’s cybersecurity programs, including Secure and Trustworthy Cyberspace (SaTC) for CTI research and AI for cybersecurity education, Cybersecurity Innovation for Cyberinfrastructure (CICI) for operational cybersecurity research, and CyberCorps SFS for cybersecurity Cyber-AI workforce development, and CISE Research Initiation Initiative (CRII). Dr. Samtani has co-founded workshops on AI for cybersecurity topics at ACM KDD and IEEE ICDM. He currently serves as an associate editor for ACM TMIS, ACM DTRAP, and Information and Management. Dr. Samtani was inducted into the NSF/CISA CyberCorps Hall of Fame in 2022 for his outstanding contributions to the cybersecurity community. He also won the AIS Early Career Award (2022) and Gordon B. Davis Young Scholar Award (2023) for his early career contributions to the field of information systems. He has also won the IEEE Big Data Security Junior Researcher Award (2023) and won the Outstanding Junior Faculty Award at IU (2023). He has received over 100 media citations from the Associated Press, Forbes, Miami Herald, Fox, Science Magazine, AAAS, and The Penny Hoarder. He is a member of INFORMS, AIS, ACM, IEEE, and INNS.

Anita Nikolichis the director of Research and Technology Innovation and research scientist at the University of Illinois, Urbana Champaign. She previously served as a program director for Cybersecurity in the Division of Advanced Cyberinfrastructure at the NSF. Prior to her work at the NSF she served as the executive director of Infrastructure at the University of Chicago. Past assignments include director of Global Data Networking at Aon and director of Security for Worldcom. She has explored how information technology and secure networking can best support the creation and sharing of scientific knowledge in virtual, mobile and physical contexts. She has presented to various organizations on strategic and technical issues ranging from the challenges in running a global campus to optimal redesign of the Large Hadron Collider network. She holds a Master of Science from The University of Pennsylvania and a Bachelor of Arts from the University of Chicago.

David Balenson joined USC-ISI in the Networking and Cybersecurity Division in August 2022. As associate director of the division, he supports strategic planning, analytics and planning, new business development, and communication and outreach for the division. Mr. Balenson is community outreach director for the NSF-funded Security and Privacy Heterogeneous Environment for Reproducible Experimentation (SPHERE) project. He is ISI's PI for the NSF-funded Open Community Platform for Sharing Vehicle Telematics Data for Research and Innovation project and co-leads the Sharing Expertise and Artifacts for Reuse for Cybersecurity Community Hub (SEARCCH) project. Mr. Balenson previously co-led the NSF-funded Cybersecurity Experimentation of the Future (CEF) project. Prior to joining ISI, Mr. Balenson was a senior computer scientist in the Computer Science Laboratory at independent, non-profit research institute, SRI International where he provided technical and programmatic support for the U.S. Department of Homeland Security Science and Technology Directorate (DHS S&T). Supported projects included the CAP, ACIC, COGS, CPSSEC, CyRiE, Smart Cities, TTP, and IMPACT. Over his career, Mr. Balenson has worked for the Johns Hopkins University Applied Physics Laboratory, SPARTA, McAfee/Network Associates, Trusted Information Systems, and National Institute of Standards and Technology. Balenson is on the steering, organizing, and/or program committees for ACSAC, NDSS, LASER, CSET, USEC, and VehicleSec.

Description

The Trusted CI Framework is a minimum standard for cybersecurity programs that can be used by any organization, regardless of age, size, or sector. However, the specifics of implementing the Framework will vary considerably depending on the specifics of the organization. One particularly challenging and important area is how to “get started” adopting the Framework. Implementing all 16 of the Framework’s Musts can be a daunting task, and organizations need help determining what to prioritize. This training will explore strategies for organizations seeking to adopt the Framework, with particular attention paid to the diversity of starting postures organizations can have. The training will focus on setting effective priorities, crafting realistic timelines, and overcoming common obstacles. Substantial time will be dedicated to Q&A with the trainees and brainstorming potential solutions to their real world challenges.

Presenters' bio

Scott Russell is a senior policy analyst with the Indiana University Center for Applied Cybersecurity Research (CACR), where his work focuses on the improvement of privacy and cybersecurity policy. A lawyer and researcher, Scott specializes in privacy, cybersecurity, and international law, and his past research has included principled cybersecurity, cybersecurity assessments, cybersecurity due diligence, cybersecurity self-governance, international data jurisdiction, and constitutional issues on digital surveillance. He is the program lead for the Trusted CI Framework, a co-author of Security from First Principles: A Practical Guide to the Information Security Practice Principles, and served as temporary faculty with Naval Surface Warfare Center Crane. He received his B.A. in computer science and history from the University of Virginia, received his J.D. from Indiana University, interned at MITRE, and served as a postdoctoral fellow at CACR. 

Craig Jackson is deputy director at the Indiana University Center for Applied Cybersecurity Research (IU CACR), where his research and development interests include cybersecurity program development and governance, cybersecurity assessment design and conduct, legal and regulatory regimes' impact on information security and cyber resilience, evidence-based security, and innovative defenses. He leads collaborative work with critical infrastructure and national security stakeholders, as well as interdisciplinary assessment and guidance teams for the NSF Cybersecurity Center of Excellence. He is the principal architect of the Trusted CI Framework. He is a co-author of Security from First Principles: A Practical Guide to the Information Security Practice Principles. Craig has served as a temporary faculty at Naval Surface Warfare Center Crane. He is a graduate of the IU Maurer School of Law, IU School of Education, and Washington University in St. Louis. In addition to his litigation experience, Craig’s research, design, project management, and psychology background includes work at the IU Center for Research on Learning and Technology and the Washington University in St. Louis School of Medicine.

Description

This panel will discuss the experiences from SIO (CCRV), OSU (RCRV), OOI, and USAP from their collaborations with the Secure by Design team. The projects the Secure by Design team have engaged with have unique cybersecurity challenges that exist due to their nature of having a strong reliance on operational technology (OT). One recurring issue that came up was an inability of the procurement process to ensure that the necessary cybersecurity controls were included in purchased OT. Looking into this issue further, several of the individuals involved in procurement at the facilities alluded to desiring some level of guidance in knowing what cybersecurity controls are essential, and thus, what questions to ask of vendors during the procurement process. Hence, the production of the Trusted CI OT Procurement Matrix; a list of essential controls for OT connected to research cyberinfrastructure, each associated with what to ask of a vendor to ensure the control is satisfied, but also why this control is essential. Members from CCRV, RCRV, and projects at OOI will share their experience and impact of using the Procurement Matrix. Future work and challenges will also be discussed, such as the need for acceptance testing procedures for IT/OT systems, the need for identity management solutions that can cross between IT systems and physical card-based security, and the need for backup systems and processes for critical cyberinfrastructure.

Presenters' bios

Dr. Sean Peisert is a senior scientist at at Lawrence Berkeley National Laboratory, where he leads computer security research and development. He is also a full adjunct professor of Computer Science at the University of California, Davis and of Health Informatics at the University of California, Davis School of Medicine. He is Director and PI of Trusted CI, the NSF Cybersecurity Center of Excellence.

Chris Romsos is the Datapresence systems engineer for the Regional Class Research Vessel Project at Oregon State University where he contributed to the scientific design and specifications for the RCRVs and now works with the vessel transition team. Chris earned a BS in environmental resource management from Penn State and an MS in marine resource management from Oregon State. Before joining the RCRV project, Chris worked for the Active Tectonics and Seafloor Mapping Lab at Oregon State where he specialized in geographic information systems and seabed mapping for marine habitat research and management.

Jon Meyer is the information systems manager within Shipboard Technical Support at Scripps Institution of Oceanography, helping lead SIO's oceanographic fleet in collecting and distributing high quality data from worldwide ocean research, including security.

Erik Stevens is supervisor of the Shipboard Cyber Infrastructure Support (ShipCIS) at Scripps Institution of Oceanography. He is an IT professional with nearly 20 years experience in information systems, including security.

Stephen Zoltan Kelety is approaching his eleventh year as the marine superintendent at the Scripps Institution of Oceanography, University of California San Diego, where he manages research vessels ROGER REVELLE, SALLY RIDE, ROBERT GORDON SPROUL, and research platform FLIP. Zoltan is a US Naval Academy graduate and is a 28-year veteran of the United States Navy, retiring in 2008 with the rank of captain. He served the nuclear powered attack submarines HYMAN G. RICKOVER, WHALE, and LA JOLLA and ballistic missile submarine GORGE C. MARSHALL and commanded the world’s deepest diving submarine DOLPHIN. He additionally served as director of the US Navy’s Arctic Submarine Laboratory and completed a submerged winter Atlantic to Pacific crossing of the Arctic Ocean passing beneath the North Pole. He is a veteran of the Second Gulf War serving as the planning officer for the CONSTELLATION Battle Group and CTF 55.

Craig Risien received a M.S. in Oceanography from the University of Cape Town in 2002 and a M.S. in marine resource management from Oregon State University’s (OSU) College of Earth, Ocean, and Atmospheric Sciences in 2006. Since starting work at OSU in 2006, Risien has led or contributed to several research programs and projects including the creation of scatterometer-based global ocean wind climatologies, the development of a novel meteorological drought index, and several investigations that focused on northern California current system dynamics. As a product developer and Data Management and Cyberinfrastructure (DMAC) specialist for the Northwest Association of Networked Ocean Observing Systems (NANOOS) from 2007-2021, Risien engaged stakeholders including scientists, the U.S. Coast Guard, and commercial fishers to build products and applications that helped inform research and day-to-day operations. Risien has worked as part of the Ocean Observatories Initiative (OOI) Endurance Array mooring and data teams since 2010 and more recently as the operations manager for the OSU OOI data center. He is currently the project manager and co-PI for the OOI Cyberinfrastructure Data Center.

Tim Howard is the information technology support manager and the information security manager for the U.S. Antarctic Program (USAP), coming to NSF from the National Oceanic and Atmospheric Administration (NOAA) where he served as the information security team lead for NOAA's weather satellites.

Description

WISE (Wise Information Security for collaborating E-infrastructures) is an international community with participants spanning North America, Europe, Asia and Australia. WISE provides a trusted global environment where security experts from general and research domain-specific Infrastructures can share information on topics such as risk management, trust frameworks, operational security and threat intelligence sharing. With participants from e-infrastructures such as EGI, WLCG, GEANT, EOSC, Trusted CI, NRENs and more, the main aim of WISE is to promote best practice in information security by developing trust frameworks, template policies and guidelines for e-infrastructures. The actual work of WISE is performed in focused working groups, each tackling different aspects of collaborative security and trust. While much of the working group work is performed by conference calls and e-mail, experience has shown that we can make very good progress by holding face-to-face WISE events. These events were held at least twice a year before the long shutdown during the COVID-19 pandemic. Some working groups have continued to work virtually since then. As a community we last met in person at the NSF Cybersecurity Summit in 2023 and it would be very good to have the opportunity to meet again at the Summit in 2024. One of the main aims should be to explore closer collaboration with Trusted CI and the NSF research communities.

Presenter bio

David Crooks - GridPP and IRIS information security officer and co-chair of WISE Incident Response and Threat Intelligence work group.

Implementing the OSTP Cybersecurity requirements for research security programs, plus NSFs SECURE Initiative.

Presenters:

Rodney Petersen is the Interim Chief of the Applied Cybersecurity Division and Director of NICE, advancing cybersecurity education and workforce development, at the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce. He previously served as the Managing Director of the EDUCAUSE Washington Office and a Senior Government Relations Officer. He founded and directed the EDUCAUSE Cybersecurity Program and was the lead for the Higher Education Information Security Council. He also worked at the University of Maryland as the Director of IT Policy and Planning in the Office of the Vice President and Chief Information Officer. He also held the role of Campus Compliance Officer in the Office of the President.  He also completed one year of federal service as an Instructor in the Academy for Community Service for AmeriCorps' National Civilian Community Corps during the Clinton Administration. He is the co-editor of a book entitled "Computer and Network Security in Higher Education". He received his law degree from Wake Forest University and bachelors degrees in political science and business administration from Alma College. He was awarded a certificate as an Advanced Graduate Specialist in Education Policy, Planning, and Administration from the University of Maryland.

Michael Corn is the Cybersecurity Advisor for Research Infrastructure at the National Science Foundation, where he supports both the Chief Officer for Research Facilities and the Office of the Chief Officer for Security Strategy and Policy.

Description

As our environments grow increasingly complex, monitoring for performance and security issues is a critical need we all must prioritize and integrate with proper staffing, procedures, practices and tools. We are all constrained by budget and staffing needs, so identifying the right people and tools is key to a successful implementation. Visibility leveraging different viewpoints across our environments can identify performance issues before they become serious problems and provide security insights that may be difficult to identify by correlating activity across the entire infrastructure. I will provide an overview of procedures, practices, and use cases to improve performance and security monitoring for all areas to benefit from having visibility and awareness for their services when they are working well or when issues do take place. I will discuss our outreach to various areas around the university to leverage our tools and the benefits available to researchers for comparisons with their experimentation. As more services move to the cloud, ensuring our cloud services are reliable and available are also becoming critically important. We work closely with our IT teams and others to ensure our cloud services are available and reliable for everyone. Some of our tools provide traditional monitoring services, others are modern monitoring services focusing on security and performance. We do our best to leverage these tools to their fullest and provide our departments with a team to support them for analysis and troubleshooting when needed. The partnerships we have developed have been key to our success and our partners now have the visibility they need for detecting security issues and supporting key decisions for their services.

Presenter bio

Joseph Karam director, Enterprise Monitoring Services at Princeton University. I have been working at Princeton University since 2008 in various infrastructure leadership roles including managing email and web infrastructure, network management, and enterprise monitoring services. In all of my roles I have successfully led numerous strategic efforts to improve technology services and security for the entire university community. Prior to joining Princeton, I worked at Hamilton College in the role of director for Networking and Telecommunications for more than eight years and at the University of Rochester as a senior UNIX systems administrator for more than four years. Specialties include UNIX/Linux/Windows Systems Administration, Cisco Network Administration, HPE Aruba Wireless Management, IT security, firewall management, Office 365 and Google workspace administration, Microsoft SharePoint, DNS/DHCP/IP Address management, and managing network and server performance and security monitoring tools.

Description

Over the first half of 2024, Trusted CI conducted a Framework Cohort engagement with six NSF facilities, including four NSF Mid-scale projects. This panel discussion will feature participants from the most recent Framework Cohort discussing the unique experiences and challenges of Mid-scale projects in building and operating cybersecurity programs.

Presenter bio

Scott Russell is a senior policy analyst with the Indiana University Center for Applied Cybersecurity Research (CACR), where his work focuses on the improvement of privacy and cybersecurity policy. A lawyer and researcher, Scott specializes in privacy, cybersecurity, and international law, and his past research has included principled cybersecurity, cybersecurity assessments, cybersecurity due diligence, cybersecurity self-governance, international data jurisdiction, and constitutional issues on digital surveillance. He is the program lead for the Trusted CI Framework, a co-author of Security from First Principles: A Practical Guide to the Information Security Practice Principles, and served as temporary faculty with Naval Surface Warfare Center Crane. He received his B.A. in computer science and history from the University of Virginia, received his J.D. from Indiana University, interned at MITRE, and served as a postdoctoral fellow at CACR.

Description

We have enough to do in scientific CI security, why add AI security to our list!? What even is it? The 2023 White House Exec Order on Trustworthy AI brought "AI Red Teaming" to the forefront, but it's been done for years at large companies. (If you tried to trick ChatGPT into giving a response it's not supposed to, you've already done AI Red Teaming.) Few best practices exist that define the scope of AI risk and the function of an AI Red Team. I'll define terms, show examples of AI Red Teaming in practice and what it's trying to do, suggest who's best to do it, talk about AI attacks we wouldn't even notice with standard monitoring, and give the rationale as to why it's vital in R&E and open science community, where interference with the many machine-learning models in the scientific workflow can have devastating consequences. Can we build a community of practice around AI Security for Science?

Presenter bio

Anita Nikolich research scientist and director of Research Innovation, UIUC

Description

The evolving network landscape and rise in cybersecurity threats have forced many organizations to rethink their security posture. The increased activity from malicious actors and nation-states have instilled a sense of urgency in finding new methods and approaches to security. In recent years, attackers have shown that major gaps exist in current cybersecurity practices, leaving many organizations just one click away from a major security incident that can cause loss of revenues, loss of data, and damage to an organization’s reputation. Network managers often use firewalls and other devices to create a strong perimeter around enterprise networks, however, this does not consider that once inside the perimeter, an attacker can move laterally through a company’s internal network with little restrictions. With the increasing adoption of mobile, cloud, and remote technologies, a singular perimeter is now a thing of the past and has become more challenging to enforce. We have seen an explosion in this area during and after the pandemic. Many organizations have chosen to move to a cloud or hybrid cloud environment due to the cost and resources required to operate an on-premises data center. With new attack vectors and technological changes, perimeter-based security models are moving toward obsolescence as they no longer are able meet the needs of today’s distributed infrastructure. Zero Trust Network Architecture (ZTNA) promises a solution to the various security challenges of the perimeter-based security model. Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of an access request. Grounded in the principle of “never trust, always verify,” Zero Trust protects modern environments by using robust authentication methods, leveraging network segmentation, preventing lateral movement, and simplifying granular, “least access” policies. Zero Trust was created because traditional security models operate on the outdated assumption that network managers should implicitly trust all devices on their internal network. This implicit trust means that once on the network, users, including threat actors and malicious insiders are free to move laterally and access or exfiltrate sensitive data due to a lack of granular security controls. Despite the prevailing attitude that most threats are external, research has shown that the source of attacks is approximately even between external attackers and insiders. Insiders and devices labeled as trusted have become a serious cause for concern for many organizations. With the rapid proliferation of Internet of Things (IoT) devices, networks have become extremely vulnerable. These devices are often resource constrained with little to no security built in, which makes them more enticing for attackers. Additionally, they tend to bypass traditional Zero Trust solutions designed to validate authentication and access requests. IoT devices often lack the capability for agents or the ability to attest to the device identity. This proposal presents a method of authentication by profiling the network traffic and building unique fingerprints for IoT devices. The fingerprints are a representation of the behavior of the IoT devices. Through extensive packet capture, feature extraction, and machine learning, unique profiles are created for each device. The unique profile is a representation of a fingerprint. Just like human beings have multiple fingerprints, an IoT device can also have various fingerprints; however, a fingerprint is unique to a single device. We then compare the on-demand generated fingerprints to those in the database and update the flow tables of a software-defined networking (SDN) switch, accordingly, ensuring that only devices that are vetted and allowed can communicate on the network. Due to their limited functionality, IoT devices behave in a specific pattern and are often highly predictive. The predictive nature of IoT device traffic and their limited protocol set make them a candidate for this method of authentication and access control. This authentication method can satisfy Zero Trust Architecture’s identity management and access control component.

Presenters' bio

Vinton Morris received the MS degree in information systems from the University of Maryland, Baltimore County, Baltimore, MD, in 2011. He is a PhD candidate in Secure Embedded Systems at Morgan State University, Baltimore, MD in the Cybersecurity Assurance and Policy (CAP) Center. His research focuses on the security of computer networks and Internet of Things using zero trust, and software defined networks. Additionally, he is interested in using machine learning to solve various network security problems.

Kevin T. Kornegay received a B.S. degree in electrical engineering from Pratt Institute, Brooklyn, NY, in 1985 and an M.S. and Ph.D. in electrical engineering from the University of California at Berkeley in 1990 and 1992, respectively. He is the Eugene DeLoatch Endowed Professor and director of the Cybersecurity Assurance and Policy (CAP) Center at Morgan State University in Baltimore, MD. His research interests include hardware assurance, hardware/software reverse engineering, system-on-chip (SoC) design, secure embedded systems, and secure autonomy. He serves on the technical program committees of several international conferences, including the IEEE Symposium on Hardware Oriented Security and Trust (HOST), the IEEE Secure Development Conference (SECDEV), USENIX Security 2020, the IEEE Physical Assurance and Inspection of Electronics (PAINE), the IEEE Symposium on VLSI Technology and Circuits, and the ACM Great Lakes Symposium on VLSI (GLSVLSI). He serves on the NIST IoT Advisory Board, the State of Maryland Cybersecurity Council, and the National Academy of Sciences Intelligence Community Science Board Cybersecurity Committee. He has received numerous awards, including the NSF CAREER Award, IBM Faculty Partnership Award, National Semiconductor Faculty Development Award, and the General Motors Faculty Fellowship Award. He is an AAAS Fellow, a Senior Member of the IEEE, and a member of the Eta Kappa Nu, Sigma Xi, and Tau Beta Pi engineering or scientific research honor societies.

Kevin T. Kornegay received a B.S. degree in electrical engineering from Pratt Institute, Brooklyn, NY, in 1985 and an M.S. and Ph.D. in electrical engineering from the University of California at Berkeley in 1990 and 1992, respectively. He is the Eugene DeLoatch Endowed Professor and Director of the Cybersecurity Assurance and Policy (CAP) Center at Morgan State University in Baltimore, MD. His research interests include hardware assurance, hardware/software reverse engineering, system-on-chip (SoC) design, secure embedded systems, and secure autonomy. He serves on the technical program committees of several international conferences, including the IEEE Symposium on Hardware Oriented Security and Trust (HOST), the IEEE Secure Development Conference (SECDEV), USENIX Security 2020, the IEEE Physical Assurance and Inspection of Electronics (PAINE), the IEEE Symposium on VLSI Technology and Circuits, and the ACM Great Lakes Symposium on VLSI (GLSVLSI). He serves on the NIST IoT Advisory Board, the State of Maryland Cybersecurity Council, and the National Academy of Sciences Intelligence Community Science Board Cybersecurity Committee. He has received numerous awards, including the NSF CAREER Award, IBM Faculty Partnership Award, National Semiconductor Faculty Development Award, and the General Motors Faculty Fellowship Award. He is an AAAS Fellow, a Senior Member of the IEEE, and a member of the Eta Kappa Nu, Sigma Xi, and Tau Beta Pi engineering or scientific research honor societies.

Description

Introduction. The unique environment of maritime research vessels presents a complex array of cybersecurity challenges. This session aims to highlight these challenges, share lessons learned, and showcase significant successes within the US Academic Research Fleet, with a particular focus on the role of OmniSOC and the recent cyber incident drill conducted on the RV Sikuliaq in April 2024. Cybersecurity Challenges in Maritime Research Maritime research vessels, integral to the US Academic Research Fleet, operate in isolated and harsh environments, making them vulnerable to a myriad of cybersecurity threats. These include: isolation from traditional security infrastructure: The physical isolation and limited connectivity of research vessels impede real-time monitoring and quick incident response. Diverse and Dynamic Research Environments: Vessels host a variety of scientific equipment and data collection systems that require integration with the ship’s IT infrastructure, increasing the attack surface. Limited Cybersecurity Expertise Onboard: The primary focus of onboard personnel is scientific research, often leaving a gap in specialized cybersecurity skills necessary for robust defense. Role of OmniSOC in Enhancing Maritime Cybersecurity OmniSOC, a collaborative cybersecurity operations center for higher education and research, plays a crucial role in fortifying the cybersecurity posture of the US Academic Research Fleet by: providing centralized monitoring and incident response: OmniSOC offers continuous monitoring and rapid incident response capabilities, which are critical for vessels operating in remote locations. Deploying Advanced Threat Detection Technologies: OmniSOC enhances the detection of sophisticated threats that might bypass traditional security measures. Facilitating Information Sharing and Best Practices: OmniSOC promotes the exchange of cybersecurity intelligence and best practices among the academic and research community, fostering a more resilient cybersecurity environment. Cyber Incident Drill on the RV Sikuliaq In April 2024, a comprehensive cyber incident drill was conducted on the RV Sikuliaq, a state-of-the-art research vessel. This drill was a pivotal exercise designed to evaluate and enhance the vessel’s cybersecurity readiness. Key components of the drill included: Simulated Cyber Attack: An attack scenario was developed that included a ransomware attempt and was simulated to test the response protocols and resilience of the ship’s IT systems and crew protocols. Coordination with OmniSOC: Real-time collaboration with OmniSOC enabled effective threat identification, analysis, and mitigation strategies, demonstrating the value of centralized support. Post-Drill Analysis and Improvement: The drill concluded with a thorough debrief and analysis, highlighting areas for improvement and reinforcing successful strategies. Lessons learned were documented to refine future responses and policies. Lessons Learned and Significant Successes The exercise on the RV Sikuliaq provided invaluable insights into the maritime cybersecurity landscape: Enhanced Incident Response Protocols: The drill underscored the importance of having well-defined and practiced incident response protocols, tailored to the unique challenges of maritime environments. Improved Collaboration and Communication: The success of the drill highlighted the critical role of seamless communication and collaboration between onboard personnel and OmniSOC analysts. Strengthened Security Posture: The proactive identification and mitigation of vulnerabilities during the drill significantly bolstered the vessel’s overall cybersecurity posture.

Presenters' bio

Julian Race is the IT manager for the RV Sikuliaq, a 261-foot research vessel owned by the NSF and operated by the University of Alaska. Julian has been working in IT and at sea for more than 15 years, and recently completed his master's degree in oceanography at the University of Rhode Island.

Michael M. Simpson is a senior security analyst on OmniSOC's Security Services team. Michael serves as the chief information security officer (CISO) for the United States Academic Research Fleet (ARF), as part of contracted services with OmniSOC. Michael's 20 plus year career in IT has primarily been focused on cybersecurity in higher education and research. Micheal is also a senior security analyst with Trusted CI, the NSF Cybersecurity Center of Excellence.

Mikeal Jones is a security analyst at OmniSOC. He has 20+ years of professional experience in higher education spanning IT leadership and operational strategy, security and policy, systems architect and administration, project management, workflow specialist, and customer service and support. Mikeal has contributed to the creation of processes, procedures, and standards at all levels of IT operation within Indiana University Bloomington’s largest division, the College of Arts + Sciences, and provided services and support to more than 100 unique departments, programs, centers, and institutes. Mike is passionate about protecting and supporting the technology OmniSOC members use in their pursuit of knowledge, the advancement of science, and in finding solutions to real world problems.

Chris Romsos is the Datapresence systems engineer for the Regional Class Research Vessel Project at Oregon State University where he's contributed to the scientific design and specifications for the RCRVs and now works with the vessel transition team. Chris earned a BS in environmental resource management from Penn State and an MS in marine resource management from Oregon State. Before joining the RCRV project, Chris worked for the Active Tectonics and Seafloor Mapping Lab at Oregon State where he specialized in geographic information systems and seabed mapping for marine habitat research and management.

Description

The University of Arizona has supported Controlled Unclassified Information (CUI) research since 2017 using Amazon Web Services (AWS) GovCloud. The service was deployed to provide computational and storage services. Demand for additional services has grown to include the need for High-Performance Computing (HPC) services. In 2023, the university embarked on a journey to support CUI research using HPC. For many years, University of Arizona researchers have relied on DoD HPC services to fulfill the ever-growing need for secure HPC services. The journey to supporting HPC for CUI workloads has been time-consuming and riddled with hurdles and complexities associated with HPC systems and the NIST 800-171 compliance requirements. At the same time, it has been rewarding to accomplish the difficult task of providing a high-demand service. The University of Arizona was able to capitalize on some components of the existing CUI control family services like access control, logging and monitoring, awareness and training, risk management and security assessment, and situational awareness. Other control families had to be developed to support HPC operations while maintaining compliance. While several technical aspects such as FIPS compliance, virtualization, data transmission, and networking security were major hurdles, much effort was spent documenting appropriate controls and procedures.

Presenter bio

Ryan Duitman is a program manager for the University of Arizona’s Controlled and Regulated Research Services Program (CRRSP) which focuses on supporting campus researchers working with restricted data. His IT career started as a student employee supporting end users while working on his bachelor's degree. Post graduation, he started a full-time position at The University of Arizona supporting many of the upper-level administrative offices. While finishing up his MBA degree, he accepted additional duties managing a project to acquire a new High-Performance Cluster (HPC). At the close of the project, he transitioned full-time into project management primarily managing large-scale infrastructure projects. Currently, as the CRRSP program manager, his focus is on the regulatory compliance of the program’s infrastructure and processes as well as collaborating with other compliance offices.

Description:

It is widely held that security is a team sport.  Hear from Carnegie Mellon University's CIO, CISO, and CRO about their approach to cyber risk mitigation through teamwork, relationship, and shared ownership.

Moderator:
David Ulicne, Executive Director - Executive Education CMU Heinz College

Panelists:
Stan Waddell, Vice President for Information Technology and Chief Information Officer  – Carnegie Mellon University
Mary Ann Blair, Associate Vice President and Chief Information Security Officer  – Carnegie Mellon University

Description

Our goal is for participants to leave the BoF session with refreshed ideas of how collaboration internally to an institution and within the community can provide benefits to their programs.

Presenters' bio

Laura Elkin has more than 20 years of experience in cybersecurity and information technology with experience in higher education and K12 environments as well as private industry. With a background in NIST cybersecurity assessment and risk management, she is passionate about collaborating with different teams to identify creative solutions to drive down their cyber risk. Laura has experience helping organizations evaluate their cyber risk, and working with teams to understand and mitigate or remediate those risks. Laura is the director of Restricted Research for University of Cincinnati overseeing Export Control and Controlled Unclassified Information projects. She works closely with researchers to meet their cybersecurity requirements for grants and contracts. She specializes on working with researchers on their DoD cybersecurity requirements and is partnering with the CISO to lead UC’s CMMC efforts.

Lauren Schroeder is currently the executive director of the Texas A&M University System Export Control Office, a component of the A&M System Research Security Office. She provides administrative oversight to the A&M System’s 11 universities and eight state agencies‘ export controls programs in this capacity. As a shared service, the System Export Control Office leads a system-wide affinity group, a consortium of all practitioners within the A&M System, to provide assistance and guidance in all export control-related matters. Before assuming this position, she systematically developed, implemented, and administered export control programs and served in other research compliance and policy-related roles. Lauren earned a BS and MS from Texas A&M University.

Maria Bunch is a compliance officer at the Texas A&M University System, Research Security Office (RSO). In this role, she works collaboratively with the System’s 11 universities and eight state agencies leading the Controlled Unclassified Information (CUI) program while also assisting in export controls compliance. Prior to working at the System RSO, she worked for a System member creating an export control program and implementing processes to address export control compliance. Maria earned a BA from Columbia College and a MS from Chapman University.