Berkeley Lab Computing Sciences Research performs extensive research in cybersecurity. Its mission-driven emphasis focuses on security for science, including high-performance computing, high-throughput networking environments, and research intrumentation. Research sponsors have typically included DOE’s ASCR program, and the National Science Foundation (NSF) SaTC program and OAC office, among others.
Berkeley Lab’s cybersecurity goals are to research, develop, evaluate, adapt, and integrate advanced security and privacy solutions that enable or improve scientific workflows that may otherwise not be possible due to real or perceived security restrictions that, using today’s solution, impose onerous usability and/or performance constraints, thereby hindering scientific progress.
Berkeley Lab has had a leadership role in security in research cyberinfrastructure environments for many years, including the development of the Zeek (Bro) Network Security Monitor, the 100G performance enhancements of Zeek (Bro), and Zeek (Bro)’s commercial spin-off, Corelight, Inc., as well as leading several DOE-sponsored activities related to defining a cybersecurity research program within the DOE Office of Science. Berkeley Lab is the lead institution of Trusted CI, the NSF Cybersecurity Center of Excellence.
Recent highlights of Berkeley Lab Computing Sciences’ cybersecurity research activities in research cyberinfrastructure include:
Leading studies into scientific data integrity, scientific data confidentiality, and software assurance in science, operational technology in science, and building security into NSF Major Facilities by design. ⇒ The latter is directly impacting design, construction, and operations of the California Coastal Research Vessel, the NSF Regional Class Research Vessels, U.S. Antarctic Program’s $1B icebreaker, and Ocean Observatory Initiatives’ replacement of hundreds of underwater autonomous vehicles.
Developed definitions and research roadmaps for hardware/software co-design of future HPC systems, high-throughput networks, and networked scientific instruments to build cybersecurity in by design. ⇒ Led directly to HPC cybersecurity elements of DOE funding solicitations and has been central to NIST HPC Security working group.
Development of secure computation architectures optimized for scientific computing to ensure trustworthiness of scientific data from the edge to the HPC center.
Development and application of differential privacy to power grid and vehicle mobility data and applications ⇒ The DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER) is seeking to deploy the former operationally and the latter has already enabled mobility research otherwise not possible due to data sharing restrictions.
Co-leading the Open Science Cyber Risk Profile (OSCRP) working group — an approach to help research cyberinfrastructure operators understand cyber risks. ⇒ Now a recommended reference in all NSF CICI solicitations since 2018 and the NSF Research Infrastructure Guide (RIG) (21-107, Dec. 2021).
Codification of the “Medical Science DMZ” — a “network design pattern” for enabling secure, high-volume, high-throughput transfer of sensitive data, such as data subject to HIPAA or CUI regulations. ⇒ Now used by companies and research institutions globally, including the NSF Global Research Platform.
ASCR Cybersecurity for Scientific Computing Workshop, June 2–3, 2015 [report]
ASCR Cybersecurity Workshop, January 7–9, 2015 [report, news]
DOE Grassroots Cybersecurity Initiative, 2008–2010 [Frincke presentation, Catlett ASCAC presentation, report 1, report 2, report 3]
DOE Cybersecurity research Challenges for Open Science: Developing a Roadmap and Vision, January 24–26, 2007 [news, report]
Cybersecurity Center of Excellence Receives Five-Year, $6M/Year Award From NSF [expanded announcement] — Oct. 3, 2024
Announcing publication of the Operational Technology Procurement Vendor Matrix — Dec. 15, 2023
Updates on Trusted CI’s Efforts in Cybersecurity by Design of NSF Academic Maritime Facilities — Jul. 24, 2023
SAVE THE DATE: Announcing the 2023 NSF Cybersecurity Summit, Oct 24-26, 2023 in Berkeley, CA — Mar. 21, 2023
Registration Open for 3rd HPC Security Workshop at NIST NCCoE — Feb. 3, 2023
Announcing the 2023 Trusted CI Annual Challenge: Building Security Into NSF Major Facilities By Design — Jan. 25, 2023
Sean Peisert, Publication of the Trusted CI Roadmap for Securing Operational Technology in NSF Scientific Research — Nov. 16, 2022.
Sean Peisert, Open Science Cyber Risk Profile (OSCRP) Updated with Science DMZ, Software Assurance, Operational Technology, and Cloud Computing Elements — Nov. 1, 2022
Findings of the 2022 Trusted CI Study on the Security of Operational Technology in NSF Scientific Research — July 15, 2022
Berkeley Lab’s Sean Peisert Tapped to Take on Deputy Director Role — June 28, 2022
Better Scientific Software (BSSw) Helps Promote Trusted CI Guide to Securing Scientific Software — May 13, 2022
Announcing the 2022 Trusted CI Annual Challenge on Scientific OT/CPS Security - Jan. 5, 2022
Andrew Adams, Dan Arnold, Jeannette Dopheide, Ryan Kiser, Mark Krenz, Drew Paine, Sean Peisert, Michael Simpson, and John Zage, “Trusted CI Operational Technology Procurement Vendor Matrix,” Dec. 14, 2023. DOI: 10.5281/zenodo.10257813
Jim Basney, Sean Peisert, Scott Russell, Kelli Shute, Bart Miller, and Kathy Benninger, “A Vision for Securing NSF’s Essential Scientific Cyberinfrastructure - Trusted CI Five-Year Strategic Plan (2024-2029),” August 1, 2023.
Ammar Haydari, Chen-Nee Chuah, Michael Zhang, Jane Macfarlane, and Sean Peisert, “Differentially Private Map Matching for Mobility Trajectories,” Proceedings of the 2022 Annual Computer Security Applications Conference (ACSAC), Austin, TX, December 5-9, 2022.
Andrew Adams, Emily K. Adams, Dan Gunter, Ryan Kiser, Mark Krenz, Sean Peisert, and John Zage. “Roadmap for Securing Operational Technology in NSF Scientific Research,” Trusted CI Report, November 16 2022.
Ayaz Akram, Venkatesh Akella, Sean Peisert, and Jason Lowe-Power, “SoK: Limitations of Confidential Computing via TEEs for High-Performance Compute Systems,” Proceedings of the 2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED), Sept. 26–27, 2022.
Andrew Adams, Kay Avila, Elisa Heymann, Mark Krenz, Jason R. Lee, Barton Miller, and Sean Peisert, “Guide to Securing Scientific Software,” Trusted CI Report, December 14, 2021.
Sean Peisert, “Trustworthy Scientific Computing,” Communications of the ACM (CACM), 64(5), pp. 18–21, May 2021.
Ayaz Akram, Anna Giannakou, Venkatesh Akella, Jason Lowe-Power, and Sean Peisert, “Performance Analysis of Scientific Computing Workloads on General Purpose TEEs,” Proceedings of the 35th IEEE International Parallel & Distributed Processing Sysmposium (IPDPS), May 17–21, 2021.
Sean Peisert, Eli Dart, William K. Barnett, James Cuff, Robert L. Grossman, Edward Balas, Ari Berman, Anurag Shankar, and Brian Tierney, “The Medical Science DMZ: An Network Design Pattern for Data-Intensive Medical Science”, Journal of the American Medical Informatics Association (JAMIA), 25,(3):267–274, March 2018.
Sean Peisert, “Security in High-Performance Computing Environments”, Communications of the ACM (CACM), 60(9):72-80, September 2017.
Sean Peisert, Von Welch, Andrew Adams, Michael Dopheide, Susan Sons, RuthAnne Bevier, Rich LeDuc, Pascal Meunier, Stephen Schwab, and Karen Stocks, Ilkay Altintas, James Cuff, Reagan Moore, and Warren Raquel, “Open Science Cyber Risk Profile,” February 2017.
Sean Whalen, Sean Peisert, Matt Bishop, “Multiclass Classification of Distributed Memory Parallel Computations,” Pattern Recognition Letters (PRL), 34(3):322-329, February 2013.
Announcing publication of the Operational Technology Procurement Vendor Matrix — Dec. 15, 2023
Updates on Trusted CI’s Efforts in Cybersecurity by Design of NSF Academic Maritime Facilities — Jul. 24, 2023
SAVE THE DATE: Announcing the 2023 NSF Cybersecurity Summit, Oct 24-26, 2023 in Berkeley, CA — Mar. 21, 2023
Registration Open for 3rd HPC Security Workshop at NIST NCCoE — Feb. 3, 2023
Announcing the 2023 Trusted CI Annual Challenge: Building Security Into NSF Major Facilities By Design — Jan. 25, 2023
Publication of the Trusted CI Roadmap for Securing Operational Technology in NSF Scientific Research — Nov. 16, 2022.
Scientific Data Division Summer Students Tackle Data Privacy - Sept. 15, 2022
Findings of the 2022 Trusted CI Study on the Security of Operational Technology in NSF Scientific Research — July 15, 2022
Berkeley Lab’s Sean Peisert Tapped to Take on Deputy Director Role — June 28, 2022
Announcement of Trusted CI Director Transition — June 27, 2022
Better Scientific Software (BSSw) Helps Promote Trusted CI Guide to Securing Scientific Software — May 13, 2022
Announcing the 2022 Trusted CI Annual Challenge on Scientific OT/CPS Security - Jan. 5, 2022
Publication of the Trusted CI Guide to Securing Scientific Software — Dec. 14, 2021
Findings Report of the 2021 Trusted CI Annual Challenge on Software Assurance Published — Sept. 29, 2021
Trusted CI new co-PIs: Peisert and Shute — Aug. 3, 2021
Initial Findings of the 2021 Trusted CI Annual Challenge on Software Assurance — Aug. 3, 2021
Announcing the 2021 Trusted CI Annual Challenge on Software Assurance - Mar. 30, 2021
Summer Students Tackle COVID-19 — Oct. 21, 2020
Data Confidentiality Issues and Solutions in Academic Research Computing — Sept. 10, 2020
Fantastic Bits and Why They Flip — Jun. 23, 2020
Impact of AI in DOE National Laboratories (YouTube video) (security discussion at 1'07") — Sept. 29, 2019
Berkeley Lab Cybersecurity Specialist Highlights Data Sharing Benefits, Challenges at NAS Meeting — Dec. 4, 2018
CRD’s Peisert to Discuss Data Sharing at National Academies’ COSEMPUP Meeting — Nov. 5, 2018
Berkeley Lab Contributes to $2.5M supplemental grant for NSF-funded Cybersecurity Center of Excellence — Oct. 5, 2018
Lab Experts Help Coordinate ISC18, World’s First, Largest Computing Conference — June 21, 2018
Into the Medical Science DMZ (Science Node) — March 23, 2018
Berkeley Lab Researchers Contribute to Making Blockchains Even More Robust — January 30, 2018
ESnet’s Science DMZ Design Could Help Transfer, Protect Medical Research Data — October 16, 2017
Berkeley Lab’s cybersecurity expert Sean Peisert discusses challenges & opportunities of securing HPC — Aug. 24, 2017
HPC security article in Communications of the ACM
Video accompanying HPC security article on Vimeo
Cybersecurity: New Directions for Research and Education Networks — May 26, 2017
Mind the gap: Speaking like a cybersecurity pro — Feb. 10, 2017
Building a CENIC Security Strategy — Jan. 11, 2017
Working Group on Open Science Cybersecurity Risks Releases First Document Draft for Public Comment — Oct. 31, 2016
NSF Cybersecurity Center of Excellence, ESnet Organize Working Group on Open Science Threats — Jun. 22, 2016
ESnet, CENIC Announce Joint Cybersecurity Initiative - CRD’s Sean Peisert to serve as director of initiative [TABL] — Jan. 19, 2016