NCSA creates video tutorials on cybersecurity and incident response

12.17.14 -

Having an incident response plan in place is a key part in securing systems and networks. This includes preparation for intrusion, an unauthorized person gaining access; a breach, a release of private information; and the accidental, a mass deletion of data.

As part of the Center for Trustworthy Scientific Cyberinfrastructure's (CTSC) continuing effort to improve the cybersecurity of NSF-funded cyberinfrastructure (CI) and computational science and engineering projects, The National Center for Supercomputing Applications (NCSA) security team has produced another series of training videos.

"Incident Response"—a 14-part online video tutorial series—delves into one fundamental subset of all the risks that a system faces, covering how to establish an incident response team and how to respond to security incidents. These tutorials go beyond the general idea of better cybersecurity and provide users with a comprehensive guide for creating this particular foundational block within the CTSC's larger training initiative, "Building a Cybersecurity Program."

Similar to CTSC's first training series, these videos are geared for NSF-funded cyberinfrastructure projects. Unlike typical incident response, there are things that make these projects unique. More than ever, NSF-funded projects depend on computing, digital data, and interoperability for the success of their education, collaboration and research efforts, with open collaborations across countries and between disciplines. Appropriate cybersecurity measures for scientific CI can therefore look very different from those of commercial CI. On top of that, many projects have limited budgets and staffing, which often don’t account for data security.

"They have to focus their time, efforts, and money on advancing the science, not setting up a security incident response team. But at the same time, they realize the importance, and someone on the project gets assigned incident response," explains Randy Butler, Deputy Director for CTSC, leader of CTSC Education, Outreach and Training, NCSA Director of the Cybersecurity Directorate and Chief Security Officer. "These videos will help the project management team as well as that person figure out what to do and hopefully guide them through the process."

In these videos, NCSA's security team explores preparation; detection and analysis; containment, eradication, and recovery; and post-incident handling and offers practical steps that can be taken when dealing with any of these stages. The videos also present four case studies based on incidents experienced at NCSA. The security team walks the viewer through all of the parts of the incident response cycle for each of these cases, presenting step-by-step what the NCSA incident response team did when handling each situation and why.

"We wanted to include these case studies to showcase that we have a team of information security specialists who not only understand the needs of the scientific CI community, but work in and around it themselves. We also wanted our viewers to have examples they could actually relate to and come across," says Butler.

CTSC is a collaborative effort bringing together expertise in cybersecurity from multiple internationally recognized institutions, including NCSA, Indiana University, the University of Wisconsin-Madison, the University of Wisconsin-Milwaukee, and the Pittsburgh Supercomputing Center (PSC).

"While 'Incident Response' is only one piece in the larger puzzle that is building a effective security program, it is an essential one to start with," says Butler. CTSC feels that cybersecurity should not dictate how science is done; rather, it should support and enable the workflows and technology choices made by science teams. "Through this initiative, we want to empower people with all the pieces they need, allowing them to really focus their brainpower on their research," Butler concludes.

Keep up on project happenings by following the CTSC blog and continue to be on the look out for new videos posted to the project's online video tutorial space.