Cybersecurity and Risk Management for HPC

Print Friendly, PDF & Email

Henry Newman from Seagate Government Solutions

In this video from the HPC User Forum in Santa Fe, Henry Newman from Seagate Government Solutions presents: Cybersecurity and Risk Management and World-wide Standards.

Henry’s talk described how cyber attacks and security breaches have become commonplace with explosion of data. More often than not, these breaches could have prevented or greatly reduced if these institutions would have followed prescribed security standards. As we move to the edge and go to 5G networks, there is going to be more distributed data and therefore protection is going to have to go out to the edge as well. Right now, we don’t really know how to do that, so things are going to get a lot worse.

Henry described the inherent risks involved as the growth of data as world continues to go mobile. Analysis project that the world will have 163 zettabytes of data by 2025, with Figure 1 showing the growing gap between data that should be protected and data left unprotected. This gap reflects an increasing industry need for security and privacy technologies, systems, and processes to address it.

Henry centered the rest of his talk around the data lifecycle and where the data goes.

As we move to Exascale in HPC environments, there’s going to be more value to data that requires security, so we’re going to have more and more problems. He cited a number of security certification and standards to mitigate risk including Security Algorithms, Trusted Life-Cycle, Crypto Modules, Security Functionality, and Security Data Disposal.

Conclusions and Issue Going Forward:

  • Cyber attacks are an ever-increasing risk.
  • There are a number of existing standards out there for storage and cyber security and more are in the works.
  • Following standards is key to combatting future cyber attacks.
  • There is a growing threat vector from used drives, counterfeit drives and using devices from the gray market with uncertified firmware.
  • Secure erasure is difficult or impossible with SSD drives. Real Security requires a custodial approach throughout the device lifecycle.
  • There’s got to be a stronger level of storage security moving up the stack all the way through the system to follow NIST and ISO standards if we’re going to protect our ever-increasing stores of data.

See more talks from the HPC User Forum

Check out our insideHPC Events Calendar