CERN Viewpoint: Computer Security vs Academic Freedom

By Stefan Lueders, CERN Computer Security Officer

April 29, 2019

Editor’s Note: Maintaining appropriate computer security has never had a higher profile, whether in government, commerce, or academia. Remember the saying, “just because you’re paranoid doesn’t mean they aren’t out to get you.” Lately that seems too true in the computer world. In this brief viewpoint posted today by Stefan Lueders, computer security officer for CERN, he frames the challenge encountered by CERN – and very many other research institutions – and briefly examines CERN’s philosophy. It’s not a how-to nuts and bolts piece but interesting as a reminder of the conflicting challenges in trying to maintain openness and security in an academic setting.

The mandate of the CERN Computer Security Team is simple: to protect the reputation and operations of the Organization from cyber risks. But this simple sentence can quickly become complex: what is the risk? What risk must be controlled and what can be accepted? What are good and reasonable protective measures? What is appropriate? What is overdoing it? In particular, in the academic environment of CERN, the academic freedom of research, with CERN’s reputation as an open laboratory welcoming people from all around the world, an acceptable equilibrium needs to be found between “security” and the aforementioned academic freedom, as well as the operation of accelerators and experiments.

Stefan Lueders, CERN Computer Security Officer

The right balance is highly important. CERN is not a bank with money to protect. CERN is definitely not a military site nor engaged in military research. Tilting the balance too much towards bank- or military-style computer security might block academic freedom and the creativity behind it, as well as rendering the operations of the accelerators and experiments much more difficult. The mindsets of our people are accustomed to openness, communication, creativity and freedom of thinking. Too much unreasonable security raises questions and suspicions, and leads to creative ideas as to how to bypass the measures implemented. Rules without enforcement are not taken seriously. On the other hand, being soft on computer security means that evil-doers can sabotage or bring to a halt CERN’s operations or negatively impact its reputation. The right balance is therefore key. The right balance must be able to mitigate real risks, not perceived ones, and not just be a sort of security theatre. And the right balance needs to be transparently communicated and opened to discussion. So here goes:

The “cyber risk” is proportional to the threat scenarios, the vulnerabilities and weaknesses inherent to computing systems, and the consequences of losing those systems and the data stored on them. Like any other organisation, institute or enterprise, CERN is permanently under threat. Our webpages are probed for vulnerabilities, attempts are made to crack passwords, users are approached to click on malicious links in order to get their laptops and PCs infected. The corresponding attackers stem from many different areas: script-kiddies trying out their skills to deface CERN webpages, cyber-criminals trying to extort money or blackmail individuals (https://home.cern/cern-people/updates/2018/03/computer-security-malware-ransomware-doxware-and), attackers interested in misusing our computing power or that of the Worldwide LHC Computing Grid, for example for crypto-currency mining (https://home.cern/cern-people/updates/2018/01/computer-security-computing-power-professionals-only), jealous insiders trying to sabotage the scientific work of others, potentially even nation states, as CERN is a melting pot of people from all over the world, so why not attack people while they are in an open environment (instead of in a cyber-locked down country)? The threats are therefore not negligible and are real (and all incidents of the past are well documented in our monthly report; https://cern.ch/security/reports/en/monthly_reports.shtml).

Secondly, as is the case for any other user of information technologies, CERN’s hardware and software stack is prone to vulnerabilities and weaknesses. This is an inherent problem of IT. More particular for CERN is the freedom to choose. Within the scope of their work, staff and users can use, test, develop and deploy any kind of application and technology they deem relevant – on the condition that they assume full responsibility for the related computer security. The CERN IT department provides the relevant software platforms for this: centrally managed software packages (https://home.cern/news/news/computing/computer-security-when-free-not-free), virtualisation platforms (“Openstack”), databases-on-demand, web application frameworks (“Drupal, “Twiki”, “Sharepoint”), but their usage is up to the full discretion of the end user. Similarly, the office network is open to accommodating any kind of (vulnerable) devices, through the so-called principle of bring-your-own-device (“BYOD”). Hence, the phase space of potentially vulnerable and weak devices, applications and webpages, etc. is immense.

Finally, there are many consequences. Reputational. Operational. Financial. And legal. Finding a naked teddy bear posted on one of our home pages will lead to negative publicity; malicious mass deletion of physics data or cyber-sabotage of experiments or accelerators can bring our research programmes to a complete halt (http://cds.cern.ch/journal/CERNBulletin/2013/08/News%20Articles/1514590?ln=en); theft of money (“CEO Fraud”) or confidential information has financial implications; and the abuse of computing power to attack external bodies can trigger legal actions against CERN.

In summary, CERN is under attack. CERN’s hardware and software is vulnerable. The consequences for CERN can be immense. The risk is not zero nor negligible. If you are a regular reader of our Bulletin articles (https://home.cern/tags/computer-security), this should not come as a surprise. The CERN Computer Security Team is committed to controlling and mitigating any risk where it is financially and technologically reasonable to do so and leads to an improvement (and avoids any security theatre). Certain risks have been acknowledged and accepted by the CERN Management not to be mitigated (as they are too intrusive to our academic nature or the benefits do not justify the costs). Implemented measures are well documented on the Computer Security Team’s home page (https://cern.ch/security) and in our Privacy Statement (https://cern.ch/security/home/en/privacy_statement.shtml), and are discussed at the IT users forum (http://information-technology.web.cern.ch/about/meeting/it-technical-users-meeting-itum), the CNIC meeting (https://indico.cern.ch/category/691/) or here in the CERN Bulletin (https://home.cern/tags/computer-security). Just recently, CERN’s computer security stance has been audited and was largely found to be sound, adapted to CERN’s academic environment, and well-balanced with our operational needs. But you might think differently, so were are interested in your feedback. Where are more cyber-security measures needed? Where are we doing too much, making it too restrictive? Where do you need help? Write to us via [email protected]

Link to Lueders’ commentary: https://home.cern/news/news/computing/computer-security-vs-academic-freedom

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

AWS Expands Worldwide Availability to AMD-based Instances

July 22, 2019

Setting aside potential setbacks caused by U.S. trade policies, the steady cadence of AMD’s revival in HPC and the datacenter continued last week with AWS expanding availability of its AMD Epyc-based instances. Recall Read more…

By Staff

Microsoft Investing $1B in OpenAI Artificial General Intelligence R&D

July 22, 2019

Artificial general intelligence (AGI) is AI’s moonshot, the next giant leap for the AI field. Microsoft regards it to be feasible enough to warrant a $1 billion investment in OpenAI, the not-for-profit research organi Read more…

By Doug Black

Researchers Use Supercomputing to Study Links Between Hurricanes and Climate Change

July 19, 2019

As climate change looms, researchers are scrambling to answer the question of how a warming planet will affect the frequency and severity of already-deadly hurricanes. Now, a team of researchers from the University of Il Read more…

By Oliver Peckham

HPE Extreme Performance Solutions

Bring the Combined Power of HPC and AI to Your Business Transformation

A growing number of commercial businesses are implementing HPC solutions to derive actionable business insights, to run higher performance applications and to gain a competitive advantage. Read more…

IBM Accelerated Insights

With HPC the Future is Looking Grid

Gone are the days when problems such as unraveling genetic sequences or searching for extra-terrestrial life were solved using only a single high-performance computing (HPC) resource located at one facility. Read more…

San Diego Supercomputer Center to Welcome ‘Expanse’ Supercomputer in 2020

July 18, 2019

With a $10 million dollar award from the National Science Foundation, San Diego Supercomputer Center (SDSC) at the University of California San Diego is procuring a new supercomputer, called Expanse, to be deployed next Read more…

By Staff report

Microsoft Investing $1B in OpenAI Artificial General Intelligence R&D

July 22, 2019

Artificial general intelligence (AGI) is AI’s moonshot, the next giant leap for the AI field. Microsoft regards it to be feasible enough to warrant a $1 billi Read more…

By Doug Black

Informing Designs of Safer, More Efficient Aircraft with Exascale Computing

July 18, 2019

During the process of designing an aircraft, aeronautical engineers must perform predictive simulations to understand how airflow around the plane impacts fligh Read more…

By Rob Johnson

Intel Debuts Pohoiki Beach, Its 8M Neuron Neuromorphic Development System

July 17, 2019

Neuromorphic computing has received less fanfare of late than quantum computing whose mystery has captured public attention and which seems to have generated mo Read more…

By John Russell

Goonhilly Unveils New Immersion-Cooled Platform, Doubles Down on Sustainability Mission

July 16, 2019

Goonhilly Earth Station has opened its new datacenter – an enhancement to its existing tier 3 facility – in Cornwall, England, touting an ambitious commitme Read more…

By Oliver Peckham

ISC19 Cluster Competition: Application Results, Finally!

July 15, 2019

Our exhaustive coverage of the ISC19 Student Cluster Competition continues as we discuss the application scores below. While the scores were typically high, som Read more…

By Dan Olds

Nvidia Expands DGX-Ready AI Program to 19 Countries

July 11, 2019

Nvidia’s DGX-Ready Data Center Program, announced in January and designed to provide colo and public cloud-like options to access the company’s GPU-powered Read more…

By Doug Black

Argonne Team Makes Record Globus File Transfer

July 10, 2019

A team of scientists at Argonne National Laboratory has broken a data transfer record by moving a staggering 2.9 petabytes of data for a research project.  The data – from three large cosmological simulations – was generated and stored on the Summit supercomputer at the Oak Ridge Leadership Computing Facility (OLCF)... Read more…

By Oliver Peckham

Nvidia, Google Tie in Second MLPerf Training ‘At-Scale’ Round

July 10, 2019

Results for the second round of the AI benchmarking suite known as MLPerf were published today with Google Cloud and Nvidia each picking up three wins in the at Read more…

By Tiffany Trader

High Performance (Potato) Chips

May 5, 2006

In this article, we focus on how Procter & Gamble is using high performance computing to create some common, everyday supermarket products. Tom Lange, a 27-year veteran of the company, tells us how P&G models products, processes and production systems for the betterment of consumer package goods. Read more…

By Michael Feldman

Cray, AMD to Extend DOE’s Exascale Frontier

May 7, 2019

Cray and AMD are coming back to Oak Ridge National Laboratory to partner on the world’s largest and most expensive supercomputer. The Department of Energy’s Read more…

By Tiffany Trader

Graphene Surprises Again, This Time for Quantum Computing

May 8, 2019

Graphene is fascinating stuff with promise for use in a seeming endless number of applications. This month researchers from the University of Vienna and Institu Read more…

By John Russell

AMD Verifies Its Largest 7nm Chip Design in Ten Hours

June 5, 2019

AMD announced last week that its engineers had successfully executed the first physical verification of its largest 7nm chip design – in just ten hours. The AMD Radeon Instinct Vega20 – which boasts 13.2 billion transistors – was tested using a TSMC-certified Calibre nmDRC software platform from Mentor. Read more…

By Oliver Peckham

TSMC and Samsung Moving to 5nm; Whither Moore’s Law?

June 12, 2019

With reports that Taiwan Semiconductor Manufacturing Co. (TMSC) and Samsung are moving quickly to 5nm manufacturing, it’s a good time to again ponder whither goes the venerable Moore’s law. Shrinking feature size has of course been the primary hallmark of achieving Moore’s law... Read more…

By John Russell

Deep Learning Competitors Stalk Nvidia

May 14, 2019

There is no shortage of processing architectures emerging to accelerate deep learning workloads, with two more options emerging this week to challenge GPU leader Nvidia. First, Intel researchers claimed a new deep learning record for image classification on the ResNet-50 convolutional neural network. Separately, Israeli AI chip startup Hailo.ai... Read more…

By George Leopold

Nvidia Embraces Arm, Declares Intent to Accelerate All CPU Architectures

June 17, 2019

As the Top500 list was being announced at ISC in Frankfurt today with an upgraded petascale Arm supercomputer in the top third of the list, Nvidia announced its Read more…

By Tiffany Trader

Top500 Purely Petaflops; US Maintains Performance Lead

June 17, 2019

With the kick-off of the International Supercomputing Conference (ISC) in Frankfurt this morning, the 53rd Top500 list made its debut, and this one's for petafl Read more…

By Tiffany Trader

Leading Solution Providers

ISC 2019 Virtual Booth Video Tour

CRAY
CRAY
DDN
DDN
DELL EMC
DELL EMC
GOOGLE
GOOGLE
ONE STOP SYSTEMS
ONE STOP SYSTEMS
PANASAS
PANASAS
VERNE GLOBAL
VERNE GLOBAL

Intel Launches Cascade Lake Xeons with Up to 56 Cores

April 2, 2019

At Intel's Data-Centric Innovation Day in San Francisco (April 2), the company unveiled its second-generation Xeon Scalable (Cascade Lake) family and debuted it Read more…

By Tiffany Trader

Cray – and the Cray Brand – to Be Positioned at Tip of HPE’s HPC Spear

May 22, 2019

More so than with most acquisitions of this kind, HPE’s purchase of Cray for $1.3 billion, announced last week, seems to have elements of that overused, often Read more…

By Doug Black and Tiffany Trader

A Behind-the-Scenes Look at the Hardware That Powered the Black Hole Image

June 24, 2019

Two months ago, the first-ever image of a black hole took the internet by storm. A team of scientists took years to produce and verify the striking image – an Read more…

By Oliver Peckham

Announcing four new HPC capabilities in Google Cloud Platform

April 15, 2019

When you’re running compute-bound or memory-bound applications for high performance computing or large, data-dependent machine learning training workloads on Read more…

By Wyatt Gorman, HPC Specialist, Google Cloud; Brad Calder, VP of Engineering, Google Cloud; Bart Sano, VP of Platforms, Google Cloud

Chinese Company Sugon Placed on US ‘Entity List’ After Strong Showing at International Supercomputing Conference

June 26, 2019

After more than a decade of advancing its supercomputing prowess, operating the world’s most powerful supercomputer from June 2013 to June 2018, China is keep Read more…

By Tiffany Trader

In Wake of Nvidia-Mellanox: Xilinx to Acquire Solarflare

April 25, 2019

With echoes of Nvidia’s recent acquisition of Mellanox, FPGA maker Xilinx has announced a definitive agreement to acquire Solarflare Communications, provider Read more…

By Doug Black

Qualcomm Invests in RISC-V Startup SiFive

June 7, 2019

Investors are zeroing in on the open standard RISC-V instruction set architecture and the processor intellectual property being developed by a batch of high-flying chip startups. Last fall, Esperanto Technologies announced a $58 million funding round. Read more…

By George Leopold

Nvidia Claims 6000x Speed-Up for Stock Trading Backtest Benchmark

May 13, 2019

A stock trading backtesting algorithm used by hedge funds to simulate trading variants has received a massive, GPU-based performance boost, according to Nvidia, Read more…

By Doug Black

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This