Once, most attacks on computer systems were committed by individuals, motivated by ego gratification, greed or revenge. But as computing resources increase in size and complexity, cyberattacks are increasingly the work of criminal organizations and hostile governments, motivated by large-scale illicit financial profit, sabotage, and espionage. Image courtesy of NCSA.

Randal Butler, Co-Director of the CyberSecurity Directorate at the National Center for Supercomputing Applications, University of Illinois , contributed this article, the first of a two-part series.

The grid offers many advantages for computing, as we all know. But it offers one singular disadvantage: a grid is only as strong as its least secure site.

The cyber attacks we see today typically span multiple systems, sites and even countries, as attackers use increasingly sophisticated methods both to gain access and to obfuscate their location. FBI sources tell us that today’s attacks target specific projects, technologies and organizations, and take advantage of established trust relationships. Further, organized crime and nation-states are often behind these attacks.   

A well-documented attack of this type in 2004 from outside the U.S. impacted national centers like NCSA, university computing facilities, DOE sites, and industry not only in the United States, but throughout Europe. The intruder installed SSH trojans, harvested usernames and passwords, and used them to gain further privileges and access to other systems. In many cases the intruder managed to carry out these activities without disrupting the system, allowing him to proceed undetected. The attack resulted in extended outages at affected sites over the course of several months.

A map depicting much of the U.S. research cyberinfrastructure (click image for full map and legend). One important challenge of grid security is that similarly configured nodes at different sites may possess identical vulnerabilities; another is that the same credentials may be used to access multiple resources. By exploiting these and other weaknesses, in 2004 a Swedish hacker nicknamed "Stakkato" was able to harvest the account information of hundreds of users at universities, federal sites and private companies across the country, costing millions of dollars in damage, investigation and cleanup efforts.  Image courtesy of NCSA.

Trust, risk and protection

A grid requires coordinated, cross-domain security. A software compromise at one site may reveal the same vulnerability at another. Single sign-on amplifies the risk: it simplifies access to resources within a grid for a scientist as well as for a criminal who has stolen the scientist’s credentials...

The grid requires trust among individuals and institutions, and “multidirectional trust” among researchers, virtual organizations, resources, applications, services, system administrators, and security staff. The greatest challenge for the creation of a grid is often the establishment of these trust relationships. Our experiences with the early NCSA Alliance Grid, the TeraGrid and the Open Science Grid have demonstrated that building and maintaining a grid have as much to do with social networking as with the actual technology.

Grids have by necessity been drivers of cyber security policies and practices. For example, in 1998 the NCSA Alliance Grid drove the development of identity management and incident response procedures for its participating sites as they federated. This contributed to efforts within the Grid Forum (as it was initially known, now OGF) to develop standard policy document templates for Grid Certification Authority. Other bodies, notably the International Grid Trust Federation and the Joint Security Policy Group have expanded on these templates and developed best practices and interoperable security policy documents.

The increase in trust relationships among cyber resource sites and the expansion of services and access to those cyber resources must be balanced by protection of those resources. That gets to the heart of what grid cyber security is really all about: enabling  researchers to collaborate and get science done while protecting an organization’s cyberinfrastructure. 

We will discuss collaborative investigations next week in part II of this article.

—Randal Butler, NCSA