Learn more about the ResearchSOC
- The Research Security Operations Center (ResearchSOC) is a CaaS (Cybersecurity as a Service) MSSP (Managed Security Service Provider) focused on research projects. The
ResearchSOChelps make scientific infrastructure resilient to and capable of supporting trustworthy, productive research.
serves four constituencies: ResearchSOC
- NSF-funded large or “autonomous” projects, such as the Gemini Observatory
- Smaller or “embedded” projects that are part of a university, such as the National Resource for Translational and Developmental Proteomics
- Higher education information security professionals
- Cybersecurity researchers
The ResearchSOC’s mission is to serve as a collaborative security response center whose expertise and resources are leveraged by the entire research and education community to:
- Improve the cybersecurity posture of scientific cyberinfrastructure
- Raise awareness of security threats facing the scientific community.
Approach #1: Enable higher education Information Security Offices to serve research by providing a suite of operational cybersecurity services tailored for scientific research
Approach #2: Build a community of research cybersecurity practitioners
The two organizations are aligned, but separate. While the NSF’s Office of Advanced Cyberinfrastructure (OAC) supports both cybersecurity centers under the Cybersecurity Innovation for Cyberinfrastructure (CICI) program, the centers’ identities are distinct. ResearchSOC primarily offers operational security services while Trusted CI is primarily focused on community leadership, the development of cybersecurity programs, and NSF community cybersecurity assistance. ResearchSOC, as part of its mission, seeks to foster adoption of its set of technology services. Trusted CI intentionally seeks to be a trusted, unbiased source of recommendations regarding cybersecurity. The two organizations collaborate with the mutual understanding that a ResearchSOC subscription does not, by itself, constitute a cybersecurity plan.
The ResearchSOC has four early adopter clients:
- The Gemini Observatory
- The National Radio Astronomy Observatory
- The National Earth Science Geodetic Facility (GAGE/ UNAVCO)
- The National Resource for Translational and Developmental Proteomics
The ResearchSOC provides an integrated package of technology and services to accomplish its mission, including:
OmniSOC, a shared cybersecurity operations center for higher education
Vulnerability Identification Services provided by Three Rivers Optical Exchange
STINGAR, the Shared Threat Intelligence for Network Gatekeeping and Automated Response
Training and Education, provided by the ResearchSOC team and offered to research project teams and the higher education community. Services from REN-ISAC, such as inclusion in their forums, mailing list, daily security updates, peer assessment service, and other are also available.
- OmniSOC is a 24x7x365 eyes-on-screens shared cybersecurity operations center for higher education. Founded by Northwestern University, Purdue University, Rutgers University, the University of Nebraska-Lincoln, and Indiana University, this pioneering initiative strives to help higher education institutions reduce the time from first awareness of a cybersecurity threat anywhere to mitigation everywhere for members. OmniSOC services include processing and creating cyber threat intelligence, notifications of member incident response teams, communicating and sharing information, conducting proactive threat hunting, analyzing security events, monitoring and triaging security events, and providing call center services. With two decades of experience from the GlobalNOC behind it, OmniSOC provides trusted and actionable intelligence to higher education institutions. GlobalNOC is based at Indiana University.
This service leverages the widely deployed open-source ‘OpenVAS’ framework to identify assets in need of protection. The Vulnerability Identification Service at the Three Rivers Optical Exchange (3ROX) is built upon Three Rivers Optical Exchange (3ROX) Cybersecurity Service. Based on ‘OpenVAS’ framework, the service provides a full-featured vulnerability scanner, providing daily updates with over 50,000 vulnerability tests. This allows cybersecurity professionals identify and address weaknesses that can be exploited by an attacker to perform unauthorized actions. The service Probes externally from your network to identify issues such as misconfigured software, exploitable software, and unnecessary services/exposed devices. An initial “discovery” scan is conducted to enumerate network-connected assets. Subsequent scans can be scheduled or on-demand. 3ROX is operated and managed by the Pittsburgh Supercomputing Center.
- STINGAR stands for Sharing Threat Intelligence for Network Gatekeeping with Automated Response. Duke University developed STINGAR, which uses a decoy computer system for trapping or tracking hackers (known as a honeypot). STINGAR uses automationto speed responses.At Duke, STINGAR has helped to increase the security team’s blocking capabilities from 10 million malicious connection attempts per day to 2 billion per day at the height of the Mirai botnet. The honeypot portion of STINGAR accounts for a significant chunk of these blocks and also has increased the fidelity of what has been blocked, reducing false positives.
The ResearchSOC team provides direct training to clients in four areas:
- Onboarding training, which includes how to connect technically
- How to process alerts. For example, have to triage if you have an incident or not
- How to respond to incidents
- The ResearchSOC team can also facilitate the engagement of other relevant resources to assist in the development of a maturity model assessment and plan for progress.
The ResearchSOC also offers training, both in conjunction with major conference and as stand-alone events, for R&E cybersecurity professionals on strategies for engaging and supporting research projects.
- Analysts in the ResearchSOC leverage expertise and operational procedures developed by OmniSoC to share common threat intelligence and coordinate activities between services. ResearchSoC also offers a common organizational interface to clients,
Yes, all the technologies and services used by ResearchSOC have extensive deployments in the research and education environment, making them ideal for supporting research projects.
Indiana University, Duke University, the Pittsburgh Supercomputing Center, and the University of California San Diego. These services have existing infrastructure and customer bases, which ResearchSOC can leverage to more effectively and sustainably guard against cybersecurity threats.
- Yes, and those threats are indeed serious. Malicious actors have targeted large and small research facilities and projects, threatening data integrity, instrument availability, impacting reputation, and conducting ransomware attacks that threaten data and machine availability. Cyberattacks can also interrupt research at critical junctures.
At the heart of every research project is the data. Every scientist wants to have good, clean data and to speak confidently that their data was not compromised, and no researcher wants to have the integrity of their data questioned. In fact, published papers go lengths to detail the processes, controls, and procedures used to ensure data integrity.
Once a project’s cyberinfrastructure is breached, researchers lose control of their data, and so lose the ability to ensure to ensure data integrity and reproducibility.
ResearchSOC helps ensure that data integrity and reproducibility by helping to ensure control and integrity of the cyberinfrastructure. ResearchSOC can detect breaches quickly, before they spread, or even prevent them if actively changing configuration.
- ResearchSOC is Funded by NSF Grant 1840034.
ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. We do this by providing the cybersecurity services, training, and information sharing necessary to a community as unique and variable as R&E.
ResearchSOC’s services can be a key component of a cybersecurity program that addresses the requirements of SP800-171. Meeting regulatory requirements in grants and contracts is becoming increasingly challenging as research institutions face new types of regulated data such as Controlled Unclassified Information (CUI). Protecting CUI requires implementing roughly a hundred controls described in NIST Special Publication 800-171. ResearchSOC (and OmniSoc) can bolster your compliance effort by fully or partially addressing nearly 20% of these controls in control families such as awareness and training, audit and accountability, incident response, security and risk assessment, systems and communication protection, and system and information integrity. However, simply engaging the ResearchSOC will not fulfill all the requirements of SP800-171, as the ResearchSOC is not a complete security program.
The ResearchSOC team’s extensive experience in the R&E environment gives them a unique perspective on and understanding of the key differences between classical enterprise security and research support. For each project, the team seeks to understand the science workflow, issues such as data reproducibility, data sharing, and federation, and then through conversations with faculty. The array of technologies and services ResearchSOC provides is then tailored in an agile fashion to the specific needs of the research project.
The ResearchSOC helps research project personnel manage the challenge of staffing and training shortages in three ways.
First, as an MSSP the ResearchSOC provides trained and experienced personnel.
Second, the technologies employed by the ResearchSOC help reduce the “noise’ level and help research technology staff focus on key issues.
Third, the ResearchSOC’s training, workshop, and community of practice components provide essential training, education, and advice from experienced experts and peers.
ResearchSOC is the only organization in the world providing cybersecurity services to researchers, designed for researchers, and staffed by individuals with training and experience in the R&E environment. Rather than providing a “one size fits all” solution, instead the ResearchSOC fits where others do not.