The National Science Foundation funds over seven billion dollars of research annually, nearly all of which relies heavily on information technology. The digital data produced and computing systems used by that research are subject to the same risks as other data and computing systems on the Internet. Appropriate cybersecurity is necessary both to make today's scientific discoveries possible and to ensure that the science is trustworthy. However, NSF science is often necessarily performed in open, collaborative environments that span organizational and national boundaries. These constraints limit the use of traditional cybersecurity paradigms and technologies. Moreover, maintaining the usability of computer systems while providing cybersecurity is critical for many scientists who are not information technology experts. Different science domains also have varying requirements for data confidentiality and integrity. As the NSF Cybersecurity Center of Excellence, the Center for Trustworthy Scientific Cyberinfrastructure (CTSC) brings together experts in cybersecurity, knowledgeable and experienced in the scientific endeavor, who will provide the NSF community with leadership and support necessary to tackle the unique cybersecurity challenges in maximizing the production of trustworthy NSF science. CTSC will directly support individual NSF cyberinfrastructure projects and Large Facilities through collaborative engagements that address specific project needs. CTSC engagement activities include (but are not limited to) security reviews, security architecture design, identity and access management, and software assurance. CTSC will provide cybersecurity situational awareness to the NSF cyberinfrastructure community through timely advisories and notices. In collaboration with the Department of Energy's Energy Science Network, CTSC will develop and publish an information security threat model scoped to the particular assets and interests of the open science community. CTSC will continue to organize the annual NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure, providing the community with the opportunity to share best practices, attend practical training sessions, and collaborate on solving common challenges. CTSC will perform outreach and dissemination of best practices via the CTSC website (http://trustedci.org), blog posts, email lists, and online chats, as well as providing cybersecurity training in person and via online courses.
CICI: Center of Excellence: Center for Trustworthy Scientific Cyberinfrastructure