National Cybersecurity Awareness Month Provides R&E Community Opportunity to Collaborate, Share Resources
National Cybersecurity Awareness Month (NCSAM) is in full swing! Campuses are promoting cybersecurity and Internet2 is championing cybersecurity in the research and education community.
Cybersecurity is at the very core of the Internet2 community’s ability to collaborate, define, test, and deploy advanced technologies that advance research and scholarship.
As part of NCSAM this year, we’re updating the community on the Internet2 cybersecurity activities and available higher education resources. Internet2 works with our partners at EDUCAUSE and the REN-ISAC on cybersecurity in higher education, as well as running programs that can be used by higher education institutions to secure their campuses. Internet2 cybersecurity resources and activities include network, trust and identity, cloud services, community events, and many other activities.
Some of the other activities support the research community, including involvement in Trusted CI, the NSF Cybersecurity Center of Excellence, which received a $15 million renewal grant from NSF. The mission of Trusted CI is to improve the cybersecurity of NSF computational science and engineering projects while allowing those projects to focus on their science endeavors.
Nick Lewis, second from right, serving on the Information Security Panel at EDUCAUSE earlier this month.
Network-Related Cybersecurity Activities
The Internet2 Network was built by and for the research and education community and offers 100-gigabit Ethernet technology on its entire footprint. The Internet2 Network is propelling research and education forward by offering uninhibited performance on a deeply programmable platform.
As part of this, Internet2 offers several network security community engagement opportunities. These include a Security Working Group focused on network security, a DDoS Mitigation Service for campuses to adopt to protect their network, along with our internal network security efforts to protect the Internet2 backbone network. Two areas are getting a lot of attention this year: inter-domain routing security – Mutually Agreed Norms for Routing Security (MANRS) – and webinars on Internet Routing Registry (IRR) and RPKI.
Trust and Identity Related Cybersecurity Activities
Internet2 operates InCommon, the community-built and community-driven trust and identity infrastructure that supports faculty and staff, researchers and scholars, and provides access to services across the US and globally. Our goal is to ensure members of our community have access to the right services, at the right time, with the right protections and privacy considerations, while supporting easy global collaboration.
To support this, the InCommon Collaboration Success Program provides an opportunity for participants to solve common challenges using the community-developed, standards-based software and services that comprise the InCommon Trusted Access Platform.
The InCommon Academy introduces an expanded training program with workshops that cover four key open source software components: Shibboleth, Grouper, COmanage, and midPoint. In addition, the monthly IAM Online webinar series offers identity, access management, and security topics, and is presented by InCommon and the EDUCAUSE Higher Education Information Security Council.
Internet2 supports our members’ cloud journeys with a focus on cloud access, supporting security and management needs, and fostering communities. The NET+ program provides a portfolio of community-evaluated cloud services to higher education institutions as a key part of many campus cloud and information security programs.
The NET+ AWS program supports our members’ ability to manage their cloud environments. The program recently performed an organizations’ pilot designing a solution for a scalable AWS Organization model, which can be used for managing a campus AWS environment.
Working to build stronger communities of practice around Cloud services, the NET+ Splunk program recently started a community town hall and monthly user group call to discuss use cases, shared problems, etc. NET+ security-focused services like the NET+ Duo program and NET+ Code42 programs also have a call series. The NET+ LastPass program is preparing for a major update to the program and is starting an advisory board. The NET+ Code42 program also completed a major update and NET+ DocuSign has an update in development.
Internet2 continues to work with campuses, EDUCAUSE and the REN-ISAC on the Shared Cloud Security Assessments working group on the HECVAT to advance cloud security across higher education. Learn more about this partnership.
We worked with Google during NET+ GCP service evaluation on them, completing a HECVAT for GCP to share with the community. We also have worked with LastPass on completing a HECVAT. Both have been posting to the Cloud Broker Index. The NET+ team continues to use the HECVAT during our community service evaluations.
While so much community work is done by video conference, email lists, and wikis, our community events are an invaluable place for community updates, to share the hottest information security topics, and to work together as groups on shared challenges.
Internet2 events provide critical opportunities for our expanding and diverse community to work together in person. Event participants represent the complete spectrum of the global Internet2 community—including university, industry, and affiliate members, as well as government agencies and regional and international partners. Our next community meeting is at the Internet2 Technology Exchange on Dec 9-12, 2019 in New Orleans, LA.
Thanks to a record number of community proposals, the Program Committee has designed an excellent lineup of sessions around information security, special interest group meetings, and several pre-conference tutorials and workshops focused on information security. Our next major meeting will be the Internet2 Global Summit 2020 in Indianapolis, IN on March 29-April 1, 2020.
Wrapping It Up
We’d love to hear your thoughts around cybersecurity and Internet2! Reflect on ways your own institution is enhancing security by tweeting @Internet2 and #NCSAM, or directly contacting me and sharing how you participated in NCSAM.