A Science DMZ in Every Pot?

Slides:

Advertisements

Similar presentations

Tom Sheridan IT Director Gas Technology Institute (GTI)

Advertisements

BERAC Charge A recognized strength of the Office of Science, and BER is no exception, is the development of tools and technologies that enable science.

SERC Security Systems Engineering Initiative Dr. Clifford Neuman, Director USC Center for Computer Systems Security Information Sciences Institute University.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Von Welch (PI) Susan Sons (HUBzero Engagement Lead) Hubbub September 2014 trustedci.org Cybersecurity for Cyberinfrastructure… and Science!

July 18, 2012 Campus Bridging Security Challenges from “Panel: Security for Science Gateways and Campus Bridging”

Gene Wilhoit, Executive Director Center for Innovation in Education Kentucky Education Professional Standards Board Retreat July 21, 2014.

High-throughput Sequencer Dec 2011 – 758 sequencers Apr 2012 – 823 sequencers Biomedical Research 1 – © 2012 Internet2 Source: Dec.

Faculty Senate Meeting President’s Report September 16, 2010 President’s Report.

Cyberinfrastructure: An investment worth making Joe Breen University of Utah Center for High Performance Computing.

LOW STAKES INTERACTIONS CATALYZE HIGH IMPACT STEM EDUCATION PROGRAMS Kathryn Trenshaw Brown University November 7 th, 2014.

NSF Cybersecurity Funding Opportunities Anita Nikolich National Science Foundation Program Director, Advanced Cyberinfrastructure September 2015.

Cybersecurity Challenges and Opportunities Anita Nikolich Program Director, Advanced Cyberinfrastructure October 2015.

Copyright © 2014 Juniper Networks, Inc. 1 Juniper Unite Cloud-Enabled Enterprise Juniper’s Innovation in Enterprise Networks.

1 Supplemental line if need be (example: Supported by the National Science Foundation) Delete if not needed. XDMoD Financial Analytics Craig Stewart ORCID.

Data NIH Philip E. Bourne, PhD Associate Director for Data Science National Institutes of Health Big Data Symposium, Lincoln,

New Specialization Training Requirement Available Now: Selling Business Outcomes v

Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER

D-Link Wireless AP with NAP 802.1x solution

IT: Be the Change and Culture You Want IT to Be

Beyond Financial Aid (BFA) – Lumina Foundation Funded Research

Securing the Science DMZ and Research

Peer 2 Peer & Client Server

Pennsylvania BY THE NUMBERS Pennsylvania in FY 2016

B300 TUTORIAL WEEK FOUR 1.

Rethinking Institution Security Approach

Developing Life-long Readers

Exploring How to Communicate Science More Broadly and Increase Your Impact: Gears Professional Development Workshops For Early Career Scientists C. Ferraro1,

Matt Link Associate Vice President (Acting) Director, Systems

Innovative Solutions from Internet2

V6.2 Draft uWaterloo IT Community Together, we Enable

Gravitational Waves from the Ground Up

What the Heck is Next Generation Enterprise IT?

Digital library for Earth System Education Teaching Boxes

(c) 2011 MarylandOnline, Inc.

Change is Hard! Incorporating Values to Keep Staff Motivated

Development and Maintenance of CMS ElogBook

National Coalition Building Institute Information Session

E2E Testing in Agile – A Necessary Evil

Maximize the value of your cloud

Change Agents Why your Transformational IT Initiative Will Fail Without Them Terri Campbell Sr. Director of Change Leadership.

Institute for Cyber Security (ICS) & Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director Professor of.

UTSA's New Center Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director of ICS and C-SPECC Professor.

Sociology and Climate Change

The City College MESA Program

Consulting Services for IoT

Institute for Cyber Security: Research Vision

Attribute-Based Access Control: Insights and Challenges

Promoting European Excellence Rooted in Regions and Cities: Territorial Connections Anna Lisa Boni Secretary General EUROCITIES @EUROCITIEStweet.

IS4550 Security Policies and Implementation

The case for cloud Bill La Ruffa | Sr. Sales Enablement Specialist.

PRPv1 Discussion topics

Institute for Cyber Security: Research Vision

We want to critique current practices to remain relevant, challenge our campus to engage in understanding their first amendment rights, and champion.

UTSA Cyber Security Ecosystem

Attribute-Based Access Control: Insights and Challenges

Services, Security, and Privacy in Cloud Computing

TUTORIAL ON CROSS-CURRICULAR TEACHING

Moving toward Enterprise Learning Analytics at NC State

the title of the presentation to go here

Cyber Security Trends and Challenges

Building a Great Campus Civic Action Plan

Induction Training Design

NTU Presentation Jason Arviso, Director of Information Technology

NTU Presentation Jason Arviso, Director of Information Technology

Enabling CISE Research and Education in the Cloud

PolarGrid and FutureGrid

Cyber Security R&D: A Personal Perspective

Introduction to Research Facilitation

Inquiry learning Does IBL work?

Presentation transcript:

A Science DMZ in Every Pot? Von Welch, Director Center for Applied Cybersecurity Research Pervasive Technology Institute A Science DMZ in Every Pot? National Research Platform Workshop August 8th, 2017 INDIANA UNIVERSITY

SECTION TITLE GOES HERE IF NECESSARY Who am I? Director, IU Center for Applied Cybersecurity Research cacr.iu.edu Director, NSF Cybersecurity Center of Excellence trustedci.org I work with a lot a lot of science projects on cybersecurity challenges and think a lot about how cybersecurity and science interact. I engage with scientists, science facilitators, and infosec folks to enable science.

SECTION TITLE GOES HERE IF NECESSARY My Main Points Networks to support science on campuses well exists: Science DMZs Scaling is blocked by social problems.

What would it take, from an information security perspective, to have networks suitable for science on every campus?

Science DMZs: Networks for Science Typical enterprise network is lots of small flows. Typical science network is a few large flows. Science DMZs optimize for the latter. http://www.es.net/assets/pubs_presos/sc13sciDMZ-final.pdf

https://academic.oup.com/jamia/article/23/6/1199/2399316/The-Medical-Science-DMZ#

So, What’s the Problem?

The use of dedicated systems for data transfer “A Science DMZ integrates four key concepts into a unified whole that together serve as a foundation for this model. These include: A network architecture explicitly designed for high-performance applications, where the science network is distinct from the general- purpose network The use of dedicated systems for data transfer Performance measurement and network testing systems that are regularly used to characterize the network and are available for troubleshooting Security policies and enforcement mechanisms that are tailored for high performance science environments” https://fasterdata.es.net/science-dmz/

The Research Computing Facilitator says… “Science DMZs are great! They optimize the network for large science flows, removing the friction, and make data movement fast!”

The Information Security Officer hears… “We get rid of the firewall and…” https://www.linkedin.com/pulse/how-speak-call-center-la-charlie-browns-teacher-hans-fleischer

So, What’s the Solution? https://commons.wikimedia.org/wiki/File:RosettaStone.png

We need to shift the conversation Cybersecurity is too often ONLY about the technology or compliance. This makes it rigid and inflexible.

Shifted conversation The goal of cybersecurity is to support a mission by managing risks to IT. Research and Science is part of mission in the same way things in Enterprise are part of mission.

Cast in this light… An enterprise network with cybersecurity to support the enterprise applications, services, data, network flows, etc. and… A science network with cybersecurity to support science applications, services, data, network flows, etc. makes sense.

To Scale we need the right people to say it This is hard, most CIOs and CISOs learn enterprise first. “Social Peer-to-peer” is the most effective social mechanism to foster acceptance. Need to identify the infosec early adopters (who may already have adopted) and get early success stories out from them to their peers.

cacr.iu.edu / trustedci.org Thank you. Von Welch vwelch@iu.edu cacr.iu.edu / trustedci.org We thank the National Science Foundation (grant 1547272) for supporting our work.