Cybersecurity

Three members of the Energy Sciences Network’s Cybersecurity team – Michael Dopheide, Vlad Grigorescu, and Sam Oehlert – were recently honored with an Extra Special Noteworthy Exemplary Trophy Award for their SANS 2019 Holiday Hack Challenge entry.

“SANS is the premier security training organization for our profession. Their annual contest usually has 15,000-20,000 entries. For the past couple of years, our solutions have been used as the official answers and documentation, helping students and professionals around the world to hone their security skills. There is a real impact, and I am very proud of the team,” said Adam Slagell, Energy Sciences Network Chief Security Officer.

Dop Vlad Sam — From left to right: Michael Dopheide, Sam Oehlert, and Vlad Grigorescu

This eponymous award category called the “ESNET,” was created in reverence to the fact that all three team members asked to forgo any competition prizes. Instead, they asked that their prize be awarded to another winner.

“We felt that forgoing the prize was our small way of giving back to the community and rewarding one of the other participants, whose work should not be neglected. Honestly, this is something we look forward to every year. All three of us relish the puzzle-solving element, and our participation is really a labor of love,” said Grigorescu. “We still felt it was important to share our report and the new techniques and tools for both offensive and defensive security we developed.”

The team notes that the SANS Holiday Hack competition is unique because the goal is to gamify cybersecurity challenges, all of which must be based on current threats. The end result is one of the best, most realistic security training, and it’s available for free, in perpetuity.

“By really pushing the envelope, we felt like we walked away from this year’s competition having significantly advanced our skills and being better able to safeguard the Energy Sciences Network. We’re incredibly honored to have an eponymous award, and to win the inaugural ‘ESNET’ award,” said Grigorescu.

This was Grigorescu’s fifth SANS Holiday Hack Competition and the fourth for Dopheide and Oehlert. All three were part of the Energy Sciences Network team that won the 2018 Grand Prize. Grigorescu’s teams also won an Honorable Mention in 2015, Best Technical Answer in 2016, and a Grand Prize in 2017.

Written by Linda Vu, Berkeley Lab Computing Sciences

sean-and-dop — Michael Dopheide (left) and Sean Peisert (right).

Over the past several months, ESnet and the NSF Cybersecurity Center of Excellence collaborated with research and education community leaders to develop a risk profile for open science to formally capture and benchmark this expertise, allowing other organizations to apply these best practices more broadly.

Today, the group is releasing its draft Open Science Cyber Risk Profile (OSCRP) and inviting comment from the research community. The OSCRP is designed to help principal investigators and their supporting information technology professionals assess cybersecurity risks related to open science projects. The draft document, along with information on how to comment, can be found at http://trustedci.github.io/OSCRP/.

Managing the security risks to scientific instruments, data and cyberinfrastructure is a priority for creating a trustworthy environment for science. Assessing, understanding and managing concerns of open science to explicitly capture risks to its integrity and availability, and sometimes also privacy issues, involves making judgments on the likelihood and consequences of risks. Deep experience in understanding cybersecurity and the science being supported is needed to achieve these goals.

The group invites comments on the document prior to final publication in early 2017. Longer-term, the document is intended to be a living, community document, being updated as open science computing evolves, and also as new approaches to security arise.

About the OSCRP Working Group

Organized by Sean Peisert and Michael Dopheide from ESnet, and Von Welch and Andrew Adams from the NSF Cybersecurity Center of Excellence, the working group consists of: RuthAnne Bevier (Caltech), Rich LeDuc (Northwestern), Pascal Meunier (HUBzero), Stephen Schwab (USC Information Sciences Institute) and Karen Stocks (Scripps Institution of Oceanography), Ilkay Altintas (San Diego Supercomputer Center), James Cuff (Harvard), Reagan Moore (iRods), and Warren Raquel (NCSA/UIUC). To follow the activities of the working group, please follow http://blog.trustedci.org/.

About the NSF Cybersecurity Center of Excellence • trustedci.org

The Center for Trustworthy Scientific Cyberinfrastructure (CTSC) is funded as the National Science Foundation’s Cybersecurity Center of Excellence. The mission of CTSC is to improve the cybersecurity of NSF science and engineering projects, allowing those projects to focus on their science endeavors. This mission is accomplished through one-on-one engagements with projects to address their specific challenges; education, outreach, and training to raise the state of security practice across the scientific enterprise; and leadership on bringing the best and most relevant cybersecurity research to bear on the NSF cyberinfrastructure research community.

About ESnet • www.es.net

The Energy Sciences Network (ESnet) is an international, high-performance, unclassified network built to support scientific research. Funded by the U.S. Department of Energy’s Office of Science (SC) and managed by Lawrence Berkeley National Laboratory, ESnet provides services to more than 40 DOE research sites, including the entire National Laboratory system, its supercomputing facilities, and its major scientific instruments. ESnet also connects to over 140 research and commercial networks, permitting DOE-funded scientists to collaborate productively with partners around the world.