12:15 PM

CIOs Uncensored: Security Smarts

Pacific Northwest National Laboratory's defense-in-depth strategy involves seven layers of security.

"Thank goodness it wasn't us!"

We can't help it. Every time another nasty cybersecurity failure makes headlines, our eyes roll heavenward and we breathe a sigh of relief. Yet, while we have great empathy for the CIO at the enterprise that just got nailed, we know there's a bullet somewhere with our name on it.

Not just one bullet--millions of them. At Pacific Northwest National Laboratory, we deflect more than 3 million attacks on our Internet firewall every day--10% of the connection requests. During the same time, our e-mail system rejects more than 1.2 million messages from disreputable sources or because they're detected as spam. That's nearly 97% of the e-mail being sent via the Internet to the laboratory. And it's getting worse daily.

InformationWeek Reports

PNNL is a U. S. Department of Energy Office of Science national laboratory that's working to solve complex problems in energy, the environment, and national security. Our 4,000 staffers conduct fundamental research in the chemical, biological, materials, environmental, and computational sciences, and translate new discoveries into practical solutions to some of the most vital challenges facing our nation.

Pacific Northwest
National Laboratory

ESTABLISHED: In 1965 by the U.S. Department of Energy

STAFF: Approximately 4000

BUSINESS VOLUME (2007): $761 million

RESEARCH: Energy, environment, national security, and fundamental science for government, academia, and industry

PATENTS: 1,557, U.S. and foreign
That kind of work attracts a lot of interest, not all of it good. Attackers range from hackers to organized crime to foreign governments. The motives are economic, national security, or simply the challenge of attacking a government facility. The targets include intellectual property, customer data and other proprietary or business information, and personal information such as employee Social Security numbers.

Concurrent with the need to protect our sensitive information assets, we must also allow for appropriate and authorized sharing of data, scientific instruments, and computing resources with scientists around the world. Collaboration is an imperative of modern science, and IT enables effective and efficient partnering without regard to time or place. In addition, we have to ensure the availability of computing resources, including one of the world's largest supercomputers.

Cyberattacks are constantly evolving and increasingly sophisticated, making it impossible to get ahead of the perpetrators. To counter these attacks, the lab has deployed a defense-in-depth strategy with seven layers of protective measures. Each successive layer is designed to protect information and computing assets from attacks that get past the layers above.

Photograph by Mark Roberts

1 of 5
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 24, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.