Internet2 Resources for Your Campus Cybersecurity Culture
Celebrated every October, National Cyber Security Awareness Month (NCSAM) was created as a collaborative effort between government and industry to ensure that everyone has the resources they need to stay safer and more secure online. Research and education rely on trusted, community-developed security and identity solutions to safely connect and collaborate. To this end, Internet2 is championing NCSAM along with EDUCAUSE and hundreds of other nonprofit organizations, companies, schools and school districts, colleges, and universities.
The higher education information security community, who foster security through activities on their campuses, have shared many resources on best practices for supporting NCSAM. Adding to this list, Internet2 offers many activities and resources community members may participate in or use to create a campus culture of cybersecurity and privacy.
In September, we had an energetic Technology Exchange with a track dedicated to information security, as well as many presentations in the network, research, and trust and identity tracks covering information security topics. Presentations can be found in the online program.
The Internet2 Global Summit 2017 call for participation is open and is soliciting information security and privacy-related sessions.
Internet2 also collaborates with Educause and the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC), and we’ve recently posted a blog reporting on the last quarters' activities with these organizations: Security Musketeers: Summer Edition.
Securing the Internet2 Network
Network Services has an open Call for Proposals for new infrastructure planning—including security and privacy requirements. A Distributed Denial of Service (DDoS) Mitigation Strategy proposal was also published, summarizing the best options for mitigating DDoS attacks.
Trust and Identity Updates
In Trust and Identity, InCommon has begun a pilot program in support of the REFEDS Sirtfi federated security incident handling framework. Information on the pilot program is available. Sirtfi is a global incident handling framework for research and education federations to enable the secure exchange of security event information by their participants. Current partners in the InCommon pilot include The University of Chicago, The Ohio State University, the LIGO Scientific Collaboration and the National Center for Supercomputing Applications.
More updates from the Trust and Identity area can be found in the October update and the most recent TIER update. The former included an update on how the InCommon Assurance Advisory Committee (AAC) has finalized "Baseline Expectations for Trust in Federation," documenting expectations for identity providers, service providers, and the federation operator. There is also a TIER Security and Audit Working Group charged with providing ongoing recommendations, oversight, and support of the TIER project through identification and review of security and audit standards and best practices for the TIER application suite, as well as the delivery of TIER as a software-as-a-service (SaaS) offering for higher education customers.
Collaborative Innovation Community and Chief Innovation Office Activities
In August, the National Science Foundation (NSF) awarded Internet2 a two-year grant for Cybersecurity Transition to Practice Acceleration EAGER. The grant calls for Internet2 to help enable deployment of NSF-funded cybersecurity later-stage research into applied research environments by playing a matchmaking role between member institution researchers and potential users.
During the 2016 Technology Exchange, the Collaborative Innovation Community presented on a wide range of security-related topics like Smart Campus and IoT, End-to-End Trust and Security for IoT and Trust, Identity, Privacy, Protection, Safety & Security (TIPPSS). If you were unable to attend TechEx, presentations are posted on the 2016 Internet2 Technology Exchange website. Collaborative Innovation Community presentations are also posted on the Chief Innovation Office wiki. Email firstname.lastname@example.org if you have any questions or want to learn more.
In the Internet2 NET+ initiative, campus information security and privacy requirements for cloud services are a core element of the program. A webinar entitled, Managing Campus Cloud Risk—Key Security & Identity Strategies, was held this summer focusing on how information security and privacy is handled in the NET+ program. Four universities spoke about the impact on their own campuses.
An upcoming webinar, Driving Efficiencies & Focusing Resources with DocuSign Digital Transaction Management, will discuss how DocuSign complies with rigorous security and accessibility standards, federated identity integrations, and has tailored terms for quick deployment across higher education. NET+ and Network Services are collaborating on DDoS mitigation service providers and are looking for community input, sponsorship, and campuses to participate in service validation. Please contact Nick Lewis if you would like to participate.
Security is at the very core of the Internet2 community’s ability to collaborate, define, test, and deploy advanced technologies that advance scholarship and science. Reflect on ways your own institution is enhancing security by tweeting @Internet2 and #NCSAM and sharing how you participated in NCSAM.