Internet2 Community Voices Series: Supporting Research Organizations, NSF Major Facilities with Operational Security Resources
By Susan Sons, chief security analyst at Indiana University's Center for Applied Cybersecurity Research; deputy director of the Research Security Operations Center (ResearchSOC); and supporting Trusted CI The NSF Cybersecurity Center of Excellence
Register for Open Science Operational Security in Action: ResearchSOC Deployment at NSF Facilities event to be held Thursday, June 17 at 1 p.m. ET.
When we work with scientific organizations on cybersecurity, we find that security operations are a heavy lift for them. One challenge is financial: it is difficult for Major Facilities to reallocate funds after a grant is funded, yet those grants tend to be long-running, with funding cycles between three and five years.
So often, overlooking cybersecurity when grants are written—including on older grants awarded when cybersecurity practices were not the norm—leads to a long-term funding challenge. Additionally, these facilities tend to be extremely cost-sensitive around anything which may be seen as overhead rather than science.
Science facilities are also likely to be trying to retrofit security onto an insecure network architecture and a collection of insecure technologies. Many facilities have decades-old infrastructure, built before the security concerns of today. These scientific instruments and supporting tools are essential to the scientific mission, but difficult to protect.
Meanwhile, today, it is custom not to fund security efforts until after a facility has passed from the construction phase into the operations phase. Thus, the architectural choices that could have made security less expensive and more effective weren’t seen and made while the technologies were being chosen and assembled.
Finally, there is a capacity challenge within NSF facilities: they are all large enough, vital enough, and complex enough to demand mature cybersecurity programs. However, not every large facility has the funds or the access to talent to hire in every expertise and pair of hands needed to make that happen.
One approach to these challenges that has proven fruitful is the combination of talent inside the facility with services that span multiple facilities. Under a grant from the National Science Foundation, we built the ResearchSOC, the Research Security Operations Center, to build exactly those services which Major Facilities and other organizations need to right-size their security programs while managing costs.
ResearchSOC lightens the load on facility staff by providing a 24/7/365 eyes-on-glass security operations center, vulnerability scanning, honeypots, threat intelligence, and interpretation in a service tuned to the needs of research organizations. Ensuring that monitoring and alerting, threat intelligence, vulnerability awareness, and other key detection services are in place is a key step toward a mature cybersecurity program.
In many cases, staffing challenges extend to the question of standing up a security team. Hiring qualified cybersecurity personnel can be difficult in today’s competitive talent market. In addition to the salary differential, research facilities face the question of professional development. Such facilities don’t usually have a large enough cybersecurity operation to supply opportunities to advancement for all cybersecurity personnel.
Additionally, while a research facility’s team may need four or five specialties, such as software security, forensics, network security, monitoring and threat hunting, policy, etc., most facilities cannot afford 5+ full time employees to staff those positions. In other cases, the facility can bring in staff who are either cybersecurity specialists who don’t understand the science context, or scientific cyberinfrastructure specialists needing to grow into a security role.
For both types of challenges—lacking cybersecurity staff or needing to bring in-house staff up to speed rapidly—ResearchSOC makes their experienced cybersecurity staff available to meet the need. Facilities can bring in a fractional CISO and/or security team from ResearchSOC to handle operations, or opt for an expert advisor who will coach in-house staff and leadership.
ResearchSOC attracts and develops highly qualified cybersecurity talent because we have a career path for them, the support of peers and more senior security personnel. An analyst growing out of her role on one project might become a team lead on another project. ResearchSOC provides the support for her professional development along the way.
I hope you will join me and my colleague, CJ Kloote, security platform engineering team lead and chief information security officer of the OmniSOC at Indiana University, on Thursday, June 17 at 1 p.m. ET. We will discuss lessons learned and more from our first year operating a suite of operational security resources serving the needs of NSF science. We’re excited to share with you the journey that ResearchSOC clients have undertaken to improve their cybersecurity, enhancing both operations and confidence in research data integrity.
The Internet2 Community Voices Series provides the opportunity to hear from experts, learn from their research, and connect with the community each month beginning in May 2021. Each talk is a stand-alone event, with a registration to access the live talk and the post-event recording and supporting materials.