Trusted CI Cybersecurity Engagement with Jupyter

Trusted CI is the US National Science Foundation Cybersecurity Center of Excellence, staffed by cybersecurity experts who have spent decades working with science and engineering communities and who have established track records in terms of usable, high-quality solutions suited to the needs of those communities. The team draws from best operational practices and includes leaders in the research and development of new methodologies and high-quality implementations. In addition to providing leadership, education, outreach, and training to raise the state of security practice across the sciences, Trusted CI undertakes one-on-one engagements with projects to address their cybersecurity challenges.

As a part of timely, broader efforts to make Project Jupyter more responsive and proactive to security, the new security sub-project this past summer has undertaken a one-on-one engagement with Trusted CI to run through the end of 2021. This Trusted CI engagement was originally motivated by an upcoming Jupyter Security Best Practices Workshop funded by NumFOCUS as part of the Community Workshop series. The workshop is tentatively scheduled to be held April 2022 at the Ohio Supercomputer Center.

The goals of the engagement between Project Jupyter and Trusted CI include the following tasks:

• Review existing Jupyter deployment documentation related to security, identify gaps, and create recommendations for improvements.
• Identify Jupyter deployment use-cases as targets for Jupyter Security Best Practices documentation. Example use-cases include supercomputing centers, campus research clusters, workshops, small scientific projects, etc. Prioritize these use-cases based on which audiences would benefit most from new security documentation.
• Write Jupyter Security Best Practices documentation for high priority use-cases identified above. Work through other use-cases as time permits.

The Jupyter Security Best Practices documentation produced by this engagement will be shared with Project Jupyter for inclusion in their documentation, and also presented at the workshop.

Here’s how you can get involved and learn more:

• The security working group meets every other Friday. You can follow and open issues the repository for public questions and meeting minutes. At this weeks meeting, our Trusted CI colleagues presented an evolving census of all Jupyter-related security documentation: Watch for an upcoming Discourse post about it!
• As always, you can send your questions and concerns about security to security@ipython.org to reach out to our security team.

We always welcome feedback, questions, and help regarding security in Jupyter. Here is a link to the original Trusted CI blog post that this blog post was based upon (with permission):

https://blog.trustedci.org/2021/08/engagement-with-jupyter.html