|
 |
DOE Cybersecurity R&D Challenges for Open Science:
Developing a Roadmap and Vision
American Geophysical Union Building (AGU)
Washington DCJanuary 24-26, 2007
Meeting Organizers: Deb Agarwal (LBNL), Walter Dykas (ORNL) , and Mike Robertson (DOE) |
|
|
Meeting Organizers: Deb Agarwal (LBNL), Walter Dykas (ORNL) , and Mike Robertson (DOE) |
Identify the research needs and opportunities associated with cybersecurity for open science. Focus on those needs particularly associated with DOE supercomputing, user facilities, high-speed networks, laboratories, and other open collaborative science stakeholders. Include a discussion of how open science cybersecurity differs from general cybersecurity and explore the implications this may have for cybersecurity research activities. Prepare a preliminary letter report within one week of workshop completion and follow with a full report within 60 days of workshop completion.
The Department of Energy (DOE) Office of Science is responsible for the operation of some of the nation's most advanced science research and development user facilities located at the national laboratories. These facilities include supercomputing centers, large-scale experiments, and the high-speed networks that connect them. DOE Office of Science researchers are also participants in experiments such as ITER, CMS, and ATLAS, which are hosted by other countries. These one-of-a-kind facilities and experiments involve thousands of scientists spread throughout the globe, including sensitive countries. In 2005, 18 of the 20 top ESnet flows were to or from an international site. Greater than 50% of the DOE Office of Science PIs and facility users are at universities and DOE’s NERSC supercomputing center has 2500 users with over 50% of these users being at universities. Many of these users rarely or never visit the DOE facility they are using.
As ESnet moves to 40 Gbps interconnections at high-end computing facilities, and the facilities themselves move to peta-scale computers, high-speed data transfers will be routinely moving peta-bytes of data to and from DOE sites. The software that supports modern open science and provides high-speed data transfers, specialized computations, distributed computational capabilities, virtual organization support, and experiment control is generally not available from commercial sources. This software has instead been developed by research and development projects to support these capabilities. One example of this largely non-commercial software is the Grid software which incorporates authentication, authorization, scheduling, data transfer, portals, etc. The Grid software forms the core of the Open Science Grid which is depended on by many science collaborations (often referred to as virtual organizations) including the Atlas and CMS experiments at the LHC.
DOE sites, as key participants in open science collaborations, need methods of participating as first-class entities and resources in the virtual organizations while protecting DOE resources from hackers. Protecting the facilities and detecting malicious attacks without adversely affecting scientific missions is particularly challenging given the high performance requirements, global user population, and diversity of custom applications and software the projects require. Securing DOE Office of Science’s high-value resources in this environment requires continual vigilance and adaptation.
Cybersecurity for open science requires an evolving approach that continually keeps pace with performance requirements and the hacker environment. The next generation of cybersecurity solutions to support DOE supercomputing, user facilities, high-speed networks, laboratories, and open science will require integration of cybersecurity research, development, and operations teams to bridge the remaining gaps between the open collaborative science needs and the cybersecurity tools available today. The end goal is to provide practical solutions and tools which can be deployed operationally within research environments. Key to success of this effort will be collaboration with networking staff, stakeholders, policy makers, and users and deployment and testing of cybersecurity infrastructure on real networks and systems. Testing over real production networks is the only means of understanding the usage scenarios and determining the utility and scalability of the approach, and is essential to the success of any security measure in this environment The DOE national laboratories and user facilities provide an ideal environment in which to research, develop, test, and deploy an open science cybersecurity system. There is a unique level of consensus and information interchange across and within enclaves — collaboration grown from the fact that the labs and their wide-area network are all under the DOE. The DOE Office of Science labs bring together expert cybersecurity and networking operations staff and top cybersecurity researchers in an environment that allows teaming of these groups. In addition, many of the DOE science programs are based on large collaborations that span several enclaves and cross national borders. Projects such as the Open Science Grid span both DOE facilities and networks. These projects provide an ideal environment for deploying and testing interoperable cybersecurity systems within and across enclaves. The DOE Office of Science high-speed networking, supercomputing, and high-value facilities at the laboratories are extensive and need to be protected without compromising the mission of the office.A list of the current attendees can be found here.
For further information regarding this meeting, please contact Deb Agarwal.
|
Page last modified: Wednesday, 11-Jul-2007 10:17:32 PDT Contact: Webmaster <webmaster@george.lbl.gov> Credits:This workshop is funded by the U.S. Dept. of Energy, Office of Science, Office of Advanced Scientific Computing Research, Computational Science Research & Partnerships (SciDAC) Division. Privacy and site security notice to Users |