- The scientific workflow holds some of the same security concerns that you do — and many different.
- Security issues arise at every point in the scientific workflow.
- Specialized instruments and data integrity bring unique security concerns.
- The National Science Foundation (NSF) is investing in solutions.
When most of us think of cybersecurity, we think of personal privacy or financial risks. From unique and expensive scientific instrumentation, to the priceless quality of data integrity, the stakes are much higher in the world of science. To stake out the territory, the Science Node held a virtual cyber-security summit with security practitioners at prominent scientific institutions.
Anita Nikolich, cybersecurity program director, US National Science Foundation (NSF)
Tim Minick, information technology services manager, Gemini Observatory
Steve Barnet, senior systems administrator at IceCube South Pole Neutrino Observatory
Abe Singer, chief security officer at Laser Interferometer Gravitational-Wave Observatory (LIGO)
What are the spots on the scientific workflow where security is a worry?
Nikolich: As most science has evolved into a distributed and collaborative pursuit, every step, from the point of collection onward, is a security risk.
Minick: That’s right. Cybersecurity issues are engrained in all facets of an organization, wherever a human/machine or machine/machine interface exists.
Nikolich: For instance, the instrument or sensor itself is often at risk, as is the software that processes the data. That data gets sent over multiple networks, often across the globe, and finally arrives at a computing resource, which might be at a campus, in ‘the cloud,’ or at a national facility. Achieving data integrity across all these platforms is a complex endeavor!
How are cybersecurity threats in the scientific workflow different?
Barnet: A lot of the same concerns that apply in the private or corporate sector apply to us as well. Where it gets interesting for us is the standard security mantra of turn on the updates, run security software or antivirus software doesn’t work very well for us.
Automatically updated software can break the data-taking process, and anything that would take all of or part of the detector off-line can be a serious problem for us.
Singer: We've got the same concern, Steve. And I think it goes without saying: The boutique instruments in modern science — like Steve's neutrino detector or our gravitational wave detector — are very difficult to replace when they break, either because they were costly or weren’t designed to be replaced.
For instance, at LIGO, we have huge 30-watt lasers, and so we have to think about controls on our laser and controls on our system. The lasers aren’t in an area where they will hurt people, but if things aren't done right it could do significant damage to the instrument.
Minick: Each of the Gemini facilities cost more than $92 million when built, use lasers, and at any given time there are $20 million+ worth of instrumentation attached to them. The telescope primary mirrors cost $10 million each when cast, polished, and coated in the early 1990s. They simply cannot be replaced if damaged. Any malicious compromise of these systems could potentially have catastrophic results.
Barnet: We’re fairly lucky in some ways in comparison to the optical observatories. In contrast, our stuff is static — just computers humming away, so injuries or damage to property are unlikely. There could be a problem with loss of power to the optical modules in the ice, because if those cool down to a certain point there are questions of how readily we could bring all of them back.
So what else is at stake?
Barnet: Time. Like all observational experiments, you don’t get a do-over — so if you have a supernova during that kind of security event where the detector is effectively down, you’re never going to get another shot.
Nikolich: Many people think of security as synonymous with confidentiality, which is not as much of a concern for scientific data. As a result, security is not taken as a serious issue. More worrisome is the fact that these security risks can affect the integrity of the data.
Singer: I share Anita’s concern. My nightmare scenario is that somebody comes in and subtly alters our data, and we find out five years later after papers have been published that the data has been wrong. It could have career effects; it could have impact on funding for science projects.
So what do the solutions look like?
Minick: There is not one single answer to this question. The NSF has provided several resources that institutions can engage for awareness and guidance. The NSF Cybersecurity Summit is now an annual event, as will be the Cyberinfrastructure for NSF Large Facilities Workshop.
Additionally, projects such as the Center for Trustworthy Scientific Cyberinfrastructure are available for guidance and intimate engagement. Gemini also closely follows the news, guidance, standards, procedures, etc. as set forth by the National Institute of Standards and Technology (NIST), SANS, and the Federal Risk and Authorization Management Program (FedRAMP).
Singer: A lot of the language we use around computer security is bad and leads in the wrong direction. We use all these military defense metaphors — firewall, border, DMZ.
Take the term firewall, for instance. A firewall in a building or in a car is designed to slow down the fire until you can get out of the building. That’s not what a firewall is in a network. It’s the wrong metaphor, doesn’t work that way.
Barnet: Yeah, the science DMZ is an interesting concept and phenomenon. It seems like it’s really a way to help the campus level IT organization that wants to erect a gigantic border firewall that keeps all the bad guys out at the campus border.
However, with workflows like ours it’s not uncommon for us to move 10-20 Gbps worth of network traffic. Trying to put a firewall in there that can deal with that kind of traffic flow is really not feasible.
Singer: Instead of a military metaphor, I like to use the bank metaphor. The bank has assets it has to protect, but it also has to do business and let customers in. They don’t just lock all the doors all the time. They couldn’t do business if they did. I think if people change the terminology, they’ll change how they think about what they’re doing.
Minick: One also shouldn’t overlook that there is a perceivable value in simply networking with other IT security professionals in both similar and dissimilar industries. Building these relationships takes time and effort but is the source for some the best and most timely information.
Nikolich: At the NSF, we know this is not just an IT problem we’re solving. We recently renewed the Cybersecurity Innovation for Cyberinfrastructure (CICI) solicitation, requiring a partnership with a domain scientist or science collaboration. CICI encourages people to look at the totality of the scientific workflow, not just a particular problem area.
Technically, the best solutions are ones that are not just point solutions that solve a portion of the problem. Solutions that are collaborative are better because you have confidence your data will be traveling a network which takes security equally as seriously.