Berkeley Lab Computing Sciences Research performs extensive research in cybersecurity. Its mission-driven emphasis focuses on security for research cyberinfrastructure, including high-performance computing, high-throughput networking environments, and intrumentation; security of cyber-physical systems, notably in the power grid; and security of nuclear arms control monitoring systems and safeguards. These projects include collaborations with numerous other academic, National Lab, and industry partners. Recent research sponsors have included the Department of Energy (DOE) Advanced Scientific Computing Research (ASCR) and Cybersecurity Research, Development, and Demonstration for Energy Systems program programs, the National Nuclear Security Administration (NNSA), the National Science Foundation (NSF) Secure and Trustworthy Computing (SaTC) program and Office of Advanced Cyberinfrastructure (OAC), the U.S. Department of Homeland Security’s Science and Technology Directorate, and the National Security Agency.
Berkeley Lab’s overarching cybersecurity goals are to research, develop, evaluate, adapt, and integrate advanced security and privacy solutions that enable or improve scientific workflows that may otherwise not be possible due to real or perceived security restrictions that, using today’s solution, impose onerous usability and/or performance constraints, thereby hindering scientific progress. Berkeley Lab also has a long history in novel, usable, and useful solutions for energy delivery systems and nuclear non-proliferation.
Berkeley Lab has had a leadership role in security in scientific computing environments and research cyberinfrastructure for many years, including the development of the Zeek (Bro) Network Security Monitor, as well as leading several DOE-sponsored activities related to defining a cybersecurity research program within the DOE. Berkeley Lab is the lead institution of Trusted CI, the NSF Cybersecurity Center of Excellence.
Recent highlights of LBNL Computing Sciences’ cybersecurity research activities include:
Leading studies into scientific data integrity, scientific data confidentiality, and software assurance in science, operational technology in science, and building security into NSF Major Facilities by design. ⇒ The latter is directly impacting design, construction, and operations of the California Coastal Research Vessel, the NSF Regional Class Research Vessels, U.S. Antarctic Program’s $1B icebreaker, and Ocean Observatory Initiatives’ replacement of hundreds of underwater autonomous vehicles.
Developed definitions and research roadmaps for hardware/software co-design of future HPC systems, high-throughput networks, and networked scientific instruments to build cybersecurity in by design. ⇒ Led directly to HPC cybersecurity elements of DOE funding solicitations and has been central to NIST HPC Security working group.
Development of secure computation architectures optimized for scientific computing to ensure trustworthiness of scientific data from the edge to the HPC center.
Development and application of differential privacy to power grid and vehicle mobility data and applications ⇒ The DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER) is seeking to deploy the former operationally and the latter has already enabled mobility research otherwise not possible due to data sharing restrictions.
Developed the first practical approaches to integrate physics of operational technology in the power grid with intrusion detection to ensure their secure operation. ⇒ Now broadly used in applied research efforts globally, and appear in DOE funding solicitations and Congressional budget appropriations.
Co-leading the Open Science Cyber Risk Profile (OSCRP) working group — an approach to help research cyberinfrastructure operators understand cyber risks. ⇒ Now a recommended reference in all NSF CICI solicitations since 2018 and the NSF Research Infrastructure Guide (RIG) (21-107, Dec. 2021).
Codification of the “Medical Science DMZ” — a “network design pattern” for enabling secure, high-volume, high-throughput transfer of sensitive data, such as data subject to HIPAA or CUI regulations. ⇒ Now used by companies and research institutions globally, including the NSF Global Research Platform.
Announcing the Publication of v2 of the Trusted CI OT Procurement Matrix & Companion Guide — Oct. 7, 2024
Cybersecurity Center of Excellence Receives Five-Year, $6M/Year Award From NSF [expanded announcement] — Oct. 3, 2024
Announcing publication of the Operational Technology Procurement Vendor Matrix — Dec. 15, 2023
Berkeley Lab Leading the Way with New Cybersecurity Projects — Nov. 6, 2023
Updates on Trusted CI’s Efforts in Cybersecurity by Design of NSF Academic Maritime Facilities — Jul. 24, 2023
Registration Open for 3rd HPC Security Workshop at NIST NCCoE — Feb. 3, 2023
Announcing the 2023 Trusted CI Annual Challenge: Building Security Into NSF Major Facilities By Design — Jan. 25, 2023
Publication of the Trusted CI Roadmap for Securing Operational Technology in NSF Scientific Research — Nov. 16, 2022.
Scientific Data Division Summer Students Tackle Data Privacy - Sept. 15, 2022
Findings of the 2022 Trusted CI Study on the Security of Operational Technology in NSF Scientific Research — July 15, 2022
Berkeley Lab’s Sean Peisert Tapped to Take on Deputy Director Role — June 28, 2022
Better Scientific Software (BSSw) Helps Promote Trusted CI Guide to Securing Scientific Software — May 13, 2022
Publication of the Trusted CI Guide to Securing Scientific Software — Dec. 14, 2021