CERN Viewpoint: Computer Security vs Academic Freedom

By Stefan Lueders, CERN Computer Security Officer

April 29, 2019

Editor’s Note: Maintaining appropriate computer security has never had a higher profile, whether in government, commerce, or academia. Remember the saying, “just because you’re paranoid doesn’t mean they aren’t out to get you.” Lately that seems too true in the computer world. In this brief viewpoint posted today by Stefan Lueders, computer security officer for CERN, he frames the challenge encountered by CERN – and very many other research institutions – and briefly examines CERN’s philosophy. It’s not a how-to nuts and bolts piece but interesting as a reminder of the conflicting challenges in trying to maintain openness and security in an academic setting.

The mandate of the CERN Computer Security Team is simple: to protect the reputation and operations of the Organization from cyber risks. But this simple sentence can quickly become complex: what is the risk? What risk must be controlled and what can be accepted? What are good and reasonable protective measures? What is appropriate? What is overdoing it? In particular, in the academic environment of CERN, the academic freedom of research, with CERN’s reputation as an open laboratory welcoming people from all around the world, an acceptable equilibrium needs to be found between “security” and the aforementioned academic freedom, as well as the operation of accelerators and experiments.

Stefan Lueders, CERN Computer Security Officer

The right balance is highly important. CERN is not a bank with money to protect. CERN is definitely not a military site nor engaged in military research. Tilting the balance too much towards bank- or military-style computer security might block academic freedom and the creativity behind it, as well as rendering the operations of the accelerators and experiments much more difficult. The mindsets of our people are accustomed to openness, communication, creativity and freedom of thinking. Too much unreasonable security raises questions and suspicions, and leads to creative ideas as to how to bypass the measures implemented. Rules without enforcement are not taken seriously. On the other hand, being soft on computer security means that evil-doers can sabotage or bring to a halt CERN’s operations or negatively impact its reputation. The right balance is therefore key. The right balance must be able to mitigate real risks, not perceived ones, and not just be a sort of security theatre. And the right balance needs to be transparently communicated and opened to discussion. So here goes:

The “cyber risk” is proportional to the threat scenarios, the vulnerabilities and weaknesses inherent to computing systems, and the consequences of losing those systems and the data stored on them. Like any other organisation, institute or enterprise, CERN is permanently under threat. Our webpages are probed for vulnerabilities, attempts are made to crack passwords, users are approached to click on malicious links in order to get their laptops and PCs infected. The corresponding attackers stem from many different areas: script-kiddies trying out their skills to deface CERN webpages, cyber-criminals trying to extort money or blackmail individuals (https://home.cern/cern-people/updates/2018/03/computer-security-malware-ransomware-doxware-and), attackers interested in misusing our computing power or that of the Worldwide LHC Computing Grid, for example for crypto-currency mining (https://home.cern/cern-people/updates/2018/01/computer-security-computing-power-professionals-only), jealous insiders trying to sabotage the scientific work of others, potentially even nation states, as CERN is a melting pot of people from all over the world, so why not attack people while they are in an open environment (instead of in a cyber-locked down country)? The threats are therefore not negligible and are real (and all incidents of the past are well documented in our monthly report; https://cern.ch/security/reports/en/monthly_reports.shtml).

Secondly, as is the case for any other user of information technologies, CERN’s hardware and software stack is prone to vulnerabilities and weaknesses. This is an inherent problem of IT. More particular for CERN is the freedom to choose. Within the scope of their work, staff and users can use, test, develop and deploy any kind of application and technology they deem relevant – on the condition that they assume full responsibility for the related computer security. The CERN IT department provides the relevant software platforms for this: centrally managed software packages (https://home.cern/news/news/computing/computer-security-when-free-not-free), virtualisation platforms (“Openstack”), databases-on-demand, web application frameworks (“Drupal, “Twiki”, “Sharepoint”), but their usage is up to the full discretion of the end user. Similarly, the office network is open to accommodating any kind of (vulnerable) devices, through the so-called principle of bring-your-own-device (“BYOD”). Hence, the phase space of potentially vulnerable and weak devices, applications and webpages, etc. is immense.

Finally, there are many consequences. Reputational. Operational. Financial. And legal. Finding a naked teddy bear posted on one of our home pages will lead to negative publicity; malicious mass deletion of physics data or cyber-sabotage of experiments or accelerators can bring our research programmes to a complete halt (http://cds.cern.ch/journal/CERNBulletin/2013/08/News%20Articles/1514590?ln=en); theft of money (“CEO Fraud”) or confidential information has financial implications; and the abuse of computing power to attack external bodies can trigger legal actions against CERN.

In summary, CERN is under attack. CERN’s hardware and software is vulnerable. The consequences for CERN can be immense. The risk is not zero nor negligible. If you are a regular reader of our Bulletin articles (https://home.cern/tags/computer-security), this should not come as a surprise. The CERN Computer Security Team is committed to controlling and mitigating any risk where it is financially and technologically reasonable to do so and leads to an improvement (and avoids any security theatre). Certain risks have been acknowledged and accepted by the CERN Management not to be mitigated (as they are too intrusive to our academic nature or the benefits do not justify the costs). Implemented measures are well documented on the Computer Security Team’s home page (https://cern.ch/security) and in our Privacy Statement (https://cern.ch/security/home/en/privacy_statement.shtml), and are discussed at the IT users forum (http://information-technology.web.cern.ch/about/meeting/it-technical-users-meeting-itum), the CNIC meeting (https://indico.cern.ch/category/691/) or here in the CERN Bulletin (https://home.cern/tags/computer-security). Just recently, CERN’s computer security stance has been audited and was largely found to be sound, adapted to CERN’s academic environment, and well-balanced with our operational needs. But you might think differently, so were are interested in your feedback. Where are more cyber-security measures needed? Where are we doing too much, making it too restrictive? Where do you need help? Write to us via [email protected]

Link to Lueders’ commentary: https://home.cern/news/news/computing/computer-security-vs-academic-freedom

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

HPE to Acquire Cray for $1.3B

May 17, 2019

Venerable supercomputer pioneer Cray Inc. will be acquired by Hewlett Packard Enterprise for $1.3 billion under a definitive agreement announced this morning. The news follows HPE’s acquisition nearly three years ago o Read more…

By Doug Black & Tiffany Trader

China Establishes Seventh National Supercomputing Center

May 16, 2019

Chinese media is reporting that China will construct a new National Supercomputer Center in Zhengzhou, in central China's Henan Province. The new Zhengzhou facility will house a 100-petaflops supercomputer and will be ta Read more…

By Staff report

Interview with 2019 Person to Watch Ken King

May 16, 2019

Today, as the final installment of our HPCwire People to Watch focus series, we present our interview with Ken King, general manager of OpenPOWER for the IBM Systems Group. Ken is responsible for building and managing t Read more…

By HPCwire Editorial Team

HPE Extreme Performance Solutions

HPE and Intel® Omni-Path Architecture: How to Power a Cloud

Learn how HPE and Intel® Omni-Path Architecture provide critical infrastructure for leading Nordic HPC provider’s HPCFLOW cloud service.

For decades, HPE has been at the forefront of high-performance computing, and we’ve powered some of the fastest and most robust supercomputers in the world. Read more…

IBM Accelerated Insights

Autonomous Vehicles: New challenges for the CAE Data Center

Managing infrastructure complexity in the age of AI

When most of us hear the term autonomous vehicles, we conjure up images of driverless Waymos or robotic transport trucks driving long-haul highway routes. Read more…

What’s New in HPC Research: Image Classification, Crowd Computing, Genome Informatics & More

May 15, 2019

In this bimonthly feature, HPCwire highlights newly published research in the high-performance computing community and related domains. From parallel programming to exascale to quantum computing, the details are here. Read more…

By Oliver Peckham

HPE to Acquire Cray for $1.3B

May 17, 2019

Venerable supercomputer pioneer Cray Inc. will be acquired by Hewlett Packard Enterprise for $1.3 billion under a definitive agreement announced this morning. T Read more…

By Doug Black & Tiffany Trader

Deep Learning Competitors Stalk Nvidia

May 14, 2019

There is no shortage of processing architectures emerging to accelerate deep learning workloads, with two more options emerging this week to challenge GPU leader Nvidia. First, Intel researchers claimed a new deep learning record for image classification on the ResNet-50 convolutional neural network. Separately, Israeli AI chip startup Hailo.ai... Read more…

By George Leopold

CCC Offers Draft 20-Year AI Roadmap; Seeks Comments

May 14, 2019

Artificial Intelligence in all its guises has captured much of the conversation in HPC and general computing today. The White House, DARPA, IARPA, and Departmen Read more…

By John Russell

Cascade Lake Shows Up to 84 Percent Gen-on-Gen Advantage on STAC Benchmarking

May 13, 2019

The Securities Technology Analysis Center (STAC) issued a report Friday comparing the performance of Intel's Cascade Lake processors with previous-gen Skylake u Read more…

By Tiffany Trader

Nvidia Claims 6000x Speed-Up for Stock Trading Backtest Benchmark

May 13, 2019

A stock trading backtesting algorithm used by hedge funds to simulate trading variants has received a massive, GPU-based performance boost, according to Nvidia, Read more…

By Doug Black

ASC19: NTHU Returns to Glory

May 11, 2019

As many of you Student Cluster Competition fanatics know by now, Taiwan’s National Tsing Hua University (NTHU) won the gold medal at the recently concluded AS Read more…

By Dan Olds

Intel 7nm GPU on Roadmap for 2021, OneAPI Coming This Year

May 8, 2019

At Intel's investor meeting today in Santa Clara, Calif., the company filled in details of its roadmap and product launch plans and sought to allay concerns about delays of its 10nm chips. In laying out its 10nm and 7nm timelines, Intel revealed that its first 7nm product would be... Read more…

By Tiffany Trader

Ten Great Reasons to Build the 1.5 Exaflops Frontier

May 7, 2019

It’s perhaps obvious that the fundamental reason for building expensive exascale computers is to drive science and industry forward, realizing the resulting b Read more…

By John Russell

Cray, AMD to Extend DOE’s Exascale Frontier

May 7, 2019

Cray and AMD are coming back to Oak Ridge National Laboratory to partner on the world’s largest and most expensive supercomputer. The Department of Energy’s Read more…

By Tiffany Trader

Graphene Surprises Again, This Time for Quantum Computing

May 8, 2019

Graphene is fascinating stuff with promise for use in a seeming endless number of applications. This month researchers from the University of Vienna and Institu Read more…

By John Russell

Why Nvidia Bought Mellanox: ‘Future Datacenters Will Be…Like High Performance Computers’

March 14, 2019

“Future datacenters of all kinds will be built like high performance computers,” said Nvidia CEO Jensen Huang during a phone briefing on Monday after Nvidia revealed scooping up the high performance networking company Mellanox for $6.9 billion. Read more…

By Tiffany Trader

ClusterVision in Bankruptcy, Fate Uncertain

February 13, 2019

ClusterVision, European HPC specialists that have built and installed over 20 Top500-ranked systems in their nearly 17-year history, appear to be in the midst o Read more…

By Tiffany Trader

It’s Official: Aurora on Track to Be First US Exascale Computer in 2021

March 18, 2019

The U.S. Department of Energy along with Intel and Cray confirmed today that an Intel/Cray supercomputer, "Aurora," capable of sustained performance of one exaf Read more…

By Tiffany Trader

Intel Reportedly in $6B Bid for Mellanox

January 30, 2019

The latest rumors and reports around an acquisition of Mellanox focus on Intel, which has reportedly offered a $6 billion bid for the high performance interconn Read more…

By Doug Black

Looking for Light Reading? NSF-backed ‘Comic Books’ Tackle Quantum Computing

January 28, 2019

Still baffled by quantum computing? How about turning to comic books (graphic novels for the well-read among you) for some clarity and a little humor on QC. The Read more…

By John Russell

The Case Against ‘The Case Against Quantum Computing’

January 9, 2019

It’s not easy to be a physicist. Richard Feynman (basically the Jimi Hendrix of physicists) once said: “The first principle is that you must not fool yourse Read more…

By Ben Criger

Leading Solution Providers

SC 18 Virtual Booth Video Tour

Advania @ SC18 AMD @ SC18
ASRock Rack @ SC18
DDN Storage @ SC18
HPE @ SC18
IBM @ SC18
Lenovo @ SC18 Mellanox Technologies @ SC18
NVIDIA @ SC18
One Stop Systems @ SC18
Oracle @ SC18 Panasas @ SC18
Supermicro @ SC18 SUSE @ SC18 TYAN @ SC18
Verne Global @ SC18

Deep500: ETH Researchers Introduce New Deep Learning Benchmark for HPC

February 5, 2019

ETH researchers have developed a new deep learning benchmarking environment – Deep500 – they say is “the first distributed and reproducible benchmarking s Read more…

By John Russell

Deep Learning Competitors Stalk Nvidia

May 14, 2019

There is no shortage of processing architectures emerging to accelerate deep learning workloads, with two more options emerging this week to challenge GPU leader Nvidia. First, Intel researchers claimed a new deep learning record for image classification on the ResNet-50 convolutional neural network. Separately, Israeli AI chip startup Hailo.ai... Read more…

By George Leopold

IBM Bets $2B Seeking 1000X AI Hardware Performance Boost

February 7, 2019

For now, AI systems are mostly machine learning-based and “narrow” – powerful as they are by today's standards, they're limited to performing a few, narro Read more…

By Doug Black

Arm Unveils Neoverse N1 Platform with up to 128-Cores

February 20, 2019

Following on its Neoverse roadmap announcement last October, Arm today revealed its next-gen Neoverse microarchitecture with compute and throughput-optimized si Read more…

By Tiffany Trader

Intel Launches Cascade Lake Xeons with Up to 56 Cores

April 2, 2019

At Intel's Data-Centric Innovation Day in San Francisco (April 2), the company unveiled its second-generation Xeon Scalable (Cascade Lake) family and debuted it Read more…

By Tiffany Trader

France to Deploy AI-Focused Supercomputer: Jean Zay

January 22, 2019

HPE announced today that it won the contract to build a supercomputer that will drive France’s AI and HPC efforts. The computer will be part of GENCI, the Fre Read more…

By Tiffany Trader

In Wake of Nvidia-Mellanox: Xilinx to Acquire Solarflare

April 25, 2019

With echoes of Nvidia’s recent acquisition of Mellanox, FPGA maker Xilinx has announced a definitive agreement to acquire Solarflare Communications, provider Read more…

By Doug Black

Nvidia Claims 6000x Speed-Up for Stock Trading Backtest Benchmark

May 13, 2019

A stock trading backtesting algorithm used by hedge funds to simulate trading variants has received a massive, GPU-based performance boost, according to Nvidia, Read more…

By Doug Black

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This