Raising the bar for cybersecurity

Rob Roser

Rob Roser

Rob Roser, chief information officer, wrote this column.

The game of cybersecurity is changing. No longer are threats strictly from those looking to mine passwords and credit card numbers for financial gain. In this new order, cyber espionage is being undertaken to gather intelligence of all types. The recent security-related events plaguing the federal government are powerful examples of this.

We at Fermilab must raise our game if we are to keep our information safe and secure in this new environment. However, we must do this within the context of our overall mission to provide an open scientific network enabling Fermilab collaborators from around the world to use our data. In the coming months, you’ll start to learn more about some changes in Fermilab cybersecurity. I summarize them briefly here.

First, we will separate our scientific network from the network used for nonscientific Internet traffic and our business network. Once they are separated, we can closely monitor the nonscientific and business traffic while allowing the large scientific data movement to proceed unobstructed. This will occur behind the scenes and should be largely undetected by the community.

Second, we are taking additional steps to ensure that content running on Fermilab websites is secure. Consequently, computing staff is reaching out to individuals who are running Web servers not hosted on the central Web service, including those running on nonstandard ports. The goal of this project is to turn off sites that are no longer used; move the bulk of the remaining sites onto the centrally managed systems; and increase monitoring of those yet remaining that have special requirements beyond what the central Web hosting can accommodate and that are still needed to satisfy a specific business requirement.

Finally, we will be moving to what is known as multifactor authentication (MFA), first for privileged users (system administrator types) and later to all users. This will affect individuals who work with sensitive data or require certain privileges. MFA is being mandated across the federal space, including the 17 national laboratories. How we satisfy this evolving requirement is still in discussion with DOE.

The bottom line is that, as a result of recent events, the bar has been raised for cybersecurity. Cyber espionage is being employed in countries around the world using a level of sophistication and tools not seen before. Fermilab must respond to protect our information and be proper custodians of the data we have been entrusted with. At the same time, we will try to do this in a way that minimizes the inconvenience and safeguards our scientific mission.