Trusted CI Experiences in Cybersecurity and Service to Open Science

This article describes experiences and lessons learned from the Trusted CI project, funded by the US National Science Foundation to serve the community as the NSF Cybersecurity Center of Excellence. Trusted CI is an effort to address cybersecurity for the open science community through a single organization that provides leadership, training, consulting, and knowledge to that community. The article describes the experiences and lessons learned of Trusted CI regarding both cybersecurity for open science and managing the process of providing centralized services to a broad and diverse community.Comment: 8 pages, PEARC '19: Practice and Experience in Advanced Research Computing, July 28-August 1, 2019, Chicago, IL, US

U.S. Customs and Border Protection: Trade Facilitation, Enforcement, and Security

[Excerpt] This report describes and analyzes import policy and CBP’s role in the U.S. import process. (The report does not cover CBP’s role in the U.S. export control system.) The first section of the report describes the three overarching goals of U.S. import policy and the tension among them. Second, the report provides a legislative history of customs laws, followed by an overview of the U.S. import process as it operates today. Third, the import process and CBP’s role in it are discussed. The final section highlights several policy issues that Congress may consider in its oversight role or as part of customs or trade legislation, including measures seeking to provide additional trade facilitation benefits to importers and others enrolled in “trusted trader” programs, to improve enforcement of intellectual property and trade remedy laws, to strengthen cargo scanning practices, and/or to promote modernization of customs data systems, among other issues. A list of trade-related acronyms used in the report is provided in Appendix A

Trusted Hands: The Role of Community-Based Organizations in Enrolling Children in Public Health Insurance Programs

Trusted Hand is a new approach to enrolling traditionally hard-to-reach children in public health insurance programs. While the most common locations for enrollment assistance are state and local social service agencies and health clinics, many states are increasing their network to include a variety of community-based organizations that typically have not been involved in public health insurance. This Issue Brief, prepared by researchers at the University of Colorado Denver, details the advantages, as well as the challenges of this promising new strategy

A Decentralised Digital Identity Architecture

Current architectures to validate, certify, and manage identity are based on centralised, top-down approaches that rely on trusted authorities and third-party operators. We approach the problem of digital identity starting from a human rights perspective, with a primary focus on identity systems in the developed world. We assert that individual persons must be allowed to manage their personal information in a multitude of different ways in different contexts and that to do so, each individual must be able to create multiple unrelated identities. Therefore, we first define a set of fundamental constraints that digital identity systems must satisfy to preserve and promote privacy as required for individual autonomy. With these constraints in mind, we then propose a decentralised, standards-based approach, using a combination of distributed ledger technology and thoughtful regulation, to facilitate many-to-many relationships among providers of key services. Our proposal for digital identity differs from others in its approach to trust in that we do not seek to bind credentials to each other or to a mutually trusted authority to achieve strong non-transferability. Because the system does not implicitly encourage its users to maintain a single aggregated identity that can potentially be constrained or reconstructed against their interests, individuals and organisations are free to embrace the system and share in its benefits.Comment: 30 pages, 10 figures, 3 table

Why Information Matters: A Foundation for Resilience

Embracing Change: The Critical Role of Information, a research project by the Internews' Center for Innovation & Learning, supported by the Rockefeller Foundation, combines Internews' longstanding effort to highlight the important role ofinformation with Rockefeller's groundbreaking work on resilience. The project focuses on three major aspects:- Building knowledge around the role of information in empowering communities to understand and adapt to different types of change: slow onset, long-term, and rapid onset / disruptive;- Identifying strategies and techniques for strengthening information ecosystems to support behavioral adaptation to disruptive change; and- Disseminating knowledge and principles to individuals, communities, the private sector, policymakers, and other partners so that they can incorporate healthy information ecosystems as a core element of their social resilience strategies

OFFICIAL STATISTICS: ABOVE AND BELOW THE PUBLIC DEBATE. THIRTIETH GEARY LECTURE, 1999

Roy Geary was a person of great distinction, recognised for a wide range of achievements. He was a first class mathematician who made significant contributions to statistical theory. He was an Official Statistician of distinction and he made great contributions to the development of economic statistics and to the use of statistics for policy purposes in fields as diverse as demography and economic statistics. He was the first Director of the Central Statistics Office when it was created in 1949 and I am delighted to be asked to present this lecture in the CSO’s 50th birthday year

Congress' Wicked Problem: Seeking Knowledge Inside the Information Tsunami

The lack of shared expert knowledge capacity in the U.S. Congress has created a critical weakness in our democratic process. Along with bipartisan cooperation, many contemporary and urgent questions before our legislators require nuance, genuine deliberation and expert judgment. Congress, however, is missing adequate means for this purpose and depends on outdated and in some cases antiquated systems of information referral, sorting, communicating, and convening. Congress is held in record low esteem by the public today. Its failings have been widely analyzed and a multitude of root causes have been identified. This paper does not put forward a simple recipe to fix these ailments, but argues that the absence of basic knowledge management in our legislature is a critical weakness. Congress struggles to make policy on complex issues while it equally lacks the wherewithal to effectively compete on substance in today's 24 hour news cycle.This paper points out that Congress is not so much venal and corrupt as it is incapacitated and obsolete. And, in its present state, it cannot serve the needs of American democracy in the 21st Century.The audience for this paper is those who are working in the open government, civic technology and transparency movements as well as other foundations, think tanks and academic entities. It is also for individuals inside and outside of government who desire background about Congress' current institutional dilemmas, including lack of expertise

De-perimeterisation as a cycle: tearing down and rebuilding security perimeters

If an organisation wants to secure its IT assets, where should the security mechanisms be placed? The traditional view is the hard-shell model, where an organisation secures all its assets using a fixed security border: What is inside the security perimeter is more or less trusted, what is outside is not. Due to changes in technologies, business processes and their legal environments this approach is not adequate anymore.\ud This paper examines this process, which was coined de-perimeterisation by the Jericho Forum.\ud In this paper we analyse and define the concepts of perimeter and de-perimeterisation, and show that there is a long term trend in which de-perimeterisation is iteratively accelerated and decelerated. In times of accelerated de-perimeterisation, technical and organisational changes take place by which connectivity between organisations and their environment scales up significantly. In times of deceleration, technical and organisational security measures are taken to decrease the security risks that come with de-perimeterisation, a movement that we call re-perimeterisation. We identify the technical and organisational mechanisms that facilitate de-perimeterisation and re-perimeterisation, and discuss the forces that cause organisations to alternate between these two movements