Trusted CI Celebrates Five Years of Trustworthy Science

By Von Welch, Indiana University

May 1, 2018

Editor’s note: In this contributed piece, Von Welch, director and PI of Trusted CI and the director of Indiana University’s Center for Applied Cybersecurity Research (CACR) fields questions about the initiative, providing a high-level look at the mission of Trusted CI, which is in its sixth year of service assisting the NSF goal of creating high-quality, trusted cyberinfrastructure that supports high-quality, trusted science.

Before Trusted CI, much of the NSF community assumed cybersecurity was a barrier to the mission of science. Scientists are used to managing risks to their research – bias, data corruption, instrument failure, etc. – but the connection between computer attacks and these risks was ambiguous. Trusted CI’s flexible approach balances baseline practices with risk management and emphasizes the mission of scientific research. Science and security are not mutually exclusive, and this perspective helps the community move project practices from avoiding cybersecurity to embracing it. As the NSF Cybersecurity Center of Excellence, Trusted CI continues to develop the understanding of how cybersecurity can be a supportive, enabling tool for productive, trustworthy research.

What is Trusted CI? What sets it apart from other cybersecurity initiatives?

Trusted CI – originally known as the Center for Trustworthy Scientific Cyberinfrastructure (CTSC) – has now been around for a little over 5 years. It was established with a $4.297 million grant from the National Science Foundation (NSF) to help build community around producing trustworthy computational science. The NSF funds over $7 billion dollars of research every year, spread over 11,000 different projects. Making sure that all this scientific research is happening in a manner that is secure and trustworthy, which are the foundations to reproducible science, is a key concern.

But it’s easy to come down and do really onerous, heavyweight cybersecurity – to lock down the computers so much that they’re secure and absolutely no science is getting done. Trusted CI originally started working with individual science projects and building a community – hosting an annual conference, inviting people to come together, giving talks, and raising awareness. Then we started to produce cybersecurity practices that would manage risks to science but with enough flexibility that different projects (everything from neutrino sensors under the ice to telescopes on top of mountains) could adapt them while maintaining science productivity.

Audience members at the Understanding Risk in Shared CyberEcosystems workshop at SC17 in Denver, Colorado. Trusted CI provided an introduction to open source materials and guidance on fostering leadership and government buy-in for investing in cybersecurity for higher education.

Why don’t off-the-shelf enterprise IT solutions work in this situation?

Most of enterprise IT tends to be desktop machines or server machines in a typical office environment with typical office applications. But if you take the checklist that works for that and start applying it to the computer that runs a telescope or the computers sharing the data that’s coming out of CERN …Those types of huge data flows and large-scale collaborations would be one of the first things that break when you start talking about standard firewall (security) setups.

How does good cybersecurity boost science?

Our real concerns are: 1) If someone calls scientists onto the carpet and says ‘Hey your data has been tampered with,’ you want to be able to come back with “No, I don’t believe that’s true, and here are all the steps we take to make sure it hasn’t.” Imagine somebody calling a climate scientist and saying this data is all nonsense, making claims like “We hacked into that ten years ago and we’ve been manipulating your data for the last 10 years.” Now you’re left disproving a negative. If you don’t have a program like this in place, then you’re just in the muck of finger pointing.

The other thing we want to do is prevent a perceived vacuum in cybersecurity from spurring a really onerous program. You see some of this right now in Congress. They’re concerned about theft of intellectual property in the pre-patent stage or in an early research stage that might become classified down the road. And they may come in and impose one of these more onerous, heavyweight structured cybersecurity programs on the NSF scientific community, and say, ‘We don’t care if you’re doing genomics or physics or chemistry, you’re all going to take a one-size-fits-all cybersecurity program.’ It would just kill productivity.

These are the two things you’re always trying to balance – the risks versus your mission. Without understanding how the risks and mission relate, it’s easy to overemphasize risk eradication. You’ve got to balance safety with the productivity of the science mission. We want to make sure the community has a solid program in place, so someone doesn’t get fearful and come in and try to force something upon them.

Why is trust important?

So much of science is collaborative these days. The physics communities studying gravity waves and new particles are leaders in this. I forget how many hundred plus institutions are involved in the LHC. These institutions need to collaborate; they’re giving each other access to each other’s computers. Having these baseline cybersecurity programs in place means you can look at each other and go, okay, I don’t know all the ins and outs of your university. But I know you’re at least putting some baseline practices in place, and I can have some good marginal trust. We go a long way in establishing collaboration around that.

What can a potential Trusted CI collaborator expect?

The first thing we tell folks is we’re always open for brief consultations. If you’ve got a question or you just want to spend an hour on the phone with a cybersecurity expert, then drop us an email. A lot of effective work happens that way. People often need a quick sanity check or to know what’s normal.

Others come to us with a hairier issue or an existing program where they want somebody to come through and tell them if they’ve missed anything. That’s what we would call an engagement. We get more of those requests than we have time for, unfortunately – so we evaluate them based on the skills we think they’re going to take, the science they’re going to do, how ready they really are to work with us. Every six months we pick the ones we’re going to work with, and then we have a team that goes and works with them.

We really say, if it’s related to cybersecurity we’ll take it on. We’ve done everything from working with a group in the city of Chicago on privacy issues around their sensors (Array of Things), to a software group trying to figure out how to run this particular weird scenario on clusters that don’t run a grid software stack so we have no way of doing delegation. We worked with them to come up with the best answer that balances risk and productivity.

How does a longer Trusted CI engagement unfold?

We’ll spend about six months working with them. We expect them to be collaborative. Usually we’re spending a fair amount of the time in the beginning saying describe your problem to us – What are your use cases? Walk us through what you’re trying to do. Who are your stakeholders? Who has to be satisfied with this answer? We’ll go talk to different people in the organization. We’ll make calls. Then we sit down and perform analysis, and we’ll come up with our report.

This is not a situation where they throw a security problem over the wall to us, we fix it and deliver it to them on a silver platter. At the end of that six months, the solution needs to be sustainable. They’re going to have to take whatever we’ve given them and maintain it. What we’re really trying to do is teach everybody to fish.

What resources do you provide for the larger NSF community?

We have a couple sets of guidelines out there right now. Our most used is what we call our Cybersecurity Practice Guidelines – we just call it the Guide internally. The cybersecurity community uses a lot of scare tactics. One of the things we found working with projects early on was communities out there were already nervous about cybersecurity and what could be going wrong. They just didn’t know what to do about it.

The Guide walks you through the basic process of starting a cybersecurity program – little things like you need to designate somebody as the person responsible, and they’re going to need a budget to hire some people to give some guidance. If you have an IT budget, you’re probably looking at 5 percent of that to start with.

What are the basics of starting a cybersecurity program?

Some people just pick up the Guide and start working, in which case we’re happy to have a couple phone calls and walk through it. But mostly we’ve empowered them to do that on their own. The first thing they’re going to do is create a master information policy, which lists everything they have: What’s the acceptable use? What can you use our infrastructure for? Can you use our computers to mine bitcoin? Then, What are our key risks? Just figuring out really basic questions and walking them through things.

Then we get them to the point of “Now we’ve got the basics done, what do we do about this computer on a telescope over here? We’re constantly told we have to keep its patches up to date.” Well, it’s running a version of Solaris that’s now ten years old that hasn’t had a patch put out for, you know, nine years. So how are we supposed to keep this thing secure? We can’t change it because that’s the only computer that can run this telescope. They’re in these situations that you can’t just yell at them for – so it’s a process of walking them through developing a program, documenting how you keep things up to date and what’s the process.

Von Welch

Once a year you have to revisit this. The Guide basically provides them with a series of templates, so you can take somebody who knows the project relatively well but is not a cybersecurity expert and walk them through the process. Really what we are doing is building up cybersecurity expertise in the community through our guides. It becomes kind of a training program in the form of a set of templates and documented how-tos.

 

For more on Trusted CI, visit trustedci.org.

Von Welch is director and PI of Trusted CI, as well as the director of Indiana University’s Center for Applied Cybersecurity Research (CACR).

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

When in Rome: AMD Announces New Epyc CPU for HPC, Server and Cloud Wins

September 18, 2019

Where else but Rome could AMD hold the official Europe launch party for its second generation of Epyc microprocessors, codenamed Rome. Today, AMD did just that announcing key server wins, important cloud provider wins Read more…

By John Russell

Dell’s AMD-Powered Server Line Targets High-End Jobs

September 17, 2019

Dell Technologies rolled out five new servers this week based on AMD’s latest Epyc processor that are geared toward data-driven workloads running on increasingly popular multi-cloud platforms as well as in the HPC data Read more…

By George Leopold

Cerebras to Supply DOE with Wafer-Scale AI Supercomputing Technology

September 17, 2019

Cerebras Systems, which debuted its wafer-scale AI silicon at Hot Chips last month, has entered into a multi-year partnership with Argonne National Laboratory and Lawrence Livermore National Laboratory as part of a larger collaboration with the U.S. Department of Energy... Read more…

By Tiffany Trader

AWS Solution Channel

A Guide to Discovering the Best AWS Instances and Configurations for Your HPC Workload

The flexibility and heterogeneity of HPC cloud services provide a welcome contrast to the constraints of on-premises HPC. Every HPC configuration is potentially accessible to any given workload in a well-resourced cloud HPC deployment, with vast scalability to spin up as much compute as that workload demands in any given moment. Read more…

HPE Extreme Performance Solutions

Intel FPGAs: More Than Just an Accelerator Card

FPGA (Field Programmable Gate Array) acceleration cards are not new, as they’ve been commercially available since 1984. Typically, the emphasis around FPGAs has centered on the fact that they’re programmable accelerators, and that they can truly offer workload specific hardware acceleration solutions without requiring custom silicon. Read more…

IBM Accelerated Insights

Rumors of My Death Are Still Exaggerated: The Mainframe

[Connect with Spectrum users and learn new skills in the IBM Spectrum LSF User Community.]

As of 2017, 92 of the world’s top 100 banks used mainframes. Read more…

Better Scientific Software: Turn Your Passion into Cash

September 13, 2019

Do you know your way around scientific software and programming? You think you can contribute to the community by making scientific software better? If so, then the Better Scientific Software (BSSW) organization wants yo Read more…

By Dan Olds

When in Rome: AMD Announces New Epyc CPU for HPC, Server and Cloud Wins

September 18, 2019

Where else but Rome could AMD hold the official Europe launch party for its second generation of Epyc microprocessors, codenamed Rome. Today, AMD did just that Read more…

By John Russell

Cerebras to Supply DOE with Wafer-Scale AI Supercomputing Technology

September 17, 2019

Cerebras Systems, which debuted its wafer-scale AI silicon at Hot Chips last month, has entered into a multi-year partnership with Argonne National Laboratory and Lawrence Livermore National Laboratory as part of a larger collaboration with the U.S. Department of Energy... Read more…

By Tiffany Trader

IDAS: ‘Automagic’ HPC With Training Wheels

September 12, 2019

High-performance computing (HPC) for research is notorious for having steep barriers to entry. For this reason, high-tech disciplines were early adopters, have Read more…

By Elizabeth Leake

Univa Brings Cloud Automation to Slurm Users with Navops Launch 2.0

September 11, 2019

Univa, the company behind Grid Engine, announced today its HPC cloud-automation platform NavOps Launch will support the popular open-source workload scheduler Slurm. With the release of NavOps Launch 2.0, “Slurm users will have access to the same cloud automation capabilities... Read more…

By Tiffany Trader

When Dense Matrix Representations Beat Sparse

September 9, 2019

In our world filled with unintended consequences, it turns out that saving memory space to help deal with GPU limitations, knowing it introduces performance pen Read more…

By James Reinders

Eyes on the Prize: TACC’s Frontera Quickly Ramps up Science Agenda

September 9, 2019

Announced a year ago and officially launched a week ago, the Texas Advanced Computing Center’s Frontera – now the fastest academic supercomputer (~25 petefl Read more…

By John Russell

Quantum Roundup: IBM Goes to School, Delft Tackles Networking, Rigetti Updates

September 5, 2019

IBM today announced a new open source quantum ‘textbook’, a series of quantum education videos, and plans to expand its nascent quantum hackathon program. L Read more…

By John Russell

DARPA Looks to Propel Parallelism

September 4, 2019

As Moore’s law runs out of steam, new programming approaches are being pursued with the goal of greater hardware performance with less coding. The Defense Advanced Projects Research Agency is launching a new programming effort aimed at leveraging the benefits of massive distributed parallelism with less sweat. Read more…

By George Leopold

High Performance (Potato) Chips

May 5, 2006

In this article, we focus on how Procter & Gamble is using high performance computing to create some common, everyday supermarket products. Tom Lange, a 27-year veteran of the company, tells us how P&G models products, processes and production systems for the betterment of consumer package goods. Read more…

By Michael Feldman

Supercomputer-Powered AI Tackles a Key Fusion Energy Challenge

August 7, 2019

Fusion energy is the Holy Grail of the energy world: low-radioactivity, low-waste, zero-carbon, high-output nuclear power that can run on hydrogen or lithium. T Read more…

By Oliver Peckham

AMD Verifies Its Largest 7nm Chip Design in Ten Hours

June 5, 2019

AMD announced last week that its engineers had successfully executed the first physical verification of its largest 7nm chip design – in just ten hours. The AMD Radeon Instinct Vega20 – which boasts 13.2 billion transistors – was tested using a TSMC-certified Calibre nmDRC software platform from Mentor. Read more…

By Oliver Peckham

TSMC and Samsung Moving to 5nm; Whither Moore’s Law?

June 12, 2019

With reports that Taiwan Semiconductor Manufacturing Co. (TMSC) and Samsung are moving quickly to 5nm manufacturing, it’s a good time to again ponder whither goes the venerable Moore’s law. Shrinking feature size has of course been the primary hallmark of achieving Moore’s law... Read more…

By John Russell

DARPA Looks to Propel Parallelism

September 4, 2019

As Moore’s law runs out of steam, new programming approaches are being pursued with the goal of greater hardware performance with less coding. The Defense Advanced Projects Research Agency is launching a new programming effort aimed at leveraging the benefits of massive distributed parallelism with less sweat. Read more…

By George Leopold

Cray Wins NNSA-Livermore ‘El Capitan’ Exascale Contract

August 13, 2019

Cray has won the bid to build the first exascale supercomputer for the National Nuclear Security Administration (NNSA) and Lawrence Livermore National Laborator Read more…

By Tiffany Trader

AMD Launches Epyc Rome, First 7nm CPU

August 8, 2019

From a gala event at the Palace of Fine Arts in San Francisco yesterday (Aug. 7), AMD launched its second-generation Epyc Rome x86 chips, based on its 7nm proce Read more…

By Tiffany Trader

Nvidia Embraces Arm, Declares Intent to Accelerate All CPU Architectures

June 17, 2019

As the Top500 list was being announced at ISC in Frankfurt today with an upgraded petascale Arm supercomputer in the top third of the list, Nvidia announced its Read more…

By Tiffany Trader

Leading Solution Providers

ISC 2019 Virtual Booth Video Tour

CRAY
CRAY
DDN
DDN
DELL EMC
DELL EMC
GOOGLE
GOOGLE
ONE STOP SYSTEMS
ONE STOP SYSTEMS
PANASAS
PANASAS
VERNE GLOBAL
VERNE GLOBAL

Ayar Labs to Demo Photonics Chiplet in FPGA Package at Hot Chips

August 19, 2019

Silicon startup Ayar Labs continues to gain momentum with its DARPA-backed optical chiplet technology that puts advanced electronics and optics on the same chip Read more…

By Tiffany Trader

Top500 Purely Petaflops; US Maintains Performance Lead

June 17, 2019

With the kick-off of the International Supercomputing Conference (ISC) in Frankfurt this morning, the 53rd Top500 list made its debut, and this one's for petafl Read more…

By Tiffany Trader

A Behind-the-Scenes Look at the Hardware That Powered the Black Hole Image

June 24, 2019

Two months ago, the first-ever image of a black hole took the internet by storm. A team of scientists took years to produce and verify the striking image – an Read more…

By Oliver Peckham

Cray – and the Cray Brand – to Be Positioned at Tip of HPE’s HPC Spear

May 22, 2019

More so than with most acquisitions of this kind, HPE’s purchase of Cray for $1.3 billion, announced last week, seems to have elements of that overused, often Read more…

By Doug Black and Tiffany Trader

Chinese Company Sugon Placed on US ‘Entity List’ After Strong Showing at International Supercomputing Conference

June 26, 2019

After more than a decade of advancing its supercomputing prowess, operating the world’s most powerful supercomputer from June 2013 to June 2018, China is keep Read more…

By Tiffany Trader

Qualcomm Invests in RISC-V Startup SiFive

June 7, 2019

Investors are zeroing in on the open standard RISC-V instruction set architecture and the processor intellectual property being developed by a batch of high-flying chip startups. Last fall, Esperanto Technologies announced a $58 million funding round. Read more…

By George Leopold

Intel Confirms Retreat on Omni-Path

August 1, 2019

Intel Corp.’s plans to make a big splash in the network fabric market for linking HPC and other workloads has apparently belly-flopped. The chipmaker confirmed to us the outlines of an earlier report by the website CRN that it has jettisoned plans for a second-generation version of its Omni-Path interconnect... Read more…

By Staff report

Intel Debuts Pohoiki Beach, Its 8M Neuron Neuromorphic Development System

July 17, 2019

Neuromorphic computing has received less fanfare of late than quantum computing whose mystery has captured public attention and which seems to have generated mo Read more…

By John Russell

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This