Feature
News
2/21/2008
12:15 PM
50%
50%

CIOs Uncensored: Security Smarts

Pacific Northwest National Laboratory's defense-in-depth strategy involves seven layers of security.

"Thank goodness it wasn't us!"

We can't help it. Every time another nasty cybersecurity failure makes headlines, our eyes roll heavenward and we breathe a sigh of relief. Yet, while we have great empathy for the CIO at the enterprise that just got nailed, we know there's a bullet somewhere with our name on it.

Not just one bullet--millions of them. At Pacific Northwest National Laboratory, we deflect more than 3 million attacks on our Internet firewall every day--10% of the connection requests. During the same time, our e-mail system rejects more than 1.2 million messages from disreputable sources or because they're detected as spam. That's nearly 97% of the e-mail being sent via the Internet to the laboratory. And it's getting worse daily.

InformationWeek Reports

PNNL is a U. S. Department of Energy Office of Science national laboratory that's working to solve complex problems in energy, the environment, and national security. Our 4,000 staffers conduct fundamental research in the chemical, biological, materials, environmental, and computational sciences, and translate new discoveries into practical solutions to some of the most vital challenges facing our nation.

Pacific Northwest
National Laboratory

ESTABLISHED: In 1965 by the U.S. Department of Energy

STAFF: Approximately 4000

BUSINESS VOLUME (2007): $761 million

RESEARCH: Energy, environment, national security, and fundamental science for government, academia, and industry

PATENTS: 1,557, U.S. and foreign
That kind of work attracts a lot of interest, not all of it good. Attackers range from hackers to organized crime to foreign governments. The motives are economic, national security, or simply the challenge of attacking a government facility. The targets include intellectual property, customer data and other proprietary or business information, and personal information such as employee Social Security numbers.

Concurrent with the need to protect our sensitive information assets, we must also allow for appropriate and authorized sharing of data, scientific instruments, and computing resources with scientists around the world. Collaboration is an imperative of modern science, and IT enables effective and efficient partnering without regard to time or place. In addition, we have to ensure the availability of computing resources, including one of the world's largest supercomputers.

Cyberattacks are constantly evolving and increasingly sophisticated, making it impossible to get ahead of the perpetrators. To counter these attacks, the lab has deployed a defense-in-depth strategy with seven layers of protective measures. Each successive layer is designed to protect information and computing assets from attacks that get past the layers above.

Photograph by Mark Roberts

Previous
1 of 5
Next
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.