“Stefan, stop being paranoid. There is nothing severe happening with regards to CERN and cyber-security. Let us do our job and stop putting hurdles in the way…”. I felt pity when I heard that message as daily business teaches me and my team differently…
The plain truth is: CERN is under attack. Permanently. Even right now. Web servers. Mail systems. Interactive gateways. Databases. File stores. Office PCs & laptops. Passwords & accounts. In parallel, CERN runs a vast and heterogeneous diversity of computing services. Several computer centres. Dozens of control systems. Hundreds of developers. Thousands of users. Millions of web pages. Tens of millions of lines of code. Many of those assets are attackable. Some of them are vulnerable, weakly protected or lack any inherent security posture. This is naturally human. And this is normal for any digital system. But it also makes CERN as a whole vulnerable to aforementioned attacks. And it is only a question of time that such an attack turns out to be successful. Actually, some attacks have been successful in the past. As in any other enterprise running vast IT systems. And if we extrapolate from the past, there is no reason to believe that we are now safe for all future…
So maybe we just lack some kind of transparency. Transparency, in particular in security matters, is very important in order not to give the impression that we just create “FUD” (fear, uncertainty and doubt) to justify our roles, provide your with snake-oil as mitigative means, and monitor everything and all as we love playing policemen. On the contrary, transparency is important to create trust in our work, give you oversight of our doings, let you judge the reasonability of our decisions and provide means to question our strategies. For us, transparency towards our users, clients, and community is essential.
The regular CERN Bulletin articles are one example expressing what keeps us currently awake at night. But if you really want to learn what goes on on a daily basis, we also issue monthly computer security reports which list every computer security incident & issue, important vulnerabilities & weaknesses found as well as mishaps & problems encountered. These are fairly complete and fully reflect the current security problems related with CERN, CERN’s computing services, and CERN’s community. Recently, we delivered the 125th Bulletin article and soon we will produce our 100th Monthly Report! Therefore, if you want to learn more about computer security incidents & issues at CERN, feel free to follow our report and you will understand why I felt pity with the initial quote.
With that, we wish you a very secure 2017!
For further information, questions or help, check our web site or contact us at Computer.Security@cern.ch.