The ResearchSOC serves four constituencies:

1. NSF-funded large or “autonomous” projects, such as the Gemini Observatory
2. Smaller or “embedded” projects that are part of a university, such as the National Resource for Translational and Developmental Proteomics
3. Higher education information security professionals
4. Cybersecurity researchers

The ResearchSOC’s mission is to serve as a collaborative security response center whose expertise and resources are leveraged by the entire research and education community to:

1. Improve the cybersecurity posture of scientific cyberinfrastructure
2. Raise awareness of security threats facing the scientific community.

Approach #1: Enable higher education Information Security Offices to serve research by providing a suite of operational cybersecurity services tailored for scientific research

Approach #2: Build a community of research cybersecurity practitioners

The two organizations are aligned, but separate. While the NSF’s Office of Advanced Cyberinfrastructure (OAC) supports both cybersecurity centers under the Cybersecurity Innovation for Cyberinfrastructure (CICI) program, the centers’ identities are distinct. ResearchSOC primarily offers operational security services while Trusted CI is primarily focused on community leadership, the development of cybersecurity programs, and NSF community cybersecurity assistance. ResearchSOC, as part of its mission, seeks to foster adoption of its set of technology services. Trusted CI intentionally seeks to be a trusted, unbiased source of recommendations regarding cybersecurity. The two organizations collaborate with the mutual understanding that a ResearchSOC subscription does not, by itself, constitute a cybersecurity plan.

The ResearchSOC has four early adopter clients:

1. The Gemini Observatory
2. The National Radio Astronomy Observatory
3. The National Earth Science Geodetic Facility (GAGE/ UNAVCO)
4. The National Resource for Translational and Developmental Proteomics

The ResearchSOC provides an integrated package of technology and services to accomplish its mission, including:

OmniSOC, a shared cybersecurity operations center for higher education

Vulnerability Identification Services provided by Three Rivers Optical Exchange

STINGAR, the Shared Threat Intelligence for Network Gatekeeping and Automated Response

Training and Education, provided by the ResearchSOC team and offered to research project teams and the higher education community. Services from REN-ISAC, such as inclusion in their forums, mailing list, daily security updates, peer assessment service, and other are also available.

ResearchSOC provides a Vulnerability Identification Service (VIS) operated by cybersecurity professionals at Three Rivers Optical Exchange (3ROX). Utilizing a commercial scanning platform, the service provides a full-featured vulnerability scanner that includes over 100,000 network vulnerability tests. The commercial scanning platform is used to identify exposed vulnerabilities that can be exploited by an attacker to perform unauthorized actions. The service mimics what an attacker external to your network would find as they perform network reconnaissance against your online assets. The platform tests for misconfigured software, exploitable software, and exposed services which can be used to penetrate your network defenses. Daily discovery/alive scans are conducted to identify your network-reachable hosts. The hosts identified by these daily scans are used to conduct a “full” vulnerability scan on a regular occurring schedule. 3ROX is operated and managed by the Pittsburgh Supercomputing Center.

The ResearchSOC team provides direct training to clients in four areas:

1. Onboarding training, which includes how to connect technically
2. How to process alerts. For example, have to triage if you have an incident or not
3. How to respond to incidents
4. The ResearchSOC team can also facilitate the engagement of other relevant resources to assist in the development of a maturity model assessment and plan for progress.

The ResearchSOC also offers training, both in conjunction with major conference and as stand-alone events, for R&E cybersecurity professionals on strategies for engaging and supporting research projects.

Yes, all the technologies and services used by ResearchSOC have extensive deployments in the research and education environment, making them ideal for supporting research projects.

Indiana University, Duke University, the Pittsburgh Supercomputing Center, and the University of California San Diego. These services have existing infrastructure and customer bases, which ResearchSOC can leverage to more effectively and sustainably guard against cybersecurity threats.

At the heart of every research project is the data. Every scientist wants to have good, clean data and to speak confidently that their data was not compromised, and no researcher wants to have the integrity of their data questioned. In fact, published papers go lengths to detail the processes, controls, and procedures used to ensure data integrity.

Once a project’s cyberinfrastructure is breached, researchers lose control of their data, and so lose the ability to ensure to ensure data integrity and reproducibility.

ResearchSOC helps ensure that data integrity and reproducibility by helping to ensure control and integrity of the cyberinfrastructure.  ResearchSOC can detect breaches quickly, before they spread, or even prevent them if actively changing configuration.

ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. We do this by providing the cybersecurity services, training, and information sharing necessary to a community as unique and variable as R&E.

ResearchSOC’s services can be a key component of a cybersecurity program that addresses the requirements of SP800-171. Meeting regulatory requirements in grants and contracts is becoming increasingly challenging as research institutions face new types of regulated data such as Controlled Unclassified Information (CUI).  Protecting CUI requires implementing roughly a hundred controls described in NIST Special Publication 800-171. ResearchSOC (and OmniSoc) can bolster your compliance effort by fully or partially addressing nearly 20% of these controls in control families such as awareness and training, audit and accountability, incident response, security and risk assessment, systems and communication protection, and system and information integrity. However, simply engaging the ResearchSOC will not fulfill all the requirements of SP800-171, as the ResearchSOC is not a complete security program.

The ResearchSOC team’s extensive experience in the R&E environment gives them a unique perspective on and understanding of the key differences between classical enterprise security and research support. For each project, the team seeks to understand the science workflow, issues such as data reproducibility, data sharing, and federation, and then through conversations with faculty.  The array of technologies and services ResearchSOC provides is then tailored in an agile fashion to the specific needs of the research project.

The ResearchSOC helps research project personnel manage the challenge of staffing and training shortages in three ways.

First, as an MSSP the ResearchSOC provides trained and experienced personnel.

Second, the technologies employed by the ResearchSOC help reduce the “noise’ level and help research technology staff focus on key issues.

Third, the ResearchSOC’s training, workshop, and community of practice components provide essential training, education, and advice from experienced experts and peers.

ResearchSOC is the only organization in the world providing cybersecurity services to researchers, designed for researchers, and staffed by individuals with training and experience in the R&E environment. Rather than providing a “one size fits all” solution, instead the ResearchSOC fits where others do not.