Enhancing Cybersecurity in University Research: Insights from SouthEast SECURE Program

The SouthEast SECURE program at universities like Clemson and University of Alabama focuses on improving cybersecurity for NSF-funded research projects. It provides metrics, communication facilitation, and practical assistance to enhance data security. The program aims to support researchers in utilizing IT systems effectively and ensuring secure data management in various scientific fields.

• Cybersecurity
• University Research
• SouthEast SECURE Program
• NSF Funding
• Data Security

iliana Follow

Uploaded on Aug 28, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. CICI Regional: SouthEast SciEntific Cybersecurity for University Research (SouthEast SECURE) Clemson University: Jill Gemmill University of Tennessee-Chattanooga: Tony Skjellum University of Alabama at Huntsville: Sara Graves Voorhees College: Veronical Gadsden Jackson State University: Richard Alo

2. The Program 1. Survey NSF funded investigators in the SouthEast 2. Provide Cybersecurity Metrics Student-built devices University web site SSL/TLS security & patch speed over time 3. Facilitate communication between research faculty and university IT/Data Security staff. 4. Provide practical assistance On-campus or individual training Downsize great CTSC materials Create engaging content for domain scientists

3. Some features of the SouthEast New NSF awards in FY14. A total of 579 institutions received funding that year; of these, 47 were HBCUs, 5 were Minority Serving Institutions, and 8 were Hispanic minority serving institutions.

4. What help with cybersecurity do NSF- PIs need? - SURVEY (anonymous) 6576 Invitations Sent 707 Responses Bounced 10-18% response rate Opt-out Unopened 0pened 0 1000 2000 3000 4000 5000

5. Who Answered Survey? Institution's research classification 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Doctoral University - (R1, R2, High Research) Master's College / University Baccalaureate College Associates College Other (please specify)

6. Who Answered Survey? What is your major disciplinary field? Chemistry Computer/Info Science & Engineering Engineering Geosciences Life Sciences Mathematical Sciences Other Physics and Astronomy Psychology Social Sciences 0% 5% 10% 15% 20%

7. What kind of information technology (IT) systems does your NSF project use (computers, servers, network connected instrumentation, etc.)? Check all. 10.21% Other (please specify) Independent Internet access purchased with project funds 5.25% 85.96% The university network and Internet access 20.14% Internet-connected scientific instruments Computers and servers purchased with project funds 45.96% 90.21% University (department, college, center, etc.) provided IT including computers,

8. Which of the following "cloud" services is your project using? Check all that apply. Other Communication tools (Google Hangout, WebEx, GoToMeeting, etc.) Productivity tools such as Office 365, Google Docs, etc. Virtual Machines (Microsoft Azure, Amazon EC2/AWS, Google Compute File storage (Google Drive, Dropbox, Box, OneDrive, Amazon S3, etc.) E-mail such as Gmail, Office 365, etc. Web-site hosting, database hosting, Wikis, etc. 0% 10%20%30%40%50%60%70%80%90%

9. Who maintains your IT systems to keep them in working order? Check all that apply. Other 3.13% No one performs regular maintenance 3.55% We maintain our own systems 33.95% Our cloud or service provider 12.07% IT support is outsourced 2.41% University IT (department, college, center, etc.) 92.47% 0% 20% 40% 60% 80% 100%

10. Where do your NSF project cyber security requirements come from? Check all that apply. Other 3.27% Not sure 18.63% No formal requirements; we use common sense. 20.63% We make our own cybersecurity requirements 13.51% Federal/State regulations (e.g. HIPAA, FISMA, IRB, etc.) 36.27% University/executive leadership 58.75% 0% 10% 20% 30% 40% 50% 60% 70%

11. Do you (or your team) create your own websites or write your own software/software modules? 45% 41.43% 40% 33.86% 35% 30% 23.29% 25% 20% 15% 10% 5% 1.43% 0% Yes, and we have had some training in how to make these secure. No. Yes, but we're not sure how secure they are. Yes, and we have had cybersecurity incidents with some of the websites/software.

12. How does cyber security impact your current NSF projects? Select the response that most closely matches your opinion. Other 3.29% Cyber security doesn t impact our work at all. Cyber security requirements keep (or kept) us from getting real work done. Cyber security makes things harder, but it s tolerable. Cyber security protects the integrity, confidentiality, and availability of our 0% 10% 20% 30% 40% 50% not sure ; haven t thought about it

13. What kinds of cyber attacks have impacted your NSF project? Check all that apply. Other None of which we are aware. Computer/instrumentation unusable or used to attack other computers. Theft of data, software, or equipment Insider attacks (attacks by employees or trusted students) Loss of data or software (including ransomware) Loss of Internet access (DNS) Virus/malware/botnets infection 0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

14. Please contact me at the email address above about: 188 200 180 160 140 120 100 80 60 40 24 18 20 4 2 0 On-line cyber security training designed for university researchers A confidential evaluation of my lab's cyber security status a security-related experience I've had that I'd like to share with other NSF funded researchers I have a specific security challenge / problem and I could use some expert help. Other

15. Does your cybersecurity training look like this?

16. WHAT IS CYBERSECURITY? Cybersecurity is the protection of data and computer systems from illicit access or acquisition of equipment, software, and / or data.

17. IMPORTANT FACTS 91% of cyberattacks start with email Ransomware: software that can encrypt and lock your assess to that data Insider threats are a major concern Intellectual Property (IP) theft can be expensive and can affect your professional career NSF is concerned about cybersecurity and privacy protection

18. What might be more effective

21. Collaborative Research: CICI: Regional: SouthEast SciEntific Cybersecurity for University Research (SouthEast SECURE) - Jill Gemmill (PI) This material is based upon work supported by the National Science Foundation under Grants No. 1642102; 1642083; 1642069; and 1642038. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

22. Questions & Discussion Contact Jill Gemmill jbg@clemson.edu