Join InCommon

21
Jul.
2022

Events

Practice Makes Perfect: Come Exercise with Us

Share

InCommon to Host First Ever Community Cybersecurity Event This Fall

To increase cross-federation levels of trust in cybersecurity, InCommon is hosting its first-ever community Sirtfi cybersecurity exercise this fall. Sirtfi recently became part of InCommon’s baseline expectations

The event is open to InCommon participants and eduGAIN partners, who will practice coordinating a response to a federated security incident by running a multi-organization, federated incident response exercise. Sirtfi-compliant organizations that would like for their federated IdPs and/or SPs to participate in this exercise should complete our expression of interest form by August 19, 2022.

Kyle Lewis

“With Sirtfi being relatively new to InCommon’s Baseline Expectations, it’s the perfect time to establish a voluntary way federated organizations’ teams can practice what it means to coordinate within the Sirtfi framework,” said Kyle Lewis, chair of InCommon’s Sirtfi Exercise Planning Working Group (SEPWG) and vice president of cybersecurity strategy at InCommon Catalyst RDCT. “We want to make it a living part of a federated IT security team’s practice and not just a ‘compliance item’ for Baseline Expectations.”

Lewis pitched the idea of the working group to InCommon leadership and volunteered to serve as chair when its efforts got underway this January after the group was chartered by the InCommon Community Trust and Assurance Board. “I see the group’s efforts as part of a larger fabric of an increasing demand for assurance frameworks in the trust federation,” he explained. “Sirtfi’s purpose is to reinforce trust in research and education identity trust federations in the area of cybersecurity because to quote a common aphorism, ‘A risk accepted by one is a risk shared by all.’” (Sign up to participate.)

Prabha Manda

Working Group Member Prabha Manda, who is a senior security analyst in the Office of Privacy and Information Security at the University of Illinois at Urbana-Champaign (UIUC), welcomes the opportunity for her team to participate in the upcoming exercise. “I thought the SEPWG would be a great opportunity to learn not only about SIRTFI but also how we could strengthen our security response procedures for federated incidents,” she said. “Having tabletop exercises to practice such scenarios will help speed up communication, so we can respond to these incidents in a timely and efficient way.” 

And the purpose of the event is to practice. “It’s important to think of this exercise as a distributed learning activity,” Lewis emphasized. “It’s not a graded event or a test. It lets us practice in advance what we claimed we would do when our entities asserted Sirtfi compliance, which is preferable to waiting for a real security breach to figure Sirtfi out while also under the pressure of trying to secure your network.” (Sign up to participate.)

edugain illustration
An incident could spread throughout the federated research and education community via a single compromised identity.

The exercise will help teams operating Sirtfi-compliant identity-providers and service providers to build confidence in handling security incidents that spill over to other organizations through federated channels,” he continued. “Participants will have opportunities to discuss and review any internal procedures they have in dealing with cross-organizational security incidents. The point is to foster federation-mindedness and break down barriers to reaching out to other teams for help; it’s not a test of cybersecurity tools or technical skills.”  

Manda echoed these sentiments. “There may be federation participants that adopted Sirtfi as part of the InCommon Baseline expectations but may not have had an opportunity to familiarize themselves with the framework,” she noted. “This exercise will give them a chance to understand the aspects of Sirtfi compliance. More importantly, the simulation would provide the experience of a realistic scenario because we have to keep in mind that a federated incident is bound to affect multiple organizations. By participating, we are also helping the community.” 

For more information and questions about the exercise, contact us at help@incommon.org and put Sirtfi Exercise in the subject line of your message. 

We hope your team will join us this fall. 

ICYMI