NSF awards $5 million for cybersecurity effort including UW-Madison

The security of the more than $7 billion in research funded by the National Science Foundation (NSF) will be significantly bolstered, thanks to a $5 million grant awarded to Indiana University, the University of Wisconsin–Madison, the National Center for Supercomputing Applications (NCSA) and the Pittsburgh Supercomputing Center (PSC) for a collaborative effort to create the NSF Cybersecurity Center of Excellence.

The funding will establish the Center for Trustworthy Scientific Cyberinfrastructure (CTSC), an entity focused on addressing cybersecurity challenges of NSF research.

Ensuring that scientific computing remains trustworthy and uncorrupted is essential in protecting the nation’s research. In its role as a center of excellence, the CTSC will provide readily available cybersecurity services tailored to the NSF science community. These resources will include leadership and coordination across organizations, and education and training to expand the pool of available cybersecurity expertise.

“NSF-funded cyberinfrastructure presents unique challenges for operational security personnel and impacts other important areas of research affecting society, including ocean sciences, natural hazards, engineering, biology and physics,” says Anita Nikolich, cybersecurity program director in NSF’s advanced cyberinfrastructure division.

Ensuring that scientific computing remains trustworthy and uncorrupted is essential in protecting the nation’s research.

“Organizations that host cyberinfrastructure must find the right balance of security, privacy and usability while maintaining an environment in which data are openly shared. Many research organizations lack expertise in technical and policy security, and could benefit from an independent, shared security resource pool.”

The center will collaborate directly with NSF-funded research organizations to address their cybersecurity challenges and provide forums for cybersecurity collaboration across organizations. For example, Jim Basney of the National Center for Supercomputing Applications will lead CTSC support activities on the topic of identity and access management for research organizations. The CTSC will also convene an annual NSF Cybersecurity Summit, led by James A. Marsteller, security officer at the Pittsburgh Supercomputing Center, to share experiences, provide training and discuss cybersecurity challenges.

“Cybersecurity is no longer solely a technical matter. It’s a critical part of any organization’s risk management,” says Von Welch, director of Indiana University’s Center for Applied Cybersecurity Research (CACR) and CTSC principal investigator. “Addressing the cybersecurity risks to science requires a comprehensive understanding of research and the threats it faces. Many of these threats are those faced by other organizations on the Internet, but others are unique to the science community with its collaborative nature and use of high-end information technology and cyberinfrastructure.”

An example of a safeguard the CTSC will promote is software assurance, with Barton Miller, a computer sciences professor at the University of Wisconsin–Madison, offering his expertise to reduce the risks of vulnerabilities and breaches for researchers.

What’s more, says Miller, there is a groundswell of security-related activity at Wisconsin. “UW-Madison is going beyond a center of research in cybersecurity. We have also become a state, national and international resource in security education, training and best practices. We actively collaborate with companies, government agencies and labs, and other universities on critical issues in security.”

CTSC will also collaborate with the U.S. Department of Energy’s Energy Sciences Network (ESnet) to develop a threat profile for open science.

“The Department of Energy and NSF enable scientific discovery in a range of domains critical to our nation’s future,” says Greg Bell, director of ESnet and division director at the Lawrence Berkeley National Laboratory. “Working together to understand cybersecurity threat models shared by these collaborations is an important step forward for the two agencies, and ESnet is delighted to be collaborating on this effort.”