Join InCommon

21
Nov.
2024

Community

Helping to Secure Our World: 2024 Internet2 Opportunities for the Research & Education Cybersecurity Community

Share

Array

By Nick Lewis – Internet2 Program Manager

Estimated reading time: 7 minutes

Internet2 is a supporter of National Cybersecurity Awareness Month (NCSAM) co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Security Agency. Internet2  has many cybersecurity opportunities to engage the community throughout the year.  Under the overall theme of  “Secure Our World,” NCSAM encourages continued focus this year on four key behaviors:

  1. Use strong passwords and a password manager
  2. Turn on multifactor authentication
  3. Recognize and report phishing
  4. Update software

These are all challenging at scale and require continued attention as part of managing cybersecurity risk for campuses. Internet2 has resources and  activities for using strong passwords via federated identity, using password managers including NET+ LastPass and the newly added NET+1Password, and multifactor authentication

We talk with people in the community regularly, they’re always interested in what’s going on in the cybersecurity realm, and they report it’s difficult to  keep up with everything! Our goal is to share what’s happening in the community and how people can get engaged, including newcomers to grow a diverse and inclusive community. 

As part of NCSAM every year, we highlight for the community the Internet2 cybersecurity related activities and resources available to research and education. These activities and resources are helpful to protect your campus and research as well as further your professional development. Additionally, there are several links to future events and items of interest. 

Internet2 works with partners such as  EDUCAUSE and the REN-ISAC on cybersecurity in higher education. Additionally, we run programs that higher education institutions and the research community can use in securing their organizations. Internet2 has cybersecurity woven throughout the organization and the work we do with the community. Internet2 cybersecurity resources and activities include the growing Minority Serving Cyberinfrastructure Consortium, Network, Trust and Identity, Cloud Services, and Community Events.

Minority Serving – Cyberinfrastructure Consortium

The Minority Serving – Cyberinfrastructure Consortium (MS-CC) continues to grow and bring more resources to the community! The MS-CC is a trusted community of HBCUs, TCUs, HSIs, and other MSIs. Prevalent activities include hosting community calls and cyberinfrastructure workshops for the HBCU and TCU communities at various campuses.

ms-cc logo

The most recent MS-CC Workshop: Campus Technology, Cybersecurity, & Research Computing Support was just held at Alabama A&M University on Oct 29-30, 2024. Here is where you can access content from past workshops. Additionally, there is a monthly Cybersecurity Community of Practice for MS-CC community faculty, researchers, staff, and students interested in cybersecurity. These activities are critical to building capacity on campuses and within local communities.

Designed for the demanding requirements of data-intensive research, the Internet2 Network provides the performance, resiliency, security, and capabilities demanded by the most advanced applications and networks. As part of supporting the advanced campus and cloud computing needs of the research and education community, Internet2 offers several network security activities, including: 

I2 Routing Integrity logo

InCommon 

Internet2 operates InCommon, the community-built and community-driven access management infrastructure, eduroam authenticated access to wireless, and related Trusted Access Platform that supports academic mission and collaborative research across the U.S. and globally.

InCommon 20th Anniversary logo

On October 11, the National Science Foundation (NSF) announced  that it will require all users to sign into Research.gov with multifactor authentication (MFA) starting Sunday, October 27, 2024. NSF has agreed, on an interim basis, to continue to accept InCommon federated access, provided that your institution confirms MFA capabilities with NSF. (Details can be found here.)  Stay tuned for additional information from NSF on how it will leverage InCommon going forward for this important development. 

A couple of additional opportunities to get involved: 

To learn more about how your peers are using these tools, attend TechEX24 in Boston (December 9-11, 20224), join us at inCommon BaseCAMP in June,  or participate in the InCommon Academy for IAM training.

Cloud Services

Internet2 supports our members’ cloud journeys with a focus on enabling cloud access, supporting security and management needs, and fostering communities of practices. The NET+ program provides a portfolio of community-evaluated cloud services to higher education institutions as a key part of many campus cloud and cybersecurity programs.

I2 Cloud NET+ logo

In 2024, we launched two new NET+ services; NET+ 1Password and NET+ Echo Labs as a pre-evaluation agreement, that may be of interest to campus cybersecurity teams for password management and IT accessibility compliance challenges. We also launched the first AWS Security training focused on securing AWS in a higher education environment via the CLASS program and quickly had a waiting list! Keep your eyes open  for future training in 2025! A NET+ Generative AI Working Group was also launched where AI security has been discussed.

We also have made significant developments on the Cloud Scorecard with 80+ services in the directory for campuses to use for screening cloud services. A few examples are:

  • Pointers to HECVATs 
  • IT Accessibility, 
  • Identity, 
  • Privacy,
  • and other important aspects for cloud services. 

The Cloud Scorecard added new questions for AI and Data Privacy. The NET+ program has two services campuses can use to directly support enabling multifactor authentication with the NET+ Duo program and a password manager with the NET+ LastPass program. We have heard from the community about how challenging it has become to manage the constantly growing  number of cloud services on campus. In response to this a third-party risk management working group was sponsored to develop and document best practices to share with the community and Internet2’s NET+ program. This was the starting point for a third-party risk management RFP for the community.

Community Events

While so much community work continues to be done via virtual events, email lists, Slack, and wikis, our in-person community events have picked up speed.

Promotional graphic for technology exchange 2024.

We hope to see you soon, either in person or virtually! These virtual and in-person events are invaluable as a place for updates from the community on the most critical cybersecurity topics. Internet2 events provide invaluable opportunities for our expanding and diverse community to work together and share their best practices. Participants at our various events represent the complete spectrum of the global Internet2 community—including university, industry, and affiliate members as well as government agencies and regional and international partners. 

Cybersecurity is at the very core of the Internet2 community’s ability to collaborate, define, test, and deploy technologies that advance research and scholarship. Internet2 has working groups and many other ways for campuses to get involved in advancing cybersecurity across the community. These activities support campuses taking a risk-based approach to protect their stakeholders, learn from their peers, and focus on the behaviors most important to their organizations. We’d love to hear your thoughts around cybersecurity and Internet2! Reflect on ways your own institution is enhancing security by connecting with us on Linkedin and #CybersecurityAwarenessMonth or directly contacting us and sharing how you participate in CSAM. Feel free to reach out to us if you have any questions or suggestions!

ICYMI