Peisert Compiles Workshop Report on Securing Scientific Computing Integrity
March 20, 2015
Sean Peisert of CRD’s Integrated Data Frameworks Group has published a report from a DOE workshop on ASCR Cybersecurity for Scientific Computing Integrity. Peisert co-chaired the workshop held Jan. 7-9 in Rockville, Md. CRD Director David Brown and ESnet’s Brian Tierney were members of the workshop organizing committee. Eric Roman of CRD and Scott Campbell of NERSC participated in the workshop.
According to the report, “scientific computing integrity assurance is of extremely high importance,” given that the “areas for which DOE is uniquely responsible, including energy, environment, and nuclear weapons all affect our nation’s future security and prosperity…Even for the basic science, it is vital that if U.S. taxpayer dollars are to fund a large cadre of the nation’s top scientists to do research, that the results can ultimately be trusted. And for applied science, the integrity of the computations and the data used to achieve these results is critical to provide confidence in any resulting policy decisions, as well as ensuring the safety of DOE’s own scientific instrumentation infrastructure.”
The report notes “We define scientific computing integrity as the ability to have high confidence that the scientific data that is generated, processed, stored, or transmitted by computers and computer-connected devices has a process, provenance, and correctness that is understood. Vital components of scientific computing integrity are also metrics and measures of both integrity and uncertainty in order to evaluate how much confidence can be placed in that data. Thus the development of advanced scientific computing methodologies for the design and evaluation of security of large-scale computational systems in the interests of assuring scientific computing integrity is of vital importance. DOE science uses a spectrum of both commodity and exotic technologies, including software, data, and hardware computing assets that have risk profiles that are poorly understood by the research and computer security communities.” Download the full report below.