Trusted CI Leads at the 2024 NSF Cybersecurity Summit – Carnegie Mellon University, Pittsburgh, PA
The 2024 NSF Cybersecurity Summit, hosted by Carnegie Mellon University in Pittsburgh, PA, underscored the importance of community building, innovation, and education in securing the future of research infrastructure. As threats evolve, the cybersecurity community must adapt, making events like these crucial for fostering the necessary dialogue and solutions.
CMU CYBERSECURITY EXPERTISE AND INNOVATIONS
This year’s Cybersecurity Summit at Carnegie Mellon University (CMU) in Pittsburgh was particularly significant for Jim Marsteller, program chair for the event since 2007, as it marked the first time the summit was held in his hometown. CMU’s expertise in cybersecurity, especially in AI and research infrastructure, played a central role in the summit’s success.
Marsteller, who is also involved with Trusted CI (the NSF Cybersecurity Center of Excellence), discussed the importance of the event in fostering collaboration among cybersecurity professionals. He highlighted how CMU’s proactive measures, such as its early use of phishing campaigns for awareness, showcase the university’s innovative approach to cybersecurity challenges. This year’s summit featured keynotes and panels with experts like Dr. Lorrie Cranor, who spoke about security and privacy. Mary Ann Blair, CMU’s Chief Information Security Officer (CISO), and Stan Waddell, CIO, participated in a panel on risk management.
TRUSTED CI’S ROLE IN THE SUMMIT AND CYBERSECURITY COMMUNITY
The summit’s roots trace back to 2004, when a significant security breach by a Swedish teenager exposed vulnerabilities in a number of communities including national HPC centers, U.S. research laboratories, and Fortune 500 companies. This incident revealed the need for better communication and collaboration across research institutions. The summit was created to address these gaps, bringing together peers to share experiences and learn from each other.
Trusted CI works to support NSF-funded research projects with cybersecurity resources and guidance. The summit became a key tool for fostering relationships and trust within the community, which is critical for sharing sensitive information in the field of research cybersecurity.
Marsteller explained how his role at Trusted CI, which has included overseeing the summit since its reboot in 2012, helps shape the future of cybersecurity in research. His ongoing work is focused not only on the summit but also on expanding educational initiatives like the Trusted CI Fellows Program, designed to develop a new generation of cybersecurity professionals.
THE GROWING THREAT OF AI IN CYBERSECURITY
This year’s summit addressed the growing intersection of artificial intelligence (AI) and cybersecurity. The advent of generative AI tools has significantly impacted cybersecurity, especially in the realm of phishing attacks. Marsteller pointed out how AI can craft more convincing phishing emails, making traditional detection methods like spotting spelling errors obsolete. He also discussed the increasing use of AI for creating “deepfakes” — videos or audio recordings that manipulate voices or appearances, often used for malicious purposes, such as impersonating a loved one in a scam targeting vulnerable populations.
These technological advancements highlight the importance of cybersecurity professionals in combating emerging threats. The summit featured discussions on how AI could be used both for offensive cyberattacks and as a tool for defending against them.
CYBERSECURITY WORKFORCE DEVELOPMENT AND EDUCATION
A key focus at the summit was workforce development, particularly through initiatives like the Trusted CI Fellows Program, and the student program, led by PSC’s Hawa Na Aata. These programs expose participants to a wide range of cybersecurity topics, including AI, risk management frameworks, and compliance, with the goal of fostering a deeper understanding of the cybersecurity landscape. The aim of these programs is to encourage more students and professionals to pursue careers in cybersecurity.
The demand for skilled cybersecurity professionals is growing rapidly, with an ongoing shortage in the field. Marsteller stressed the importance of creating educational pathways, especially for students at the university level. He also spoke about how Trusted CI is working to connect students with internships and career opportunities in cybersecurity, emphasizing the value of contributing to scientific research and societal advancement.
Trusted CI Team photo
CYBERSECURITY’S COMPLIANCE CHALLENGE
The summit also addressed the critical issue of compliance in research security, especially in light of increasing government regulations. Marsteller noted that universities that fail to comply with these standards have resulted in lawsuits from the DOJ and could risk future federal funding .
In response to this, Trusted CI and other organizations are helping institutions develop frameworks to protect controlled unclassified information (CUI) and ensure compliance with regulations. The summit’s sessions on regulatory compliance were particularly well-received, with speakers like Laura Raderman from CMU providing insights into the state of compliance and upcoming challenges.