►
Description
Date: 10/4/2019
Presenter: Von Welch
Institution: Indiana University
Midwest Big Data Hub
A
I'm
happy
to
introduce
Vaughn
Welch.
Many
of
you
know
Vaughn
from
a
number
of
different
engagements
that
he's
had
because
the
Center
for
Applied
cyber
security
research
has
been
around
for
a
while
now
I
think
he'll
probably
tell
us
exactly
how
long
it's
been
around
and
has
had
some
I
would
say
some
significant
impact
in
terms
of
the
work
that
we
do
at
universities
and
the
way
that
we
are
able
to
advocate
to
our
administration.
A
In
many
cases
the
importance
that
cyber
security
has
in
our
various
research
enterprises
and
so
I'm
always
happy
to
hear
about
the
work
that
Vaughn
is
doing
under
the
Center
for
Applied
cyber
security
research
in
general
and
thrilled
that
he's
able
to
speak
with
us
today.
So
without
further
ado,
I
will
go
ahead
and
turn
it
over.
So.
B
Jim,
thank
you
for
that
introduction.
So
my
home
is
my
home
center
here
in
Indiana.
University
is
indeed
the
Center
for
Applied
cyber
security
research
in
that
capacity
is
directing
that
center.
Here,
one
of
the
NSF
projects-
I'm
privileged
to
lead,
is
the
the
NSF
cybersecurity
center
of
excellence
or
trust
at
CI,
and
so
that's
actually
the
the
hat
I'm
wearing
here
today
and
this
trusted
CI
that
has
been
I.
B
So
let
me
just
tell
you
a
little
bit
more
about
trusted
CI
and
it
is
an
NSF
funded
project,
but,
unlike
many
other
cybersecurity
projects
that
in
centers
at
NSF
funds,
it
has
a
mission
to
serve
the
NSF
community
itself.
So
for
those
of
you
I
think
you're,
probably
familiar
NSF,
a
huge
portfolio
of
funded
projects.
They've
got
an
annual
budget
that
approaches
eight
billion
dollars.
B
They
fund
over
10,000
awards
every
year
and
a
significant
a
number
of
those
awards
over
a
thousand,
are
million
dollar-plus
and
then
I
think
it
is
I,
don't
know
anyone
who's
done
a
survey
but
I'm
fairly,
confident,
saying
nearly
ubiquitously.
Those
projects
rely
on
computing
to
some
degree
or
another
right,
so
they
almost
inevitably
have
some
cyber
security
challenges
from
the
sort
of
the
day-to-day
pedestrian
challenges.
We
all
face
to
some
very
exotic,
interesting
and
tough
challenges
around
cybersecurity
and
when
I
say
cyber
security
here
speaking
a
little
broadly,
that
also
includes
Identity
Management
privacy.
B
So
first
I
want
to
thank
several
of
you
shared
your
your
warm
thoughts
with
me
earlier
about
renewal,
and
we
are
very
happy
to
announce.
We've
just
received
our
renewal
award,
that's
starting
here
at
the
8th
at
the
turn
of
the
year
and
that
will
carry
us
forward
five
years,
two
to
2024,
so
really
excited
about
being
able
to
have
this
opportunity
to
consider
continue
serving
the
community
and
thank
a
number
of
you
on
this
call
for
for
your
support,
your
collaborations
and
your
supportive
words
that
have
have
made
this
really
possible.
B
I,
always
like
pointing
to
the
are
broader
impacts,
project
report.
This
was
a
report
that
Jim
Mazz
me
and
his
team
compiled
last
year
summarizing
our
impact
across
NSF
to
to
date.
You
know
it's
you'll
see
some
of
the
number
here.
We've
managed
to
touch
and
impact
hundreds
of
projects
and
have
them
attend
in
various
ways.
This
report,
you
know
also
laid
out-
we've
got
you
know
looking
across
the
science
director,
it's
where
we
need
to
focus
more
attention,
but
this
is
one
of
the
things
I
point
to
that.
B
You
know
really
showed
over
those
four
six
years,
some
of
the
good
work
that
we
really
did
and
so
I
like
to
point
to
it
as
a
reference
for
for
that.
So
giving
an
example
of
the
type
of
things
trusted
CI
does
the
first
is:
we
knew
a
fair
number
of
best
practices
that
are
freely
available
on
our
website.
As
you
see
there,
some
you
know
organized
here
under
different
parts
of
the
website.
We
have
a
strong
collaboration
with
the
science
Gateway
Institute,
so
you'll
see
that
fourth
bullet.
B
There
is
a
collection
of
materials
that
we've
compiled
a
lot
of
it
jointly
with
them.
Jim
Baz
me
has
done
a
lot
of
work
and
Identity
Management
other
parts
of
our
team.
We've
got
operational
security
tailored
for
science
projects.
We
have
a
guiding
us,
a
template
that
number
of
projects
have
picked
up
and
on
their
own
used
to
create
their
own
cybersecurity
programs
and
then
more
specialized.
B
So
one
of
the
the
you
know
a
couple
more
guides
digging
in
here.
The
one
on
the
left
is
the
guide.
I
extension.
This
is
the
set
of
templates.
If
you
come
to
our
site
that
walks
you
through
a
creation
of
a
cybersecurity
program
for
an
operational
project,
the
one
on
the
right
is
a
software
engineering
guide.
So
this
is,
you
know
if
you
are
the
project
that
is
developing
software,
we've
tried
to
tackle
some
of
the
issues
around
cybersecurity
for
a
software
project.
B
Another
thing
that
we
do
is
besides
these
sort
of
best
practices
and
broader
impacts
is
every
on
a
cyclical
cyclical
six
month
period
we
have
an
open
application
from
the
community
where
we
take
applications
to
work
one-on-one
with
projects
on
their
particular
cybersecurity
challenge.
We've
done
this
now
these
little
pins
represent
the
locations
of
those
projects
that
we
worked
with.
B
As
you
can
see,
they've
now
span
the
continental
US,
as
well
as
getting
into
a
few
places
like
Antarctica,
where
we
work
with
the
u.s.,
the
NSF's,
Antarctic,
Program
and
other
places
the
window
for
those
applications
actually
just
closed.
Then
we're
going
to
be
announcing
our
engagements
for
early
2020
here
shortly,
but
expect
around
the
late
winter
of
2020.
B
We'll
have
another
engagement
application
period
for
the
latter
half
of
2021,
and
this
isn't
to
say
we're
always
happy
to
answer
quick
questions
and
whatnot,
but
these
are
establish
a
place
where
we
can
do
a
deep
dive
with
a
project
over
a
course
of
a
number
of
months
to
see
some
of
you.
Next
month,
every
year
we
host
a
cyber
cybersecurity
summit
that
where
members
of
the
community
get
together
and
and
share
lessons
and
other
experiences
around
cybersecurity
for
for
NSF
science.
B
This
year,
it
has
moved
out
of
DC
where
it's
historically
been
and
we're
going
to
start
actually
moving
it
around
the
country,
so
I
hope
to
see
some
of
you
there.
If
not
this
year,
then
perhaps
next,
the
community
benchmarking
survey.
You
know
one
of
the
challenges
we
have
is
measuring
our
longitudinal
impact
over
time.
So,
a
few
years
ago
we
started
serving
the
community
to
start
understanding
where
they
were
in
terms
of
cybersecurity
and
their
their
level
of
maturity.
B
B
We
were
very
excited
this
year
to
create
a
Fellows
Program
with
six
folks
working
with
closely
with
us
on
a
weekly
basis.
Work.
They
helped
us
really
prototype
and
launch.
A
virtual
Institute
for
would
have
would
have
a
training,
or
you
know,
research,
cybersecurity
means
and
now
are
helping
us
engage
more
deeply
with
their
respective
communities.
I
am
just
speaking
personally
really
excited
how
this
turned
out.
B
Another
effort
we
do
is
work
with
NSF
cybersecurity
researchers
to
help
trans
transition,
their
research
into
practice
by
connecting
them
with
practitioners
and
giving
them
some
coaching
along
the
line.
Florence
Hudson
leads
this
area.
I
think
is
well
known
to
many
of
you
in
the
hub's
community,
and
so
this
is
expect
to
see
more
of
the
second
going
forward
in
2020.
A
key
new
endeavor
that
is
going
to
be
starting
up
in
2020
is
many
of
you
may
have
heard
of
different
cybersecurity
programs
from
like
800
171.
B
Many
of
you
may
also
be
familiar
with
things
like
HIPAA,
but
if
you
think
about
what
is
a
open
science
project,
the
project
in
astronomy
or
a
project
in
genomics
or
a
project
in
environmental
science,
what
what
cybersecurity
program
should
they
be
using?
You
probably
struggle
coming
up
with
the
name
of
such
a
thing,
and
that's
because
there
really
isn't
one
and
one
of
the
things
we're
looking
to
fill
in
is
coming
up
with
an
appropriate
cybersecurity
program
for
such
science
projects,
if
nothing
else
to
stave
off
the
pressure
on
them
to
adopt
something.
B
That's
that's
less
well
suited
for
that
type
of
open
science
and
AHS
a
real
drain
on
their
productivity.
I,
always
just
making
make
a
comment
for
those
of
you
familiar
with
the
InfoSec
field.
You
know
we,
we
have
our
demographic
problems,
so
trust
that
see
I
always
does
a
push
towards
inclusivity
and
everything
it
does,
and
so
for
a
number
of
the
things
too,
like
the
fellows
and
other
things
I've
mentioned
earlier,
is
you
know
really
do
you
know?
B
Please
help
us
reach
out
to
those
community
needs
that
are
underrepresented
in
information
security
right
now,
I'm
I'm
going
to
acknowledge
our
partners
too
many
up
here
to
mention,
and
it
would
be
really
great
now
that
we've
gotten
funding
I
know.
We
already
need
to
update
this
to
add
some
of
the
projects
that
are
on
this
call,
but
it's
great
to
be
well-connected
with
this.
This
community
I'll
mention
briefly
just
for
contrast.
Back
in
late
2018,
the
National
Science
Foundation
funded
a
another
cybersecurity
center.
B
So,
turning
a
little
bit
more
closely
now
to
the
big
data
hub
community
and
the
new
2020
emphasis
that
we
have
one
of
the
things
that
we're
doing
under
the
new
award
is
every
year
we're
going
to
a
challenge
related
to
cybersecurity
for
science
and
hold
together
a
group
of
community
leaders
to
really
tackle
what
that
challenge
means
for
science,
and
you
know
either
produce
best
practices
or
otherwise
make
progress
and
understanding
that
and
what
we
chose
for
the
first
such
challenge.
2020
was
data
integrity.
Clearly,
a
something
of
importance
to
science.
B
As
you
know,
to
be
tuned,
as
we
engaged
is
some
surveying
understanding
results
really
working
with
folks
to
understand
the
fraud
set
of
requirements
around
data
integrity,
and
so
here
are
some
of
the
partners.
The
four
hubs
which
we're
extremely
excited
about,
as
well
as
some
science
communities
we've
connected
with
here
through
my
colleagues
at
Indiana,
University
and
focus
is
the
initial
founding
with
that
group.
B
So
we
certainly
welcome
more
to
this
table
broaden
our
perspective,
so
I'll
conclude
here
with
just
some
helpful
URLs
to
stay
connected
with
us
on
social,
even
email,
the
social
media
or
email
or
otherwise,
and
also
some
monthly
webinars
that
we
even
focused
on
cyber
security
and
also
a
lot
of
honor
abilities
list
in
the
lower
right,
and
so
with
that,
all
all
thank
you
and
Jim
do
I
have
time
for
some
questions.
You.
A
B
Thank
you
Jim
great
question,
so
the
first
order
we
I
really
believe
you
know
a
lot
of
what
we're
doing
in
up
till
now
has
worked
and
has
worked
well,
and
we
didn't
want
to
introduce
big
changes
because
we
believe
the
community
is
is
relying
on
these
services
and
that
stability
is
important.
So
the
key
thing
is
is
if
you're
used
to
interacting
and
Trust
in
CI
in
some
way,
don't
expect
to
see
any
any
big
changes.
That
said,
what
we're
looking
to
do
is
some
of
you
may
have
noticed
earlier.
B
For
those
of
you
who
know
that
organization,
but
the
the
goal
is
to
work
with
work
with
those
regional
networks
in
the
quilt.
Let's
talk
to
Monday
I
cannot
talk
to
you
right
now
can
help
you
know,
leverage
them
and
work
with
them
to
provide
training
for
all
all
their
membership.
So
this
is,
you
know,
ways
that
we're
looking
to
try
to
really
now
take
that
in
try
to
expand
it
out
to
a
greater
fraction
of
that
NSF
community.
A
C
This
is
Kristine
I
just
was
hanging
back
to
give
others
a
chance
to
get
their
questions
out,
but
fun
I
just
wanted
to
thank
you
for
giving
this
presentation
I've
been
aware
of
the
work
of
trusted
CI,
but
I'm
really
grateful
to
have
had
the
chance
to
hear
the
overarching
talk
about
everything,
that's
involved
and
and
also
to
catch
up
on
where
you
are
currently
and
congrats
on
your
your
renewal.
That's
that's
great!
Just
that
just
a
question.
Flash
comment
on
your
partner's
list.
B
First
Kristine,
thank
you
for
the
kind
words
and,
if
I
neglected,
to
say
that
I
want
to
thank
you
all
for
having
me
here
today
with
regards
to
visas.
Yes,
are
there
not
on
this
slide,
I
think
we
are
on
they're
on
their
website
and
we
are
actually
working
right
now
on
an
application
for
a
presentation
that
we
assist
their
meeting.
I
think
it's
in
March
in
Denver
next
year,
so
we
definitely
are
aware
of
them,
and
but
thank
you
for
that
for
pointing
that
out
to
me
yeah.
C
Oh
great
well
and
also
another
comment
on
both
trusted
cin
visas,
even
though
you're
really,
you
know
focused
in
on
on
cyber
security,
I
found
both
of
your
programs
to
be
exemplars
of
how
you
engage
with
partners
and
in
your
target
communities,
but
in
models
that
you
know
could
work
for
more
than
just
cyber
security.
So
I
hope
that
people
are
realizing.
There's
a
lot
of
best
practices
beyond
just
cybersecurity
embedded
here.
C
B
Well,
thank
you
very
much
for
saying
so.
We
we
definitely
have
worked
hard
in
that
area
of
community
engagement
and
I
would,
with
you
know,
all
humor
society
would
like
to
agree
with
you.
I
think
you
know
we.
We've
certainly
had
our
missteps
in
our
learning
lessons,
but
we
have
learned
a
lot.
You
know
second,
only
to
cybersecurity
community
engagement
really
is
our
bread
and
butter
and
I
feel.
We've.
We've
learned
a
lot
about
that
over
the
past
six
years,.
A
Vonn,
when
you
talk
about
sort
of
you've
learned
as
you
as
you've
gone,
are
there
things
that
you
sort
of
see
now
sort
of
looking
back
that
you're
eager
to
put
more
emphasis
on
I
I
sort
of
had
the
advantage
of
having
been
to
the
quilt?
Where
I
heard
some
of
the
things
that
you
were
talking
about?
That
I
think
aren't
what
were
informed
by
hindsight.
But
you
know.
B
Yeah,
you
know
Jim,
it's
always
hard
to
tell
with
with
20/20
hindsight.
Even
couple
things
we've
always
wrestled
with
is
how
much
time
we
spend
working
one-on-one
with
individual
projects
versus
you
know
doing
broader
impact
things.
How
much
time
you
know
one
of
the
things
relation
about
community
engagement,
I,
always
call
it
the
the
servant
and
leader
role.
You
know
we
want
to
be
here
and
be
supportive
for
what
the
community
wants,
but
we
also
feel
like
at
some
point.
B
B
In
hindsight,
I
think
you
know
we
spend
a
fair
amount
of
time
at
the
beginning,
building
up
trust
in
the
community
before
we
stepped
out
and
tried
to
lead
I
think
we
could
have
been
a
little
bit
more
aggressive
on
that
I
think
the
community
had
enough
trust
in
us.
We
could
let
a
little
earlier
I,
don't
know
how
knowing
that
for
sure.
B
Likewise,
I
think
we
could
have
tried
to
go
broader
a
little
bit
earlier,
but
once
again
it's
hard
to
sort
of.
We
need
besties
and
alternate
history
completely
breathing
wrong,
but
looking
back
I
think
we
were
definitely.
You
know
conservative
on
both
those
ways-
and
you
know
maybe
a
little
a
little
more
than
we.
We
absolutely
needed
to
be.