Helping to Secure Our World: 2024 Internet2 Opportunities for the Research & Education Cybersecurity Community

By Nick Lewis – Internet2 Program Manager

Estimated reading time: 7 minutes

Internet2 is a supporter of National Cybersecurity Awareness Month (NCSAM) co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Security Agency. Internet2  has many cybersecurity opportunities to engage the community throughout the year.  Under the overall theme of  “Secure Our World,” NCSAM encourages continued focus this year on four key behaviors:

1. Use strong passwords and a password manager
2. Turn on multifactor authentication
3. Recognize and report phishing
4. Update software

These are all challenging at scale and require continued attention as part of managing cybersecurity risk for campuses. Internet2 has resources and  activities for using strong passwords via federated identity, using password managers including NET+ LastPass and the newly added NET+1Password, and multifactor authentication. 

We talk with people in the community regularly, they’re always interested in what’s going on in the cybersecurity realm, and they report it’s difficult to  keep up with everything! Our goal is to share what’s happening in the community and how people can get engaged, including newcomers to grow a diverse and inclusive community. 

As part of NCSAM every year, we highlight for the community the Internet2 cybersecurity related activities and resources available to research and education. These activities and resources are helpful to protect your campus and research as well as further your professional development. Additionally, there are several links to future events and items of interest. 

Internet2 works with partners such as  EDUCAUSE and the REN-ISAC on cybersecurity in higher education. Additionally, we run programs that higher education institutions and the research community can use in securing their organizations. Internet2 has cybersecurity woven throughout the organization and the work we do with the community. Internet2 cybersecurity resources and activities include the growing Minority Serving Cyberinfrastructure Consortium, Network, Trust and Identity, Cloud Services, and Community Events.

Minority Serving – Cyberinfrastructure Consortium

The Minority Serving – Cyberinfrastructure Consortium (MS-CC) continues to grow and bring more resources to the community! The MS-CC is a trusted community of HBCUs, TCUs, HSIs, and other MSIs. Prevalent activities include hosting community calls and cyberinfrastructure workshops for the HBCU and TCU communities at various campuses.

The most recent MS-CC Workshop: Campus Technology, Cybersecurity, & Research Computing Support was just held at Alabama A&M University on Oct 29-30, 2024. Here is where you can access content from past workshops. Additionally, there is a monthly Cybersecurity Community of Practice for MS-CC community faculty, researchers, staff, and students interested in cybersecurity. These activities are critical to building capacity on campuses and within local communities.

Network Related Cybersecurity 

Designed for the demanding requirements of data-intensive research, the Internet2 Network provides the performance, resiliency, security, and capabilities demanded by the most advanced applications and networks. As part of supporting the advanced campus and cloud computing needs of the research and education community, Internet2 offers several network security activities, including: 

• Facilitating a Network Security Special Interest Group focused on network security. A continued focus on routing integrity for each of us protects all of us because of the indispensable nature of the network. In 2024, 
• Advancing routing integrity. We worked with NTIA and shared lessons learned from three routing security incidents. 
• Offering a DDoS Mitigation Service for campuses to adopt, to protect their networks along with our internal network security efforts to protect the Internet2 backbone network.

InCommon 

Internet2 operates InCommon, the community-built and community-driven access management infrastructure, eduroam authenticated access to wireless, and related Trusted Access Platform that supports academic mission and collaborative research across the U.S. and globally.

On October 11, the National Science Foundation (NSF) announced  that it will require all users to sign into Research.gov with multifactor authentication (MFA) starting Sunday, October 27, 2024. NSF has agreed, on an interim basis, to continue to accept InCommon federated access, provided that your institution confirms MFA capabilities with NSF. (Details can be found here.)  Stay tuned for additional information from NSF on how it will leverage InCommon going forward for this important development. 

A couple of additional opportunities to get involved: 

• Get  involved in the 3rd annual international cybersecurity cooperation exercise to test Federated Incident Response.  
• InCommon is celebrating reaching new heights for its 20 anniversary in 2024! 
• In 2023, we engaged with the community on long-term planning via the InCommon Futures2 project, and this year we published a five year outlook promoting digital collaboration.

To learn more about how your peers are using these tools, attend TechEX24 in Boston (December 9-11, 20224), join us at inCommon BaseCAMP in June,  or participate in the InCommon Academy for IAM training.

Cloud Services

Internet2 supports our members’ cloud journeys with a focus on enabling cloud access, supporting security and management needs, and fostering communities of practices. The NET+ program provides a portfolio of community-evaluated cloud services to higher education institutions as a key part of many campus cloud and cybersecurity programs.

In 2024, we launched two new NET+ services; NET+ 1Password and NET+ Echo Labs as a pre-evaluation agreement, that may be of interest to campus cybersecurity teams for password management and IT accessibility compliance challenges. We also launched the first AWS Security training focused on securing AWS in a higher education environment via the CLASS program and quickly had a waiting list! Keep your eyes open  for future training in 2025! A NET+ Generative AI Working Group was also launched where AI security has been discussed.

We also have made significant developments on the Cloud Scorecard with 80+ services in the directory for campuses to use for screening cloud services. A few examples are:

• Pointers to HECVATs 
• IT Accessibility, 
• Identity, 
• Privacy,
• and other important aspects for cloud services. 

The Cloud Scorecard added new questions for AI and Data Privacy. The NET+ program has two services campuses can use to directly support enabling multifactor authentication with the NET+ Duo program and a password manager with the NET+ LastPass program. We have heard from the community about how challenging it has become to manage the constantly growing  number of cloud services on campus. In response to this a third-party risk management working group was sponsored to develop and document best practices to share with the community and Internet2’s NET+ program. This was the starting point for a third-party risk management RFP for the community.

Community Events

While so much community work continues to be done via virtual events, email lists, Slack, and wikis, our in-person community events have picked up speed.

• For example, we’ll build community together at the 2024 Internet2 Technology Exchange on Dec. 9-13, 2024  in Boston, MA, USA, which includes cybersecurity focused sessions. 
• The 2025 Internet2 Community Exchange will be held April 28-May 1, 2025 in Anaheim CA, USA. 
• Additionally, here is a listing of virtual events.

We hope to see you soon, either in person or virtually! These virtual and in-person events are invaluable as a place for updates from the community on the most critical cybersecurity topics. Internet2 events provide invaluable opportunities for our expanding and diverse community to work together and share their best practices. Participants at our various events represent the complete spectrum of the global Internet2 community—including university, industry, and affiliate members as well as government agencies and regional and international partners. 

Cybersecurity is at the very core of the Internet2 community’s ability to collaborate, define, test, and deploy technologies that advance research and scholarship. Internet2 has working groups and many other ways for campuses to get involved in advancing cybersecurity across the community. These activities support campuses taking a risk-based approach to protect their stakeholders, learn from their peers, and focus on the behaviors most important to their organizations. We’d love to hear your thoughts around cybersecurity and Internet2! Reflect on ways your own institution is enhancing security by connecting with us on Linkedin and #CybersecurityAwarenessMonth or directly contacting us and sharing how you participate in CSAM. Feel free to reach out to us if you have any questions or suggestions!

ICYMI

• Five Takeaways from the MS-CC Community AI Survey
• What the Research & Education Community Learned From Three Impactful Routing Security Incidents in 2024
• MFA Required for NSF Research.gov Starting Oct. 27, 2024
• Internet2 NET+ 1Password Now Available for Password Management Needs
• SC24 Arrives in Atlanta This November – See What Internet2 Has in Store