This August, WISE was warmly welcomed to the NSF Cybersecurity Summit 2017 in Arlington, Virginia. Many thanks to our hosts for facilitating a hugely useful and productive workshop!
Doug Pearson from REN-ISAC kicked off the day with an interactive presentation of the pDNS Data Sharing project, aiming to pool anonymised passive DNS logs for the benefit of the R&E community. Our WISE colleagues were drafted in to play users, malicious DNS servers and the internet itself – to name but a few!
Florence Hudson from internet2 presented on the impact of IoT devices on security and sparked the question, “are there IoT devices in our e-Infrastructures?” This is one conversation that we will be taking forwards in the coming months to understand the impact of IoT security for WISE members.
Rob Quick from OSG took us “into the SWAMP” and demonstrated how we can assess common e-Infrastructure packages for security vulnerabilities in the SoftWare Assurance Market Place at http://mir-swamp.org/. This platform is open for the R&E community so don’t hesitate to start analysing your own packages.
Alf Moens from SURF got our brains working as we performed a risk assessment exercise using WISE’s newly published Risk Management Template. Participants gained a new found appreciation of the challenges faced when quantifying the risks faced by their organisations.
Dave Kelsey from STFC and Adam Slagel from XSEDE gathered feedback on SCIv2 from willing volunteers who had completed a first assessment of their e-Infrastructures in anticipation of the workshop. We were struck by the similarities with some of the work being done by CTSC, in both security frameworks and risk assessment, and will be working closely together to see how we can benefit each other’s aims. The input received on SCIv2 during our day will be fed back into an FAQ to support future assessments… and help us all to be a little WISEr!
Slides are available on the WISE Wiki.