Trusted CI Celebrates Five Years of Trustworthy Science

By Von Welch, Indiana University

May 1, 2018

Editor’s note: In this contributed piece, Von Welch, director and PI of Trusted CI and the director of Indiana University’s Center for Applied Cybersecurity Research (CACR) fields questions about the initiative, providing a high-level look at the mission of Trusted CI, which is in its sixth year of service assisting the NSF goal of creating high-quality, trusted cyberinfrastructure that supports high-quality, trusted science.

Before Trusted CI, much of the NSF community assumed cybersecurity was a barrier to the mission of science. Scientists are used to managing risks to their research – bias, data corruption, instrument failure, etc. – but the connection between computer attacks and these risks was ambiguous. Trusted CI’s flexible approach balances baseline practices with risk management and emphasizes the mission of scientific research. Science and security are not mutually exclusive, and this perspective helps the community move project practices from avoiding cybersecurity to embracing it. As the NSF Cybersecurity Center of Excellence, Trusted CI continues to develop the understanding of how cybersecurity can be a supportive, enabling tool for productive, trustworthy research.

What is Trusted CI? What sets it apart from other cybersecurity initiatives?

Trusted CI – originally known as the Center for Trustworthy Scientific Cyberinfrastructure (CTSC) – has now been around for a little over 5 years. It was established with a $4.297 million grant from the National Science Foundation (NSF) to help build community around producing trustworthy computational science. The NSF funds over $7 billion dollars of research every year, spread over 11,000 different projects. Making sure that all this scientific research is happening in a manner that is secure and trustworthy, which are the foundations to reproducible science, is a key concern.

But it’s easy to come down and do really onerous, heavyweight cybersecurity – to lock down the computers so much that they’re secure and absolutely no science is getting done. Trusted CI originally started working with individual science projects and building a community – hosting an annual conference, inviting people to come together, giving talks, and raising awareness. Then we started to produce cybersecurity practices that would manage risks to science but with enough flexibility that different projects (everything from neutrino sensors under the ice to telescopes on top of mountains) could adapt them while maintaining science productivity.

Audience members at the Understanding Risk in Shared CyberEcosystems workshop at SC17 in Denver, Colorado. Trusted CI provided an introduction to open source materials and guidance on fostering leadership and government buy-in for investing in cybersecurity for higher education.

Why don’t off-the-shelf enterprise IT solutions work in this situation?

Most of enterprise IT tends to be desktop machines or server machines in a typical office environment with typical office applications. But if you take the checklist that works for that and start applying it to the computer that runs a telescope or the computers sharing the data that’s coming out of CERN …Those types of huge data flows and large-scale collaborations would be one of the first things that break when you start talking about standard firewall (security) setups.

How does good cybersecurity boost science?

Our real concerns are: 1) If someone calls scientists onto the carpet and says ‘Hey your data has been tampered with,’ you want to be able to come back with “No, I don’t believe that’s true, and here are all the steps we take to make sure it hasn’t.” Imagine somebody calling a climate scientist and saying this data is all nonsense, making claims like “We hacked into that ten years ago and we’ve been manipulating your data for the last 10 years.” Now you’re left disproving a negative. If you don’t have a program like this in place, then you’re just in the muck of finger pointing.

The other thing we want to do is prevent a perceived vacuum in cybersecurity from spurring a really onerous program. You see some of this right now in Congress. They’re concerned about theft of intellectual property in the pre-patent stage or in an early research stage that might become classified down the road. And they may come in and impose one of these more onerous, heavyweight structured cybersecurity programs on the NSF scientific community, and say, ‘We don’t care if you’re doing genomics or physics or chemistry, you’re all going to take a one-size-fits-all cybersecurity program.’ It would just kill productivity.

These are the two things you’re always trying to balance – the risks versus your mission. Without understanding how the risks and mission relate, it’s easy to overemphasize risk eradication. You’ve got to balance safety with the productivity of the science mission. We want to make sure the community has a solid program in place, so someone doesn’t get fearful and come in and try to force something upon them.

Why is trust important?

So much of science is collaborative these days. The physics communities studying gravity waves and new particles are leaders in this. I forget how many hundred plus institutions are involved in the LHC. These institutions need to collaborate; they’re giving each other access to each other’s computers. Having these baseline cybersecurity programs in place means you can look at each other and go, okay, I don’t know all the ins and outs of your university. But I know you’re at least putting some baseline practices in place, and I can have some good marginal trust. We go a long way in establishing collaboration around that.

What can a potential Trusted CI collaborator expect?

The first thing we tell folks is we’re always open for brief consultations. If you’ve got a question or you just want to spend an hour on the phone with a cybersecurity expert, then drop us an email. A lot of effective work happens that way. People often need a quick sanity check or to know what’s normal.

Others come to us with a hairier issue or an existing program where they want somebody to come through and tell them if they’ve missed anything. That’s what we would call an engagement. We get more of those requests than we have time for, unfortunately – so we evaluate them based on the skills we think they’re going to take, the science they’re going to do, how ready they really are to work with us. Every six months we pick the ones we’re going to work with, and then we have a team that goes and works with them.

We really say, if it’s related to cybersecurity we’ll take it on. We’ve done everything from working with a group in the city of Chicago on privacy issues around their sensors (Array of Things), to a software group trying to figure out how to run this particular weird scenario on clusters that don’t run a grid software stack so we have no way of doing delegation. We worked with them to come up with the best answer that balances risk and productivity.

How does a longer Trusted CI engagement unfold?

We’ll spend about six months working with them. We expect them to be collaborative. Usually we’re spending a fair amount of the time in the beginning saying describe your problem to us – What are your use cases? Walk us through what you’re trying to do. Who are your stakeholders? Who has to be satisfied with this answer? We’ll go talk to different people in the organization. We’ll make calls. Then we sit down and perform analysis, and we’ll come up with our report.

This is not a situation where they throw a security problem over the wall to us, we fix it and deliver it to them on a silver platter. At the end of that six months, the solution needs to be sustainable. They’re going to have to take whatever we’ve given them and maintain it. What we’re really trying to do is teach everybody to fish.

What resources do you provide for the larger NSF community?

We have a couple sets of guidelines out there right now. Our most used is what we call our Cybersecurity Practice Guidelines – we just call it the Guide internally. The cybersecurity community uses a lot of scare tactics. One of the things we found working with projects early on was communities out there were already nervous about cybersecurity and what could be going wrong. They just didn’t know what to do about it.

The Guide walks you through the basic process of starting a cybersecurity program – little things like you need to designate somebody as the person responsible, and they’re going to need a budget to hire some people to give some guidance. If you have an IT budget, you’re probably looking at 5 percent of that to start with.

What are the basics of starting a cybersecurity program?

Some people just pick up the Guide and start working, in which case we’re happy to have a couple phone calls and walk through it. But mostly we’ve empowered them to do that on their own. The first thing they’re going to do is create a master information policy, which lists everything they have: What’s the acceptable use? What can you use our infrastructure for? Can you use our computers to mine bitcoin? Then, What are our key risks? Just figuring out really basic questions and walking them through things.

Then we get them to the point of “Now we’ve got the basics done, what do we do about this computer on a telescope over here? We’re constantly told we have to keep its patches up to date.” Well, it’s running a version of Solaris that’s now ten years old that hasn’t had a patch put out for, you know, nine years. So how are we supposed to keep this thing secure? We can’t change it because that’s the only computer that can run this telescope. They’re in these situations that you can’t just yell at them for – so it’s a process of walking them through developing a program, documenting how you keep things up to date and what’s the process.

Von Welch

Once a year you have to revisit this. The Guide basically provides them with a series of templates, so you can take somebody who knows the project relatively well but is not a cybersecurity expert and walk them through the process. Really what we are doing is building up cybersecurity expertise in the community through our guides. It becomes kind of a training program in the form of a set of templates and documented how-tos.

 

For more on Trusted CI, visit trustedci.org.

Von Welch is director and PI of Trusted CI, as well as the director of Indiana University’s Center for Applied Cybersecurity Research (CACR).

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

What’s New in HPC Research: Quantum Clouds, Interatomic Models, Genetic Algorithms & More

February 14, 2020

In this bimonthly feature, HPCwire highlights newly published research in the high-performance computing community and related domains. From parallel programming to exascale to quantum computing, the details are here. Read more…

By Oliver Peckham

The Massive GPU Cloudburst Experiment Plays a Smaller, More Productive Encore

February 13, 2020

In November, researchers at the San Diego Supercomputer Center (SDSC) and the IceCube Particle Astrophysics Center (WIPAC) set out to break the internet – or at least, pull off the cloud HPC equivalent. As part of thei Read more…

By Oliver Peckham

ORNL Team Develops AI-based Cancer Text Mining Tool on Summit

February 13, 2020

A group of Oak Ridge National Laboratory researchers working on the Summit supercomputer has developed a new neural network tool for fast extraction of information from cancer pathology reports to speed research and clin Read more…

By John Russell

Nature Serves up Another Challenge to Quantum Computing?

February 13, 2020

Just when you thought it was safe to assume quantum computing – though distant – would eventually succumb to clever technology, another potentially confounding factor pops up. It’s the Heisenberg Limit (HL), close Read more…

By John Russell

Researchers Enlist Three Supercomputers to Apply Deep Learning to Extreme Weather

February 12, 2020

When it comes to extreme weather, an errant forecast can have serious effects. While advance warning can give people time to prepare for the weather as it did with the polar vortex last year, the absence of accurate adva Read more…

By Oliver Peckham

AWS Solution Channel

Challenging the barriers to High Performance Computing in the Cloud

Cloud computing helps democratize High Performance Computing by placing powerful computational capabilities in the hands of more researchers, engineers, and organizations who may lack access to sufficient on-premises infrastructure. Read more…

IBM Accelerated Insights

Intelligent HPC – Keeping Hard Work at Bay(es)

Since the dawn of time, humans have looked for ways to make their lives easier. Over the centuries human ingenuity has given us inventions such as the wheel and simple machines – which help greatly with tasks that would otherwise be extremely laborious. Read more…

Eni to Retake Industry HPC Crown with Launch of HPC5

February 12, 2020

With the launch of its Dell-built HPC5 system, Italian energy company Eni regains its position atop the industrial supercomputing leaderboard. At 52-petaflops peak, HPC5 should easily crack the top ten fold of the next T Read more…

By Tiffany Trader

The Massive GPU Cloudburst Experiment Plays a Smaller, More Productive Encore

February 13, 2020

In November, researchers at the San Diego Supercomputer Center (SDSC) and the IceCube Particle Astrophysics Center (WIPAC) set out to break the internet – or Read more…

By Oliver Peckham

Eni to Retake Industry HPC Crown with Launch of HPC5

February 12, 2020

With the launch of its Dell-built HPC5 system, Italian energy company Eni regains its position atop the industrial supercomputing leaderboard. At 52-petaflops p Read more…

By Tiffany Trader

Trump Budget Proposal Again Slashes Science Spending

February 11, 2020

President Donald Trump’s FY2021 U.S. Budget, submitted to Congress this week, again slashes science spending. It’s a $4.8 trillion statement of priorities, Read more…

By John Russell

Policy: Republicans Eye Bigger Science Budgets; NSF Celebrates 70th, Names Idea Machine Winners

February 5, 2020

It’s a busy week for science policy. Yesterday, the National Science Foundation announced winners of its 2026 Idea Machine contest seeking directions for futu Read more…

By John Russell

Fujitsu A64FX Supercomputer to Be Deployed at Nagoya University This Summer

February 3, 2020

Japanese tech giant Fujitsu announced today that it will supply Nagoya University Information Technology Center with the first commercial supercomputer powered Read more…

By Tiffany Trader

Intel Stopping Nervana Development to Focus on Habana AI Chips

February 3, 2020

Just two months after acquiring Israeli AI chip start-up Habana Labs for $2 billion, Intel is stopping development of its existing Nervana neural network proces Read more…

By John Russell

Lise Supercomputer, Part of HLRN-IV, Begins Operations

January 29, 2020

The second phase of the build-out of HLRN-IV – the planned 16 peak-petaflops supercomputer serving the North-German Supercomputing Alliance (HLRN) – is unde Read more…

By Staff report

IBM Debuts IC922 Power Server for AI Inferencing and Data Management

January 28, 2020

IBM today launched a Power9-based inference server – the IC922 – that features up to six Nvidia T4 GPUs, PCIe Gen 4 and OpenCAPI connectivity, and can accom Read more…

By John Russell

Julia Programming’s Dramatic Rise in HPC and Elsewhere

January 14, 2020

Back in 2012 a paper by four computer scientists including Alan Edelman of MIT introduced Julia, A Fast Dynamic Language for Technical Computing. At the time, t Read more…

By John Russell

Cray, Fujitsu Both Bringing Fujitsu A64FX-based Supercomputers to Market in 2020

November 12, 2019

The number of top-tier HPC systems makers has shrunk due to a steady march of M&A activity, but there is increased diversity and choice of processing compon Read more…

By Tiffany Trader

SC19: IBM Changes Its HPC-AI Game Plan

November 25, 2019

It’s probably fair to say IBM is known for big bets. Summit supercomputer – a big win. Red Hat acquisition – looking like a big win. OpenPOWER and Power processors – jury’s out? At SC19, long-time IBMer Dave Turek sketched out a different kind of bet for Big Blue – a small ball strategy, if you’ll forgive the baseball analogy... Read more…

By John Russell

Intel Debuts New GPU – Ponte Vecchio – and Outlines Aspirations for oneAPI

November 17, 2019

Intel today revealed a few more details about its forthcoming Xe line of GPUs – the top SKU is named Ponte Vecchio and will be used in Aurora, the first plann Read more…

By John Russell

Dell Ramps Up HPC Testing of AMD Rome Processors

October 21, 2019

Dell Technologies is wading deeper into the AMD-based systems market with a growing evaluation program for the latest Epyc (Rome) microprocessors from AMD. In a Read more…

By John Russell

IBM Unveils Latest Achievements in AI Hardware

December 13, 2019

“The increased capabilities of contemporary AI models provide unprecedented recognition accuracy, but often at the expense of larger computational and energet Read more…

By Oliver Peckham

SC19: Welcome to Denver

November 17, 2019

A significant swath of the HPC community has come to Denver for SC19, which began today (Sunday) with a rich technical program. As is customary, the ribbon cutt Read more…

By Tiffany Trader

D-Wave’s Path to 5000 Qubits; Google’s Quantum Supremacy Claim

September 24, 2019

On the heels of IBM’s quantum news last week come two more quantum items. D-Wave Systems today announced the name of its forthcoming 5000-qubit system, Advantage (yes the name choice isn’t serendipity), at its user conference being held this week in Newport, RI. Read more…

By John Russell

Leading Solution Providers

SC 2019 Virtual Booth Video Tour

AMD
AMD
ASROCK RACK
ASROCK RACK
AWS
AWS
CEJN
CJEN
CRAY
CRAY
DDN
DDN
DELL EMC
DELL EMC
IBM
IBM
MELLANOX
MELLANOX
ONE STOP SYSTEMS
ONE STOP SYSTEMS
PANASAS
PANASAS
SIX NINES IT
SIX NINES IT
VERNE GLOBAL
VERNE GLOBAL
WEKAIO
WEKAIO

Jensen Huang’s SC19 – Fast Cars, a Strong Arm, and Aiming for the Cloud(s)

November 20, 2019

We’ve come to expect Nvidia CEO Jensen Huang’s annual SC keynote to contain stunning graphics and lively bravado (with plenty of examples) in support of GPU Read more…

By John Russell

51,000 Cloud GPUs Converge to Power Neutrino Discovery at the South Pole

November 22, 2019

At the dead center of the South Pole, thousands of sensors spanning a cubic kilometer are buried thousands of meters beneath the ice. The sensors are part of Ic Read more…

By Oliver Peckham

Fujitsu A64FX Supercomputer to Be Deployed at Nagoya University This Summer

February 3, 2020

Japanese tech giant Fujitsu announced today that it will supply Nagoya University Information Technology Center with the first commercial supercomputer powered Read more…

By Tiffany Trader

Top500: US Maintains Performance Lead; Arm Tops Green500

November 18, 2019

The 54th Top500, revealed today at SC19, is a familiar list: the U.S. Summit (ORNL) and Sierra (LLNL) machines, offering 148.6 and 94.6 petaflops respectively, Read more…

By Tiffany Trader

Azure Cloud First with AMD Epyc Rome Processors

November 6, 2019

At Ignite 2019 this week, Microsoft's Azure cloud team and AMD announced an expansion of their partnership that began in 2017 when Azure debuted Epyc-backed instances for storage workloads. The fourth-generation Azure D-series and E-series virtual machines previewed at the Rome launch in August are now generally available. Read more…

By Tiffany Trader

Intel’s New Hyderabad Design Center Targets Exascale Era Technologies

December 3, 2019

Intel's Raja Koduri was in India this week to help launch a new 300,000 square foot design and engineering center in Hyderabad, which will focus on advanced com Read more…

By Tiffany Trader

Using AI to Solve One of the Most Prevailing Problems in CFD

October 17, 2019

How can artificial intelligence (AI) and high-performance computing (HPC) solve mesh generation, one of the most commonly referenced problems in computational engineering? A new study has set out to answer this question and create an industry-first AI-mesh application... Read more…

By James Sharpe

In Memoriam: Steve Tuecke, Globus Co-founder

November 4, 2019

HPCwire is deeply saddened to report that Steve Tuecke, longtime scientist at Argonne National Lab and University of Chicago, has passed away at age 52. Tuecke Read more…

By Tiffany Trader

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This