CERN Viewpoint: Computer Security vs Academic Freedom

By Stefan Lueders, CERN Computer Security Officer

April 29, 2019

Editor’s Note: Maintaining appropriate computer security has never had a higher profile, whether in government, commerce, or academia. Remember the saying, “just because you’re paranoid doesn’t mean they aren’t out to get you.” Lately that seems too true in the computer world. In this brief viewpoint posted today by Stefan Lueders, computer security officer for CERN, he frames the challenge encountered by CERN – and very many other research institutions – and briefly examines CERN’s philosophy. It’s not a how-to nuts and bolts piece but interesting as a reminder of the conflicting challenges in trying to maintain openness and security in an academic setting.

The mandate of the CERN Computer Security Team is simple: to protect the reputation and operations of the Organization from cyber risks. But this simple sentence can quickly become complex: what is the risk? What risk must be controlled and what can be accepted? What are good and reasonable protective measures? What is appropriate? What is overdoing it? In particular, in the academic environment of CERN, the academic freedom of research, with CERN’s reputation as an open laboratory welcoming people from all around the world, an acceptable equilibrium needs to be found between “security” and the aforementioned academic freedom, as well as the operation of accelerators and experiments.

Stefan Lueders, CERN Computer Security Officer

The right balance is highly important. CERN is not a bank with money to protect. CERN is definitely not a military site nor engaged in military research. Tilting the balance too much towards bank- or military-style computer security might block academic freedom and the creativity behind it, as well as rendering the operations of the accelerators and experiments much more difficult. The mindsets of our people are accustomed to openness, communication, creativity and freedom of thinking. Too much unreasonable security raises questions and suspicions, and leads to creative ideas as to how to bypass the measures implemented. Rules without enforcement are not taken seriously. On the other hand, being soft on computer security means that evil-doers can sabotage or bring to a halt CERN’s operations or negatively impact its reputation. The right balance is therefore key. The right balance must be able to mitigate real risks, not perceived ones, and not just be a sort of security theatre. And the right balance needs to be transparently communicated and opened to discussion. So here goes:

The “cyber risk” is proportional to the threat scenarios, the vulnerabilities and weaknesses inherent to computing systems, and the consequences of losing those systems and the data stored on them. Like any other organisation, institute or enterprise, CERN is permanently under threat. Our webpages are probed for vulnerabilities, attempts are made to crack passwords, users are approached to click on malicious links in order to get their laptops and PCs infected. The corresponding attackers stem from many different areas: script-kiddies trying out their skills to deface CERN webpages, cyber-criminals trying to extort money or blackmail individuals (https://home.cern/cern-people/updates/2018/03/computer-security-malware-ransomware-doxware-and), attackers interested in misusing our computing power or that of the Worldwide LHC Computing Grid, for example for crypto-currency mining (https://home.cern/cern-people/updates/2018/01/computer-security-computing-power-professionals-only), jealous insiders trying to sabotage the scientific work of others, potentially even nation states, as CERN is a melting pot of people from all over the world, so why not attack people while they are in an open environment (instead of in a cyber-locked down country)? The threats are therefore not negligible and are real (and all incidents of the past are well documented in our monthly report; https://cern.ch/security/reports/en/monthly_reports.shtml).

Secondly, as is the case for any other user of information technologies, CERN’s hardware and software stack is prone to vulnerabilities and weaknesses. This is an inherent problem of IT. More particular for CERN is the freedom to choose. Within the scope of their work, staff and users can use, test, develop and deploy any kind of application and technology they deem relevant – on the condition that they assume full responsibility for the related computer security. The CERN IT department provides the relevant software platforms for this: centrally managed software packages (https://home.cern/news/news/computing/computer-security-when-free-not-free), virtualisation platforms (“Openstack”), databases-on-demand, web application frameworks (“Drupal, “Twiki”, “Sharepoint”), but their usage is up to the full discretion of the end user. Similarly, the office network is open to accommodating any kind of (vulnerable) devices, through the so-called principle of bring-your-own-device (“BYOD”). Hence, the phase space of potentially vulnerable and weak devices, applications and webpages, etc. is immense.

Finally, there are many consequences. Reputational. Operational. Financial. And legal. Finding a naked teddy bear posted on one of our home pages will lead to negative publicity; malicious mass deletion of physics data or cyber-sabotage of experiments or accelerators can bring our research programmes to a complete halt (http://cds.cern.ch/journal/CERNBulletin/2013/08/News%20Articles/1514590?ln=en); theft of money (“CEO Fraud”) or confidential information has financial implications; and the abuse of computing power to attack external bodies can trigger legal actions against CERN.

In summary, CERN is under attack. CERN’s hardware and software is vulnerable. The consequences for CERN can be immense. The risk is not zero nor negligible. If you are a regular reader of our Bulletin articles (https://home.cern/tags/computer-security), this should not come as a surprise. The CERN Computer Security Team is committed to controlling and mitigating any risk where it is financially and technologically reasonable to do so and leads to an improvement (and avoids any security theatre). Certain risks have been acknowledged and accepted by the CERN Management not to be mitigated (as they are too intrusive to our academic nature or the benefits do not justify the costs). Implemented measures are well documented on the Computer Security Team’s home page (https://cern.ch/security) and in our Privacy Statement (https://cern.ch/security/home/en/privacy_statement.shtml), and are discussed at the IT users forum (http://information-technology.web.cern.ch/about/meeting/it-technical-users-meeting-itum), the CNIC meeting (https://indico.cern.ch/category/691/) or here in the CERN Bulletin (https://home.cern/tags/computer-security). Just recently, CERN’s computer security stance has been audited and was largely found to be sound, adapted to CERN’s academic environment, and well-balanced with our operational needs. But you might think differently, so were are interested in your feedback. Where are more cyber-security measures needed? Where are we doing too much, making it too restrictive? Where do you need help? Write to us via [email protected].

Link to Lueders’ commentary: https://home.cern/news/news/computing/computer-security-vs-academic-freedom

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industry updates delivered to you every week!

MLPerf Inference 4.0 Results Showcase GenAI; Nvidia Still Dominates

March 28, 2024

There were no startling surprises in the latest MLPerf Inference benchmark (4.0) results released yesterday. Two new workloads — Llama 2 and Stable Diffusion XL — were added to the benchmark suite as MLPerf continues Read more…

Q&A with Nvidia’s Chief of DGX Systems on the DGX-GB200 Rack-scale System

March 27, 2024

Pictures of Nvidia's new flagship mega-server, the DGX GB200, on the GTC show floor got favorable reactions on social media for the sheer amount of computing power it brings to artificial intelligence.  Nvidia's DGX Read more…

Call for Participation in Workshop on Potential NSF CISE Quantum Initiative

March 26, 2024

Editor’s Note: Next month there will be a workshop to discuss what a quantum initiative led by NSF’s Computer, Information Science and Engineering (CISE) directorate could entail. The details are posted below in a Ca Read more…

Waseda U. Researchers Reports New Quantum Algorithm for Speeding Optimization

March 25, 2024

Optimization problems cover a wide range of applications and are often cited as good candidates for quantum computing. However, the execution time for constrained combinatorial optimization applications on quantum device Read more…

NVLink: Faster Interconnects and Switches to Help Relieve Data Bottlenecks

March 25, 2024

Nvidia’s new Blackwell architecture may have stolen the show this week at the GPU Technology Conference in San Jose, California. But an emerging bottleneck at the network layer threatens to make bigger and brawnier pro Read more…

Who is David Blackwell?

March 22, 2024

During GTC24, co-founder and president of NVIDIA Jensen Huang unveiled the Blackwell GPU. This GPU itself is heavily optimized for AI work, boasting 192GB of HBM3E memory as well as the the ability to train 1 trillion pa Read more…

MLPerf Inference 4.0 Results Showcase GenAI; Nvidia Still Dominates

March 28, 2024

There were no startling surprises in the latest MLPerf Inference benchmark (4.0) results released yesterday. Two new workloads — Llama 2 and Stable Diffusion Read more…

Q&A with Nvidia’s Chief of DGX Systems on the DGX-GB200 Rack-scale System

March 27, 2024

Pictures of Nvidia's new flagship mega-server, the DGX GB200, on the GTC show floor got favorable reactions on social media for the sheer amount of computing po Read more…

NVLink: Faster Interconnects and Switches to Help Relieve Data Bottlenecks

March 25, 2024

Nvidia’s new Blackwell architecture may have stolen the show this week at the GPU Technology Conference in San Jose, California. But an emerging bottleneck at Read more…

Who is David Blackwell?

March 22, 2024

During GTC24, co-founder and president of NVIDIA Jensen Huang unveiled the Blackwell GPU. This GPU itself is heavily optimized for AI work, boasting 192GB of HB Read more…

Nvidia Looks to Accelerate GenAI Adoption with NIM

March 19, 2024

Today at the GPU Technology Conference, Nvidia launched a new offering aimed at helping customers quickly deploy their generative AI applications in a secure, s Read more…

The Generative AI Future Is Now, Nvidia’s Huang Says

March 19, 2024

We are in the early days of a transformative shift in how business gets done thanks to the advent of generative AI, according to Nvidia CEO and cofounder Jensen Read more…

Nvidia’s New Blackwell GPU Can Train AI Models with Trillions of Parameters

March 18, 2024

Nvidia's latest and fastest GPU, codenamed Blackwell, is here and will underpin the company's AI plans this year. The chip offers performance improvements from Read more…

Nvidia Showcases Quantum Cloud, Expanding Quantum Portfolio at GTC24

March 18, 2024

Nvidia’s barrage of quantum news at GTC24 this week includes new products, signature collaborations, and a new Nvidia Quantum Cloud for quantum developers. Wh Read more…

Alibaba Shuts Down its Quantum Computing Effort

November 30, 2023

In case you missed it, China’s e-commerce giant Alibaba has shut down its quantum computing research effort. It’s not entirely clear what drove the change. Read more…

Nvidia H100: Are 550,000 GPUs Enough for This Year?

August 17, 2023

The GPU Squeeze continues to place a premium on Nvidia H100 GPUs. In a recent Financial Times article, Nvidia reports that it expects to ship 550,000 of its lat Read more…

Shutterstock 1285747942

AMD’s Horsepower-packed MI300X GPU Beats Nvidia’s Upcoming H200

December 7, 2023

AMD and Nvidia are locked in an AI performance battle – much like the gaming GPU performance clash the companies have waged for decades. AMD has claimed it Read more…

DoD Takes a Long View of Quantum Computing

December 19, 2023

Given the large sums tied to expensive weapon systems – think $100-million-plus per F-35 fighter – it’s easy to forget the U.S. Department of Defense is a Read more…

Synopsys Eats Ansys: Does HPC Get Indigestion?

February 8, 2024

Recently, it was announced that Synopsys is buying HPC tool developer Ansys. Started in Pittsburgh, Pa., in 1970 as Swanson Analysis Systems, Inc. (SASI) by John Swanson (and eventually renamed), Ansys serves the CAE (Computer Aided Engineering)/multiphysics engineering simulation market. Read more…

Choosing the Right GPU for LLM Inference and Training

December 11, 2023

Accelerating the training and inference processes of deep learning models is crucial for unleashing their true potential and NVIDIA GPUs have emerged as a game- Read more…

Intel’s Server and PC Chip Development Will Blur After 2025

January 15, 2024

Intel's dealing with much more than chip rivals breathing down its neck; it is simultaneously integrating a bevy of new technologies such as chiplets, artificia Read more…

Baidu Exits Quantum, Closely Following Alibaba’s Earlier Move

January 5, 2024

Reuters reported this week that Baidu, China’s giant e-commerce and services provider, is exiting the quantum computing development arena. Reuters reported � Read more…

Leading Solution Providers

Contributors

Comparing NVIDIA A100 and NVIDIA L40S: Which GPU is Ideal for AI and Graphics-Intensive Workloads?

October 30, 2023

With long lead times for the NVIDIA H100 and A100 GPUs, many organizations are looking at the new NVIDIA L40S GPU, which it’s a new GPU optimized for AI and g Read more…

Shutterstock 1179408610

Google Addresses the Mysteries of Its Hypercomputer 

December 28, 2023

When Google launched its Hypercomputer earlier this month (December 2023), the first reaction was, "Say what?" It turns out that the Hypercomputer is Google's t Read more…

AMD MI3000A

How AMD May Get Across the CUDA Moat

October 5, 2023

When discussing GenAI, the term "GPU" almost always enters the conversation and the topic often moves toward performance and access. Interestingly, the word "GPU" is assumed to mean "Nvidia" products. (As an aside, the popular Nvidia hardware used in GenAI are not technically... Read more…

Shutterstock 1606064203

Meta’s Zuckerberg Puts Its AI Future in the Hands of 600,000 GPUs

January 25, 2024

In under two minutes, Meta's CEO, Mark Zuckerberg, laid out the company's AI plans, which included a plan to build an artificial intelligence system with the eq Read more…

Google Introduces ‘Hypercomputer’ to Its AI Infrastructure

December 11, 2023

Google ran out of monikers to describe its new AI system released on December 7. Supercomputer perhaps wasn't an apt description, so it settled on Hypercomputer Read more…

China Is All In on a RISC-V Future

January 8, 2024

The state of RISC-V in China was discussed in a recent report released by the Jamestown Foundation, a Washington, D.C.-based think tank. The report, entitled "E Read more…

Intel Won’t Have a Xeon Max Chip with New Emerald Rapids CPU

December 14, 2023

As expected, Intel officially announced its 5th generation Xeon server chips codenamed Emerald Rapids at an event in New York City, where the focus was really o Read more…

IBM Quantum Summit: Two New QPUs, Upgraded Qiskit, 10-year Roadmap and More

December 4, 2023

IBM kicks off its annual Quantum Summit today and will announce a broad range of advances including its much-anticipated 1121-qubit Condor QPU, a smaller 133-qu Read more…

  • arrow
  • Click Here for More Headlines
  • arrow
HPCwire