2. Cybersecurity for Science: SC14 November 18th, 2014
I love Cyberinfrastructure…
HPC HTC
Science
Gateways
Big Data
Distributed
Everything
Bleeding-edge
Networks
3. Cybersecurity for Science: SC14 November 18th, 2014
I Hate the Perception of Cybersecurity…
HPC HTC
Science
Gateways
Big Data
Distributed
Everything
International
User
Communities
4. Cybersecurity for Science: SC14 November 18th, 2014
Cybersecurity is an Enabler of
Cyberinfrastructure and Science
6. Cybersecurity for Science: SC14 November 18th, 2014
Trustworthy Science
Maintaining the trust of scientists and the
public in the CI, data and science is critical.
Bias: Scientists have been managing the
ultimate insider threat for a long time.
Cybersecurity deals with increasing threats
to trustworthy computational science.
7. Cybersecurity for Science: SC14 November 18th, 2014
Do no harm
CI represents some
impressive cyber-facilities.
Being used as a tool to do
harm to others would be
potentially very damaging
to CI’s reputation.
9. Cybersecurity for Science: SC14 November 18th, 2014
Identity matters to Science…
Scott Koranda/LIGO - Oct’11
10. Cybersecurity for Science: SC14 November 18th, 2014
Specific Concerns
Many science domains,
communities, and
projects will have
particular concerns.
The risks related to
confidentiality,
integrity, and
availability vary greatly.
12. Cybersecurity for Science: SC14 November 18th, 2014
SSccieiennttifificic CCoommmmuunnitityy
SScciieennccee // CCyybbeerriinnffrraassttrruuccttuurree
Multiple
Universities
and/or
Research
Multiple
Universities
and/or
Research
Orgs
Orgs
Regional
R&E and
Commercial
Services
Regional
R&E and
Commercial
Services
Open
Source and
Scientific
Software
Open
Source and
Scientific
Software
R&E
R&E
Networks
Requirements,
Services, Networks …
Risks,
Policies,
Risks
13. Cybersecurity for Science: SC14 November 18th, 2014
Science pushes IT hard!
HPC HTC
Science
Gateways
Big Data
Distributed
Everything
Bleeding-edge
Networks
15. Cybersecurity for Science: SC14 November 18th, 2014
Cybersecurity Historically
Firewalls, IDS,
encryption, logs,
passwords, etc.
16. Cybersecurity for Science: SC14 November 18th, 2014
Contemporary Cybersecurity
Cybersecurity
supports the
science mission
by managing
risks to science.
18. Cybersecurity for Science: SC14 November 18th, 2014
TrustedCI.org:
Center for Trustworthy Scientific
Cyberinfrastructure
Providing leadership and addressing
cybersecurity challenges for the NSF community.
19. Cybersecurity for Science: SC14 November 18th, 2014
We rely increasingly on
our software stacks – both
the ones we write and
others.
Open nature leads to
large attack surfaces.
Software integrity is
critical.
A joint effort:
Morgridge Institute for
Research (lead)
University of Illinois
Urbana Champaign
University of Wisconsin
– Madison
Indiana University
Miron Livny, MIR
Jim Basney, UIUC
Bart Miller, UW
Von Welch, IU
https://continuousassurance.org/
20. Cybersecurity for Science: SC14 November 18th, 2014
XSIM: Extreme Scale Identity
Management for Science
The Virtual Organization
(VO) is critical to science.
XSIM model enables
delegation of identity
management from
resource provider to VO.
Funded by DOE/ASCR
Image credit: Ian Bird/CERN
21. Cybersecurity for Science: SC14 November 18th, 2014
Fighting “Identity Management in a closet”
Managing access to
data, instruments, etc.
Authenticating
collaborators/commu
nity is hard.
Effort drawn away
from science.
Enabling use of
campus identities.
22. Cybersecurity for Science: SC14 November 18th, 2014
Cybersecurity is an enabler
Science and cyberinfrastructure
are pushing IT to new heights.
Cybersecurity helps us manage
the risks, maintain trust, build
collaborations, and do the science
most effectively.
We are driving IT at high speed. XXX Add different technologies here.
We are driving IT at high speed. XXX Add different technologies here.
We are driving IT at high speed. XXX Add different technologies here.
How fast would you drive a car that didn’t have brakes?
OK, so what are we doing about the weather?
But with brakes, you can go fast!
Cybersecurity for CI is analogous to brakes for cars – when done right… it lets us go as fast as we do. It is an enabler for “high-speed” CI.