Transcript
Page 1: Trustworthy Computational Science: A Multi-decade Perspective

A Multi-decade Perspective!

Trustworthy Computational Science!

Von Welch!Indiana University!

Director, CACR!April 15, 2015!

Page 2: Trustworthy Computational Science: A Multi-decade Perspective

About  the  Center  for  Applied  Cybersecurity  Research  •  Interdisciplinary  applied  research  into  cybersecurity.  

•  Bridge  cybersecurity  research  and  prac7ce  across  Indiana  University.  

•  Externally  facing,  with  projects  funded  by  NSF,  DOE,  DHS,  …  

•  Part  of  Pervasive  Technology  Ins7tute.  

2

Page 3: Trustworthy Computational Science: A Multi-decade Perspective

My  talk:  Cybersecurity  and  Science  •  The  rise  of  scien7fic  compu7ng.  •  Cybersecurity  as  risk  management.  •  What  are  the  risks  to  science?  •  What  can  science  teach  cybersecurity?  •  PuOng  it  all  together.  •  How  put  this  into  prac7ce?  

3

Page 4: Trustworthy Computational Science: A Multi-decade Perspective

The “Good Old Days” Scientists were employees or students – physically co-located.

Image credit: Wikipedia

4

Page 5: Trustworthy Computational Science: A Multi-decade Perspective

Then remote access… Scientists start being remote from the computers. But still affiliated with computing centers.

Image credit: All About Apple Museum Creative Commons Attribution-Share Alike 2.5 Italy

5

Page 6: Trustworthy Computational Science: A Multi-decade Perspective

Growth of the scientific collaboration Number of scientists, institutions, resources. Large, expensive, rare/unique instruments. Increasing amounts of data.

Image credit: Ian Bird/CERN

6

Page 7: Trustworthy Computational Science: A Multi-decade Perspective

Cyberinfrastructure!

Scientific Community!

Multiple Universities

and/or Research

Orgs!

Regional R&E and

Commercial Services!

Open Source and Scientific

Software!

R&E Networks,!

IRNCs,!Science DMZs!

The  “Science  Stack”  

7

Page 8: Trustworthy Computational Science: A Multi-decade Perspective

Cyberinfrastructure  

PCs/Mobile  

HPC  

HTC  

HPSS  

Instruments  

Science  Data  

Servers  

Portals  

Commodity          Unique  

Satellite  Links  

HPN  

Science  DMZ  Cloud  

Data  Subjects  

8

Page 9: Trustworthy Computational Science: A Multi-decade Perspective

What  is  the  Goal  of  Cybersecurity  for  Science?  

9

Page 10: Trustworthy Computational Science: A Multi-decade Perspective

Cybersecurity Historically!

Firewalls, IDS, encryption, logs, passwords, etc.!

!Not inspirational

to the science community "

(or many others).!

10

Page 11: Trustworthy Computational Science: A Multi-decade Perspective

Contemporary Cybersecurity!

Cybersecurity supports the

organization’s mission by

managing risks to science.!

11

Page 12: Trustworthy Computational Science: A Multi-decade Perspective

Maximizing  Trustworthy  Science  

Trustworthy Science Output

Too much risk

Too little Science

Security

12

Page 13: Trustworthy Computational Science: A Multi-decade Perspective

What  are  the  risks  to  Science?  

13

?

Page 14: Trustworthy Computational Science: A Multi-decade Perspective

Trustworthy Science!  

Integrity of data and computation are critical to

maintaining the trust of scientists and the public in CI.!

!Perception of integrity is often

just as important as reality.!!

14

Page 15: Trustworthy Computational Science: A Multi-decade Perspective

Do No Harm!Cyberinfrastructure

represents some impressive cyber-

facilities.!!

Being used as a tool to harm others would be

very damaging to one’s reputation.  

 15

Page 16: Trustworthy Computational Science: A Multi-decade Perspective

Collaboration is key to science. "

"Trust is key to collaboration.!

16

Page 17: Trustworthy Computational Science: A Multi-decade Perspective

Identity Matters to Science…!

Scott  Koranda/LIGO  -­‐  Oct’11  

17

Page 18: Trustworthy Computational Science: A Multi-decade Perspective

Specific Concerns!

Many science domains, communities, and

projects have particular concerns.!

!The risks related to

confidentiality, integrity, and

availability vary greatly, and go by their

own nomenclature.!

18

Page 19: Trustworthy Computational Science: A Multi-decade Perspective

Cyberinfrastructure!

Scientific Community!

Multiple Universities

and/or Research

Orgs!

Regional R&E and

Commercial Services!

Open Source and Scientific

Software!

R&E Networks,!

IRNCs,!Science DMZs!

How  do  we  manage  these  Risks?  

19

Page 20: Trustworthy Computational Science: A Multi-decade Perspective

Leverage  services  when  possible  •  Leverage  cybersecurity  in  these  services.  •  Save  effort  for  science-­‐specific  challenges.  •  Challenge:  Quan7fy  and  manage  residual  risks  from  those  services.  

Multiple Universities

and/or Research

Orgs!

Regional R&E and

Commercial Services!

Open Source and Scientific

Software!

R&E Networks,!

IRNCs,!Science DMZs!

20

Page 21: Trustworthy Computational Science: A Multi-decade Perspective

Commodity  IT  •  Use  baseline  cybersecurity  prac7ces  from  NIST  and  others.  E.g.  hXp://trustedci.org/guide/docs/commodityIT  

21

Commodity IT

Page 22: Trustworthy Computational Science: A Multi-decade Perspective

Unique  IT/Instruments/Data/etc.  

•  Must  understand  and  manage  risk  

•  A  custom  task  –  can  be  helped  with  resources  E.g.  hXp://trustedci.org/guide/  

22

Unique Assets

Page 23: Trustworthy Computational Science: A Multi-decade Perspective

What  about  the  Science  itself?  

•  The  mission  we  are  ul7mately  suppor7ng.  •  A  source  of  risks.  

But  is  that  all?  

Scientific Community!

23

Page 24: Trustworthy Computational Science: A Multi-decade Perspective

Science  Manages  Risks  as  Well  

•  Biases  •  Errors  

24

http://www.ligo.org/news/blind-injection.php

Page 25: Trustworthy Computational Science: A Multi-decade Perspective

http://cms.web.cern.ch/news/blinding-and-unblinding-analyses

25

https://theoreticalecology.wordpress.com/2012/06/22/statistical-analysis-with-blinded-data-a-way-to-go-for-ecology/

Page 26: Trustworthy Computational Science: A Multi-decade Perspective

Bias:  The  Ultimate  Insider  Threat  •  “Insider  Threat”  –  dealing  with  risks  that  originate  from  inside  the  organiza7on.  

•  Science  has  been  dealing  with  the  risk  of  bias  for  a  long  7me.  

•  Mature  science  projects  bring  a  lot  of  risk  management  around  bias  that  should  be  leveraged  by  cybersecurity.  

•  What  is  the  residual  risk  in  computa7onal  science  a^er  bias  management?  

26

Page 27: Trustworthy Computational Science: A Multi-decade Perspective

27

Page 28: Trustworthy Computational Science: A Multi-decade Perspective

Cyberinfrastructure!

Scientific Community!

Multiple Universities

and/or Research

Orgs!

Regional R&E and

Commercial Services!

Open Source and Scientific

Software!

R&E Networks,!

IRNCs,!Science DMZs!

Putting  it  all  together…  

Leverage science processes, understand risks.

Baseline controls, risk management.

Leverage services and cybersecurity to conserve effort, understand and manage residual risks.

28

Page 29: Trustworthy Computational Science: A Multi-decade Perspective

How  do  we  put  this  into  practice?  

29

Page 30: Trustworthy Computational Science: A Multi-decade Perspective

http://science.energy.gov/~/media/ascr/ascac/pdf/charges/ASCAC_Workforce_Letter_Report.pdf

DOE  Advanced  ScientiPic  Computing  Advisory  Committee  Workforce  Subcommittee  Letter  

“In  par7cular,  the  findings  reveal  that:  All  large  DOE  na7onal  laboratories  face  workforce  recruitment  and  reten7on  challenges  in  the  fields  within  Compu7ng  Sciences  that  are  relevant  to  their  mission  (…),  including  Algorithms  (both  numerical  and  non-­‐numerical);  Applied  Mathema7cs;  Data  Analysis,  Management  and  Visualiza7on;  Cybersecurity;  So^ware  Engineering  and  High  Performance  So^ware  Environments;  and  High  Performance  Computer  Systems.“  

30

Page 31: Trustworthy Computational Science: A Multi-decade Perspective

http://blog.ted.com/bridging-the-gulf-in-mental-health-care-vikram-patel-at-tedglobal2012/

Maximizing  Limited  Expertise  

31

Page 32: Trustworthy Computational Science: A Multi-decade Perspective

SUNDAR  •  Simplify  the  message  •  UNpack  the  treatment  •  Deliver  it  where  people  are  •  Affordable  and  available  human  resources  •  Realloca7on  of  specialists  to  train  and  supervise  

32

Page 33: Trustworthy Computational Science: A Multi-decade Perspective

Center for Trustworthy Scientific Cyberinfrastructure"

TrustedCI.org!!

Increase the NSF community’s understanding of cybersecurity for science, and advance its

implementation.!

Three-year project funded by NSF ACI.!

33

Page 34: Trustworthy Computational Science: A Multi-decade Perspective

CTSC Activities!

Engagements!LIGO, SciGAP, IceCube, Pegasus, CC-NIE peer reviews, DKIST, LTERNO, DataONE, SEAD, CyberGIS, HUBzero, Globus, LSST, OOI, NEON.!

Education and Training!Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects, Securing Commodity IT in Scientific CI Projects, Baseline Controls and Best Practices, Training for CI professionals.!

Leadership!Organized 2013, 2014 & 2015 Cybersecurity Summits for Large Facilities and CI, vulnerability awareness, Cybersecurity for Large Facilities Manual.!

34

Page 35: Trustworthy Computational Science: A Multi-decade Perspective

Cybersecurity Program Guide!

Baseline  prac7ces  and  risk  management,  tailored  for  science  projects  with  guidance  and  templates.  

http://trustedci.org/guide/

35

Page 36: Trustworthy Computational Science: A Multi-decade Perspective

Please Join Us!!

!2015 NSF Cybersecurity Summit for !

Large Facilities and Cyberinfrastructure.!August 17-19, 2015. Arlington, VA!

!!

Email lists, details and CFP coming soon at trustedci.org!

36

Page 37: Trustworthy Computational Science: A Multi-decade Perspective

In conclusion…!

Cybersecurity  for  science  is  about  managing  risks  for  science  to  maximize  trustworthy  science.    Science  itself  has  much  to  offer  in  the  process  if  we  can  figure  out  how  the  worlds  of  cybersecurity  and  science  interact.    By  leveraging  our  specialists  for  training  and  maximum  impact,  we  can  overcome  workforce  constraints  to  make  this  a  reality.          

37

Page 38: Trustworthy Computational Science: A Multi-decade Perspective

Acknowledgements  •  Colleagues  at  CACR,  CTSC,  XSIM  who  make  all  this  

work  possible.  •  Mike  Corn,  Adam  Lyon  for  discussions  and  feedback.  •  Department  of  Energy  Next-­‐Genera7on  Networks  for  

Science  (NGNS)  program  (Grant  No.  DE-­‐FG02-­‐12ER26111).  

•  Na7onal  Science  Founda7on  (Grant  1234408).      

The  views  and  conclusions  contained  herein  are  those  of  the  author  and  should  not  be  interpreted  as  necessarily  represen7ng  the  official  policies  or  endorsements,  

either  expressed  or  implied,  of  the  sponsors  or  any  organiza7on  

38

Page 39: Trustworthy Computational Science: A Multi-decade Perspective

Notes  •  Science  Output  •  Science  has  error  management  •  SUNDAR  ==  Beau7ful  in  Indian  •  Need  to  clarify  Science/cybersecurity  risk  management  rela7onship.  

39


Top Related