"Explaining Software Security in Scientific Computing"
Even the most experienced cybersecurity experts may struggle to secure sensitive data and vital systems from cyberattacks as the global cyberthreat environment worsens. This also holds true for settings used for scientific computing, particularly those that have an Internet-exposed user-facing front end. Sean Peisert, a senior scientist in the scientific data division at Lawrence Berkeley National Laboratory (Berkeley Lab), recently co-authored the "Guide to Securing Scientific Software" alongside colleagues from other organizations who are also members of Trusted CI, the NSF Cybersecurity Center of Excellence. The document is intended to assist software developers in better understanding and addressing critical security gaps, as well as to inform policymakers responsible for allocating resources to improving the state of scientific software security. The guide is the second in an ongoing series of reports resulting from a multi-year program focused on topics critical to the security of scientific computing environments. The first year focused on increasing data reliability for open science and the second year was on software assurance. The third year will focus on the security of Operational Technology (OT) or Cyber-Physical Systems (CPS) in science. OT or CPS are networked systems that are linked to computing systems on one side and physical system controls or sensors on the other. In December 2022, the "solutions roadmap" will be released. This article continues to discuss the Guide to Securing Scientific Software as well as key points shared by Peisert regarding the most critical issues in scientific software cybersecurity, threats and vulnerabilities, and how security can be improved.
Lawrence Berkeley National Laboratory reports "Explaining Software Security in Scientific Computing"