2022 NSF Cybersecurity Summit

Conference program

PLENARY DAY 1
Wednesday, October 19, 2022

All times listed in Eastern Daylight Time (EDT). Sessions will be livestreamed. Program is subject to change.

Abstracts

Cybersecurity: New Issues, Old problems

Cybersecurity seems like an ever-changing problem. Hot topics appear all the time - supply chain security, cloud security, blockchain, quantum cryptography, nation-state attacks, to name a few. From the perspective of the security practitioner, the cybersecurity environment is becoming more changeable and less predictable.

How can security practitioners frame these challenges so that they can be managed? How can cybersecurity practitioners and researchers partner to address these concerns?

Observations on the Security of Operational Technology in Scientific Research

This talk aims to communicate the initial findings and recommendations derived from the 2022 Trusted CI Annual Challenge on the Security of Operational Technology in Scientific Research.

Operational technology (OT) refers to networked systems connected to computing systems on one side and to either controls or sensors of physical systems on the other side. Networked sensors and control systems are increasingly important in the context of science as they are critical in operating scientific instruments like telescopes, biological and chemical reactors, and even vehicles used in scientific discovery.

This year’s Annual Challenge is a year-long project with the goal to understand and improve the security of the specialized operational technology used in scientific research. To accomplish this, in the first half of the year, we had conversations with personnel involved with IT security and OT operations at a variety of NSF Major Facilities. In the second half of the year, we plan to leverage this insight to develop a multi-year roadmap of solutions to advance the security of scientific operational technology. This presentation will discuss the observations and findings from our conversations with NSF Major Facilities, and preliminary elements of the roadmap we are developing and planning for release at the end of 2022.

Cybersecurity in a Large NSF Research Facility (One Institution’s Approach)

Our plenary presentation will introduce and discuss some of the essential differences between IT (Information Technology) and RT (Research Technology) and why it is important to recognize the unique requirements and constraints associated with these technology domains when developing plans for enhancing cybersecurity capabilities in a large research facility. Lessons learned related to FSU’s & NHMFL’s shared approach for establishing a multidisciplinary team that can guide and implement needed cybersecurity, while not novel, will be covered over the course of our discussion. We will contrast the Trusted CI, NIST, and NERC frameworks, briefly examine our layered architecture approach, and introduce these components as catalysts for improving cybersecurity awareness and managing the cybersecurity challenges facing FSU and the Lab in the 2020s. We also will discuss the need to design and implement cybersecurity controls rooted in pragmatic decisions to avoid hindering vital research activities and to enable safe FAIR (Findability, Accessibility, Interoperability, and Reusability) data management practices. Critical success factors we will address include obtaining resources required to implement and maintain needed capabilities, interdisciplinary and diverse skill sets, phased implementation, and shared understanding and allocation of NHMFL and FSU responsibilities. The format is planned to be interactive with our panel and allow time for question and answer.