Security measures helped keep CI/CS Workshop attendees safe
By Gregory Moore
On August 18 and 20, 2020, ResearchSOC and CI CoE Pilot co-hosted the 2020 Cyberinfrastructure/Cybersecurity (CI/CS) Workshop, a virtual training event for cybersecurity and cyberinfrastructure professionals. Zalak Shah is a senior security analyst and deputy chief information security officer at Indiana University’s Center for Applied Cybersecurity Research (CACR) and oversaw the two-day event as the security officer. As with all online events, security is a major concern, especially when using Zoom.
We spoke with Shah about his experience and how the workshop went.
ResearchSOC: Tell us what it was like to participate in the planning and preparation for this workshop, your role as the security officer, and why it was necessary to provide security.
Z.S.: The organizers decided that we should have a dedicated security person for the entire workshop and they asked me to do that. I began attending various meetings just before the workshop. I created a list of all the existing security controls that are offered by Zoom itself as well as the security controls recommended by Indiana University. We were expecting about 250 participants so the chances of Zoombombing was high.
All the various sessions throughout the workshop had moderators. The primary job of moderators was to monitor participants’ questions in the Zoom chat. Another job is to admit people who are joining the Zoom session. So, I gave a small training to moderators prior to the workshop. That training had information about how to remove someone misbehaving. For example, when someone is inappropriately typing something in the chat or showing inappropriate video by sharing their screen during the Zoom session. Also, information about how to make sure that the participant doesn’t change their display name because it is possible to change it during a Zoom meeting. If I change my first name or last name to something inappropriate that is also a type of Zoombombing.
Ultimately, Zoombombing is causing any kind of interruption to other participants during the session. So, I made sure that the moderators were aware of all the existing security controls to prevent any kind of Zoombombing using chat, video, or the display name.
ResearchSOC: Then during the workshop, what was your role? Did you pop in on different rooms?
Z.S.: Yes. During the workshop, multiple sessions were going on. So, my job was making sure that everything was going fine in terms of security and no one is causing any issues. I started joining all the meetings one by one. I also kept chat going with the moderators.
ResearchSOC: Did you have any issues?
Z.S.: We had one issue. A person wasn’t changing their display name. It wasn’t anything inappropriate, but the moderator asked that person to use their real first and last name so that we can figure out who you are and which organization you belong to. That person didn’t change their display name and that moderator had to remove that person after warning them. That was the only minor thing that went wrong during the workshop.
ResearchSOC: By the way, was that person able to rejoin?
Z.S.: No. We asked moderators to tell participants at the beginning of the talk: “If you misbehave, we’re going to remove you and you won’t be able to join again. Follow the policy. Follow the guidelines.” Participants knew they would only be admitted based on their first and last name. We had a list of participants for that workshop and the moderators were only admitting participants who had registered for the workshop. The host or co-host were the only ones who could admit participants in the Zoom session. No one else could admit them.
ResearchSOC: Just like checking into a live conference. You must show your name badge.
ResearchSOC: Did that slow things down at all or did that work smoothly?
Z.S.: It worked pretty smoothly because as I said, we had dedicated moderators for each talk and even though we had more than 250 participants, in each individual talk, we did not have more than 80 people. We started the call 15 minutes before the actual starting time. So, we had ample amount of time to admit people whenever they were in the waiting room.
ResearchSOC: Did you use passcodes?
Z.S.: Yes, for each individual meeting, to make it very difficult for someone to randomly guess the meeting ID as well as the passcode to join the meeting. Even if you just started guessing the URL with the Zoom ID, you won’t be able to guess the passcode. Having that passcode was helpful.
ResearchSOC: Have you received any feedback about how it went?
Z.S.: Not from participants, but I got some really positive feedback from the organizers. They thought everything went really well because of all the security controls that I recommended.
ResearchSOC: Were there any other challenges?
Z.S.: Not really, but sometimes you have to dig into the Zoom control panel and some of the controls are in the advanced setting option, so it’s sometimes difficult to find where a particular control is. I think the document that I had created for moderators was helpful because I had included screenshots in the document.
ResearchSOC: What other things were in place to keep things running smoothly?
Z.S.: We created a dedicated Slack channel for the workshop so that participants could easily reach out to us if they lost a passcode.
One more thing to notice here is there is a difference between Zoom meetings and Zoom webinars. In a Zoom webinar, your participants’ video is off. For Zoom meetings, you can turn off all the participants’ video, but they will be able to turn it back on later if they want.
ResearchSOC: And a workshop involves participation.
Z.S.: Exactly. That’s why we used Zoom meetings. So, if someone is misbehaving you have to remove that person.
ResearchSOC: Were there any moderators that had to reach out for help?
Z.S.: Not really. We just had that one minor incident that was the only thing that we had to deal with.
The Research Security Operations Center (ResearchSOC) is a collaborative security response center that addresses the unique cybersecurity concerns of the research community. ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. For more information on the ResearchSOC, visit our website or email firstname.lastname@example.org.