Science Gateway Community Institute

Trusted CI has entered into a collaboration with the Science Gateway Community Institute (SGCI). Funded by NSF, the SGCI provides services, resources, community support, and education to those seeking to create and sustain science gateways -- online interfaces that give researchers, educators, and students easy access to specialized, shared resources that are specific to a science or engineering discipline.

Through SGCI’s Incubator program, Trusted CI offers specialized engagements, or consultations, to science gateway developers and operators seeking cybersecurity support. Additionally, Trusted CI presents on relevant cybersecurity topics during SGCI’s focus weeks (formerly called “bootcamps”).

Resources offered by Trusted CI include:

• Developing a Cybersecurity Program: a tractable method to build policies and procedures for cyberinfrastructure

• Cybersecurity checkups: a tailored approach to accessing the maturity of a security program

• Identity and Access Management: a collection of resources to improve authentication and authorization

• Open Science Cyber Risk Profile: providing risk profiles for common scientific assets

• Training: providing training on cybersecurity via Science Gateway focus weeks and webinars

• Providing advice to the SGCI team on protecting their own internal information assets.

Interested science gateway developers and operators interested in obtaining help with cybersecurity should contact SGCI at: https://sciencegateways.org/consulting/work-with-us.

Engagements

Below are a few examples of Trusted CI's contributions to science gateways

• GISandbox: Reviewed their operational security and science gateway code

• 'Ike Wai: Reviewed their identity and access management (IAM) implementation

• EarthCube Data Discovery Studio: Reviewed the security of the project server and website

• UC SanDiego's BRAIN Lab: Advised on using the cloud storage service, Box, for one of their projects

• The Rolling Deck to Repository (R2R): Presented best practices in transferring and archiving data

• SeedMeLab: Advised the project on using software penetration testing

• cloudperm: Trusted CI has written an app that checks permissions on Google documents to identify potential sensitive material accessible to the public. This scan has been used by SGCI to review its own documents.

Events

• The SGCI focus week is now a virtual event. Sign up for their newsletter for upcoming dates.