Cybersecurity is everyone’s responsibility! Fermilab’s Cybersecurity Team (CST) works in a three-fold partnership with lab employees and lab management to protect our cyber systems, walking a fine line between providing the open and flexible computing and networking environment necessary to accomplish our scientific mission, and delivering adequate defensive measures to minimize mission down time due to cyber attacks. The Internet is a dangerous place populated by both individual criminal and nation state adversaries, but too much regulation could stifle our scientific mission. Only by working closely with our scientific and business users (and carefully understanding our risk environment) can we properly choose the appropriate set of security controls that mitigates risk without interfering with the mission.
CST has two closely related sections:
- CSO (cyber operations team), the operational and technical side, which operates a variety of cyber defenses, constantly scans our network looking for vulnerable or out of compliance systems, and maintains a 24×7 on-call rotation to respond to and contain any potential cyber security incidents. To operate effectively CSO needs the close cooperation of all lab computer users in promptly fixing any deficiencies discovered in our scans, and in quickly reporting any suspected cyber incidents for expert triage and response.
- CAO (compliance, accreditation and oversight), the portion of the team that drafts policies, reviews risk assessments, oversees testing and evaluation of all security controls, ensures our documentation suite of security plans is up to date, and coordinates with the DOE Fermi Site Office in maintaining accreditation and authority to operate (ATO) of our computer systems.
In the early days of the Internet, computer security (as it was then known) was a part-time task managed by Distributed Computing and Network Departments, and invisible to most of the lab computer users (except for the forms that needed to be filled out before acquisition of any computing equipment). But as the complexity of the lab computing environment has grown exponentially and the threats present on the Internet have similarly increased, the team is now a dedicated full-time staff of ten individuals who can only accomplish our goals with the full laboratory staff sharing security awareness.