Cybersecurity Summit 2004 Addresses Security of Supercomputing Facilities

Last week was a busy week on the cybersecurity front.  It was so eventful that my blog postings this week are in an effort to catch up with what may already be old news!  However, an event held earlier in the week, the Cybersecurity Summit 2004 organized by the National Center for Atmospheric Research, has not been broadly publicized and is worth a few summary notes and observations.

The purpose of this invitation-only Summit was to share information about recent security intrusions, to emphasize security best practices, and to develop a trust network among participants in which methods of communication for future security events will be explored.  Breakout discussion sessions focused on user education and policies, education and policies for sysadmins, intrusion detection and network security, protection of host computer systems, and security implications for grid computing.

The discussions regarding the security incidents of this past year that impacted supercomputing centers and others was confidential and will not be recanted here.  However, among the most important lessons from those incidents and the corresponding discussions during the breakout groups was the need for better coordination and information sharing among the individuals responsible for incident handling.

A few concluding observations:

• The security challenges of supercomputing centers are not really all that different from those confronted by institutions of higher education.  However, since many of the centers are co-located at major research universities, there is a lot of similarity between the needs of the centers and those generally experienced by the Internet2 community.
• While “incident handling” is a broad concept, there were generally two recommendations that emerged from the workshop.  First, the need for more automated tools to assist sysadmins in conducting forensics and analyzing intrusions.  Second, the need for a trusted network of incident handlers for information sharing.
• There was a general consensus that workshops of this type should be repeated as a way to increase awareness about security incidents and to bring together sysadmins and incident handlers for professional development and human networking.
• There is a need for security training and professional development opportunities for sysadmins that is not being currently met by EDUCAUSE, Internet2, or other entities.
• There was a large amount of unawareness about the activities of the EDUCAUSE/Internet2 Security Task Force and the REN-ISAC to address some of the needs identified at the Summit as well as issues raised during previous workshops organized by the task force, also funded by NSF.

The above observations are not meant as criticism of the workshop organizers or the attendees.  There are real concerns that point out that much work remains to be done and there is a need for greater outreach by the Security Task Force to the affected communities.  These observations along with new relationships developed during the Summit will lead to further conversations, I am sure, and a re-assessment of the Security Task Force strategies in light of the issues identified.