Trustworthy Computational Science: A Multi-decade Perspective

422 views

Published on

Trust is critical to the process of science. Two decades ago the Internet and World Wide Web fostered a new age in computational science with the emergence of accessible and high performance computing, storage, software, and networking. More recent paradigms, including virtual organizations, federated identity, big data, and global-scale operations continue to evolve the way computing for science is performed.
Advancing technologies, the need to coordinate across organizations and nations, and an evolving threat landscape are sources of ongoing challenges in maintaining the trustworthy nature of computational infrastructure and the science it supports. To address these challenges, a number of projects have focused on improving the cybersecurity and trustworthiness of scientific computing. Recent examples include the Center for Trustworthy Scientific Cyberinfrastructure funded by NSF, the Software Assurance Marketplace funded by DHS, and the Extreme Scale Identity Management for Science project funded by DOE.
This presentation will give a 20 year retrospective together with a vision for the future of cybersecurity for computational science. It will describe the state of trust and cybersecurity for scientific computing, its evolution over the past twenty years, challenges it is facing today, how the exemplar projects are addressing those challenges, and a vision of cybersecurity for research and higher education in general augmenting each other in the future.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
422
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Trustworthy Computational Science: A Multi-decade Perspective

  1. 1. A Multi-decade Perspective! Trustworthy Computational Science! Von Welch! Indiana University! Director, CACR! April 15, 2015!
  2. 2. About  the  Center  for  Applied   Cybersecurity  Research   •  Interdisciplinary  applied  research  into   cybersecurity.   •  Bridge  cybersecurity  research  and  prac7ce   across  Indiana  University.   •  Externally  facing,  with  projects  funded  by   NSF,  DOE,  DHS,  …   •  Part  of  Pervasive  Technology  Ins7tute.   2
  3. 3. My  talk:  Cybersecurity  and  Science   •  The  rise  of  scien7fic  compu7ng.   •  Cybersecurity  as  risk  management.   •  What  are  the  risks  to  science?   •  What  can  science  teach  cybersecurity?   •  PuOng  it  all  together.   •  How  put  this  into  prac7ce?   3
  4. 4. The “Good Old Days” Scientists were employees or students – physically co-located. Image credit: Wikipedia 4
  5. 5. Then remote access… Scientists start being remote from the computers. But still affiliated with computing centers. Image credit: All About Apple Museum Creative Commons Attribution-Share Alike 2.5 Italy 5
  6. 6. Growth of the scientific collaboration Number of scientists, institutions, resources. Large, expensive, rare/unique instruments. Increasing amounts of data. Image credit: Ian Bird/CERN 6
  7. 7. Cyberinfrastructure! Scientific Community! Multiple Universities and/or Research Orgs! Regional R&E and Commercial Services! Open Source and Scientific Software! R&E Networks,! IRNCs,! Science DMZs! … The  “Science  Stack”   7
  8. 8. Cyberinfrastructure   PCs/Mobile   HPC   HTC   HPSS   Instruments   Science   Data   Servers   Portals   Commodity          Unique   Satellite  Links   HPN   Science  DMZ  Cloud   Data   Subjects   8
  9. 9. What  is  the  Goal   of  Cybersecurity   for  Science?   9
  10. 10. Cybersecurity Historically! Firewalls, IDS, encryption, logs, passwords, etc.! ! Not inspirational to the science community" (or many others).! 10
  11. 11. Contemporary Cybersecurity! Cybersecurity supports the organization’s mission by managing risks to science.! 11
  12. 12. Maximizing  Trustworthy  Science   Trustworthy Science Output Too much risk Too little Science Security 12
  13. 13. What  are  the  risks  to  Science?   13 ?
  14. 14. Trustworthy Science!   Integrity of data and computation are critical to maintaining the trust of scientists and the public in CI.! ! Perception of integrity is often just as important as reality.! ! 14
  15. 15. Do No Harm! Cyberinfrastructure represents some impressive cyber- facilities.! ! Being used as a tool to harm others would be very damaging to one’s reputation.     15
  16. 16. Collaboration is key to science. " " Trust is key to collaboration.! 16
  17. 17. Identity Matters to Science…! Scott  Koranda/LIGO  -­‐  Oct’11   17
  18. 18. Specific Concerns! Many science domains, communities, and projects have particular concerns.! ! The risks related to confidentiality, integrity, and availability vary greatly, and go by their own nomenclature.! 18
  19. 19. Cyberinfrastructure! Scientific Community! Multiple Universities and/or Research Orgs! Regional R&E and Commercial Services! Open Source and Scientific Software! R&E Networks,! IRNCs,! Science DMZs! … How  do  we  manage  these  Risks?   19
  20. 20. Leverage  services  when  possible   •  Leverage  cybersecurity  in  these  services.   •  Save  effort  for  science-­‐specific  challenges.   •  Challenge:  Quan7fy  and  manage  residual   risks  from  those  services.   Multiple Universities and/or Research Orgs! Regional R&E and Commercial Services! Open Source and Scientific Software! R&E Networks,! IRNCs,! Science DMZs! … 20
  21. 21. Commodity  IT   •  Use  baseline   cybersecurity   prac7ces  from  NIST   and  others.   E.g.  hXp:// trustedci.org/guide/ docs/commodityIT   21 Commodity IT
  22. 22. Unique  IT/ Instruments/ Data/etc.   •  Must  understand   and  manage  risk   •  A  custom  task  –  can   be  helped  with   resources   E.g.  hXp:// trustedci.org/guide/   22 Unique Assets
  23. 23. What  about  the  Science  itself?   •  The  mission  we  are  ul7mately  suppor7ng.   •  A  source  of  risks.   But  is  that  all?   Scientific Community! 23
  24. 24. Science  Manages  Risks  as  Well   •  Biases   •  Errors   24 http://www.ligo.org/news/blind-injection.php
  25. 25. http://cms.web.cern.ch/news/blinding- and-unblinding-analyses 25 https://theoreticalecology.wordpress.com/2012/06/22/statistical- analysis-with-blinded-data-a-way-to-go-for-ecology/
  26. 26. Bias:  The  Ultimate  Insider  Threat   •  “Insider  Threat”  –  dealing  with  risks  that   originate  from  inside  the  organiza7on.   •  Science  has  been  dealing  with  the  risk  of  bias   for  a  long  7me.   •  Mature  science  projects  bring  a  lot  of  risk   management  around  bias  that  should  be   leveraged  by  cybersecurity.   •  What  is  the  residual  risk  in  computa7onal   science  a^er  bias  management?   26
  27. 27. 27
  28. 28. Cyberinfrastructure! Scientific Community! Multiple Universities and/or Research Orgs! Regional R&E and Commercial Services! Open Source and Scientific Software! R&E Networks,! IRNCs,! Science DMZs! … Putting  it  all  together…   Leverage science processes, understand risks. Baseline controls, risk management. Leverage services and cybersecurity to conserve effort, understand and manage residual risks. 28
  29. 29. How  do  we   put  this  into   practice?   29
  30. 30. http://science.energy.gov/~/media/ascr/ascac/pdf/charges/ASCAC_Workforce_Letter_Report.pdf DOE  Advanced  ScientiPic  Computing  Advisory   Committee  Workforce  Subcommittee  Letter   “In  par7cular,  the  findings  reveal  that:  All  large  DOE   na7onal  laboratories  face  workforce  recruitment  and   reten7on  challenges  in  the  fields  within  Compu7ng   Sciences  that  are  relevant  to  their  mission  (…),  including   Algorithms  (both  numerical  and  non-­‐numerical);   Applied  Mathema7cs;  Data  Analysis,  Management  and   Visualiza7on;  Cybersecurity;  So^ware  Engineering  and   High  Performance  So^ware  Environments;  and  High   Performance  Computer  Systems.“   30
  31. 31. http://blog.ted.com/bridging-the-gulf-in-mental-health-care-vikram-patel-at-tedglobal2012/ Maximizing  Limited  Expertise   31
  32. 32. SUNDAR   •  Simplify  the  message   •  UNpack  the  treatment   •  Deliver  it  where  people  are   •  Affordable  and  available  human  resources   •  Realloca7on  of  specialists  to  train  and   supervise   32
  33. 33. Center for Trustworthy Scientific Cyberinfrastructure" TrustedCI.org! ! Increase the NSF community’s understanding of cybersecurity for science, and advance its implementation.! Three-year project funded by NSF ACI.! 33
  34. 34. CTSC Activities! Engagements! LIGO, SciGAP, IceCube, Pegasus, CC-NIE peer reviews, DKIST, LTERNO, DataONE, SEAD, CyberGIS, HUBzero, Globus, LSST, OOI, NEON.! Education and Training! Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects, Securing Commodity IT in Scientific CI Projects, Baseline Controls and Best Practices, Training for CI professionals.! Leadership! Organized 2013, 2014 & 2015 Cybersecurity Summits for Large Facilities and CI, vulnerability awareness, Cybersecurity for Large Facilities Manual.! 34
  35. 35. Cybersecurity Program Guide! Baseline  prac7ces  and  risk  management,   tailored  for  science  projects  with  guidance   and  templates.   http://trustedci.org/guide/ 35
  36. 36. Please Join Us!! ! 2015 NSF Cybersecurity Summit for ! Large Facilities and Cyberinfrastructure.! August 17-19, 2015. Arlington, VA! ! ! Email lists, details and CFP coming soon at trustedci.org! 36
  37. 37. In conclusion…! Cybersecurity  for  science  is  about  managing  risks  for   science  to  maximize  trustworthy  science.     Science  itself  has  much  to  offer  in  the  process  if  we  can   figure  out  how  the  worlds  of  cybersecurity  and  science   interact.     By  leveraging  our  specialists  for  training  and  maximum   impact,  we  can  overcome  workforce  constraints  to  make   this  a  reality.         37
  38. 38. Acknowledgements   •  Colleagues  at  CACR,  CTSC,  XSIM  who  make  all  this   work  possible.   •  Mike  Corn,  Adam  Lyon  for  discussions  and  feedback.   •  Department  of  Energy  Next-­‐Genera7on  Networks  for   Science  (NGNS)  program  (Grant  No.  DE-­‐ FG02-­‐12ER26111).   •  Na7onal  Science  Founda7on  (Grant  1234408).       The  views  and  conclusions  contained  herein  are  those  of  the  author  and  should  not   be  interpreted  as  necessarily  represen7ng  the  official  policies  or  endorsements,   either  expressed  or  implied,  of  the  sponsors  or  any  organiza7on   38
  39. 39. Notes   •  Science  Output   •  Science  has  error  management   •  SUNDAR  ==  Beau7ful  in  Indian   •  Need  to  clarify  Science/cybersecurity  risk   management  rela7onship.   39

×