Collaborative Operational Security: The future of Cybersecurity for Research and Education

¹ RAL, UKRI STFC, UK
² University of Durham
³ European Organization for Nuclear Research (CERN), Geneva, Switzerland
⁴ University of Chicago
⁵ Physics Department, University of Michigan, Ann Arbor, MI, USA

Published online: 6 May 2024

Abstract

No single organisation has the resources to defend its services alone against most modern malicious actors and so we must protect ourselves as a community. In the face of determined and well-resourced attackers, we must actively collaborate in this effort across HEP and more broadly across Research and Education (R&E).

Parallel efforts are necessary to respond appropriately to this requirement. We must share threat intelligence about ongoing cybersecurity incidents with our trusted partners and deploy the fine-grained security network monitoring necessary to make active use of this intelligence. We must also engage with senior management in our organizations to ensure that we work alongside any broader organisational cybersecurity development programs.

We report on progress of the Security Operations Center (SOC) Working Group, established by the WLCG but with membership encompassing the R&E sector. The goal of the Working Group is to develop reference designs for SOC deployments and empower R&E organisations to collect, leverage, and act upon targeted, contextualized, actionable threat intelligence. This report will include recent SOC deployment activities at sites with network connectivity in excess of 100Gb/s, as well as new technology designs. An important development, which is likely to form a key part of the WLCG security strategy, is the potential use of passive DNS logs to allow sites without fine-grained network monitoring to benefit from the threat intelligence available to our community.

We also report on higher-level progress in engaging with the broader community to establish common approaches to this vital area of cybersecurity.