The global pandemic did not slow cyberattacks on IU’s networks, and in 2020 the OmniSOC—the shared cybersecurity operations center for higher education and research located at and led by IU—provided 24×7×365 cybersecurity coverage for IU’s networks and OmniSOC member institutions. The GlobalNOC service desk partnered with OmniSOC to ensure round-the-clock vigilance.
Protecting R&E Networks
About OmniSOC
- Higher education’s only collaborative multi-state institution security operations center (SOC)
- The only collaborative SOC supporting National Science Foundation research
- The only SOC with a multi-state-institution data-sharing agreement for researchers
- The number one higher education threat hunting team in the country
- A proud member of the Indiana University Cybersecurity Community
Delivering what matters, and only what matters
OmniSOC rapidly delivers only critical, actionable, high-quality alerts, allowing cybersecurity staff to focus on what’s important, at substantial cost savings, from a trusted leader in the higher education cybersecurity community.
Expanding our reach
OmniSOC members currently include Northwestern University, Rutgers University, the University of Nebraska-Lincoln, Indiana University, and Santa Clara University. Through its partnership with the National Science Foundation (NSF) Security Operations Center (ResearchSOC), members also include the National Radio Astronomy Observatory (NRAO), the Geodetic Facility for the Advancement of Geoscience (GAGE), and the Gemini Observatory. The ResearchSOC is an NSF-funded collaborative security response center which builds on the OmniSOC to address the unique cybersecurity concerns of the research community.
Protecting discoveries about the mysteries of the universe
Through the ResearchSOC, OmniSOC acquired three NSF major facilities as new members, making it the only collaborative SOC supporting NSF research, and strengthening the GlobalNOC’s ties to supported federal networks. NRAO, the Gemini Observatory, and GAGE are now using the services of the OmniSOC to help protect and detect threats to their instruments and data.
Supporting research
In 2019, the Center for Applied Cybersecurity Research (CACR) and OmniSOC began working with Dr. Jay Yang and his team at Rochester Institute of Technology to implement Dr. Yang’s ASSERT research prototype with the OmniSOC. OmniSOC engineers worked with Yang’s team to validate the methodology and test the research prototype for use at OmniSOC for applicability to SOC workflows using data OmniSOC aggregates from IU as the first of these explorations of machine learning approaches. The team used a subset of an anonymized parallel feed of (only) IU’s OmniSOC data and pipelined to a virtualized prototype. The results were provided to OmniSOC engineers and analysts to determine if the method had utility for OmniSOC’s workflows. This project aimed to catalyze further applied AI research for cybersecurity.
In parallel with the work with Dr. Yang, the OmniSOC launched a working group of CISO and research computing representatives from the Big Ten Academic Alliance members to determine how to advance OmniSOC’s support of research. This group developed an initial plan and started conversations with Dr. Srinivas Ganapathy from Rutgers about being the next collaborator in this regard.
Educating the next generation
Summer internship program
July 2020 saw OmniSOC’s internship program transition to an eight-week virtual seminar series due to COVID-19 restrictions. OmniSOC members University of Nebraska, Rutgers University, and Indiana University partnered with Elastic, which provided both financial support and instructors, to offer an eight-week series of virtual seminars on basic network threat hunting and security.
Thirty-six (60%) of the initial 60 participants completed at least five of the eight sessions and earned certificates, which is above the average of 50–55% for such programs. Brian Mellon, security operations and threat intelligence manager at University of Nebraska, participated in the career experiences section along with members of the IU University Information Policy and Information Security Offices and Hannah Tun, lead security engineer from OmniSOC.
CyberCorps
In August 2020, NSF awarded Indiana University a $2.25 million grant to establish a scholarship program in the growing and critical field of cybersecurity on the Bloomington campus. Students in the CyberCorps program will gain experience via internships with one of IU’s cybersecurity organizations, including OmniSOC.
Looking ahead
Expanding membership
Now open to all research and higher education organizations, OmniSOC will expand its member base to include smaller colleges, research networks, and other NSF facilities.
Adding value for its members
OmniSOC will increase its use of artificial intelligence, machine learning, and endpoint protection to provide increased value to its members.
Broadening collaboration to increase impact
OmniSOC will grow its partnerships with cybersecurity researchers, facilitating research that serves the broader higher education cybersecurity community.
Mitigating international intelligence threat
With its counterparts in Canada, the United Kingdom, and Australia, OmniSOC will leverage new international threat intelligence sharing.