The security of supercomputers has been grossly ignored in the pursuit of horsepower. Still, there is a growing realization that security is needed to prevent bad actors from accessing high-value systems from bad actors.
Typically, security features in supercomputers slow down performance. However, HPC centers recognize that while performance is paramount, safeguards are needed to protect high-value systems from bad guys.
Vendor supercomputing contracts typically focus on performance and meeting benchmarks, not security. Vendors are hesitant to make changes if they affect the performance of their system.
As a result, system administrators have complained about vendors neglecting security, and contracts prevent them from implementing their protections. Implementing a third-party security system without a vendor’s approval could be a breach of contract.
“The vendors are saying, ‘users don’t want it,’ and the users are saying, ‘don’t get in the way of my performance,’ and push back on the vendors. It’s a bit of an impasse,” Albert Reuther, a senior MIT Lincoln Laboratory Supercomputing Center staff member, told HPCwire at the Supercomputing 2023 conference.
That impasse- affecting 80% of HPC data centers- could end soon. A provision for supercomputer vendors to provide security may soon start appearing in contracts and may not affect performance.
“I think it’s going to get into contracts sometime in the next two to five years,” Reuther said.
The HPC Security Working Group at the National Institute of Standards and Technology is developing a blueprint to secure HPC systems. The security provisions could be based on the blueprints.
HPC systems function differently than regular PCs; securing systems is not as simple as installing an antivirus. HPC has different attributes, such as large storage sizes and system access. HPC is also a shared resource available to users through sanitized nodes.
The blueprint breaks down a supercomputer into four nodes: access zone, management zone, high-performance computing zone, and data storage. Each zone faces different threats, follows different security guidance, and requires unique resolution mechanisms.
In the meantime, MIT is taking common-sense approaches to strengthen security. For example, the university limits access to HPC hardware to new users, whose behavior is monitored over time and goes through vetting before being granted access to more resources.
MIT also got rid of root access to systems. Instead, a shell command called “sudo” gives system administrators root privileges. Sudo provides a way to audit everything engineers do on the system by recording everything. It leaves a paper trail that can help track down abnormal behavior.
The (High-Performance Computing Modernization Program) at the U.S. Department of Defense has security centers for its five supercomputing centers. HPCMP is trying to create a common lexicon for defense arms, including the Navy, Air Force, and Army, which have their own security rules.