Cybersecurity Guidance for Security Incidents involving your ACCESS accounts or personal devices:

If you encounter any of the following situations, please create a Security Incident Ticket at: https://operations.access-ci.org/report-security-incident:

  • Something is suspiciously wrong with my ACCESS account, e.g., unexpected changes to my ACCESS authentication credentials, or Profile content.
  • Something is suspiciously wrong with my ACCESS Resource Provider account, e.g., unexpected changes to my system login authentication credentials, login settings or files.
  • My computer was lost/stolen/compromised (used by someone else without permission).
  • My phone, tablet, or other device used for authentication was lost/stolen/compromised (used by someone else without permission).

When reporting a security incident to ACCESS, please be sure to identify the ACCESS Resource Provider systems that you use.

ACCESS will coordinate an investigation with you and your ACCESS Resource Providers to address your security issue as soon as possible.


For rapid response to a security issue related to a specific ACCESS Resource Provider, you may contact their security or support services directly:

ACCESS

Indiana University: 

NCAR: 

NCSA:

PSC: 

SDSC: 

 

What will ACCESS do when I report a security incident?

ACCESS Cybersecurity Operations will work with you, your PI and your ACCESS Resource Providers to limit further unauthorized access to your accounts and data. A necessary first step is to suspend your accounts so that no-one can continue to access them illicitly. We will then coordinate investigation with you and your ACCESS Resource Providers to collect evidence and assess what an intruder may have accessed and modified. We will then, to the extent possible, restore your accounts and credentials to a "known secure" state, so that you can resume your research activities.

Accounts that will be suspended while investigations occur include:

  • ACCESS ID and ACCESS DUO

  • ACCESS Resource Provider accounts 

  • Accounts accessed using personal credentials such as SSH keys, Passkeys, authentication Apps on mobile devices, and authentication tokens.

If evidence of intrusion into your accounts is found, we will expand the investigation to assess what the intruder may have accessed using your account, including any directories and files owned by others on the systems that your account has access to (generally those of your project peers). You and your peers will need to verify the integrity of your data on affected systems before resuming your research.

 

What will I have to do to regain my ACCESS ID and ACCESS Resource Provider accounts?

The first thing you will need is to do is to re-establish control and trust in the personal and organizational systems that you use to authenticate to and login to ACCESS services and ACCESS Resource Provider systems. Unfortunately, this can involve a lot of work on your part, as you replace and (re)install systems and software, and create new login credentials to replace those that were exposed to others.

You must assume that all passwords or credentials that were on systems stolen or intruded upon by unauthorized people are now "in the wild" and cannot be used again to secure access to your accounts.

Once you have regained control and trust in the personal devices and equipment you use to access ACCESS services and ACCESS Resource Provider systems, we will work with you to re-establish new authentication credentials for all applicable ACCESS and ACCESS Resource Provider systems, including:

  • Setting a new ACCESS ID password and ACCESS DUO enrollment

  • Replacing passwords and credentials that you use to authenticate to ACCESS Resource Provider systems

  • (For sites that accept SSH keys for authentication) Generating a new SSH key-pair, and securely uploading the new public SSH key to the site for installation