"Thank goodness it wasn't us!"

We can't help it. Every time another nasty cybersecurity failure makes headlines, our eyes roll heavenward and we breathe a sigh of relief. Yet, while we have great empathy for the CIO at the enterprise that just got nailed, we know there's a bullet somewhere with our name on it.

Not just one bullet--millions of them. At Pacific Northwest National Laboratory, we deflect more than 3 million attacks on our Internet firewall every day--10% of the connection requests. During the same time, our e-mail system rejects more than 1.2 million messages from disreputable sources or because they're detected as spam. That's nearly 97% of the e-mail being sent via the Internet to the laboratory. And it's getting worse daily.

PNNL is a U. S. Department of Energy Office of Science national laboratory that's working to solve complex problems in energy, the environment, and national security. Our 4,000 staffers conduct fundamental research in the chemical, biological, materials, environmental, and computational sciences, and translate new discoveries into practical solutions to some of the most vital challenges facing our nation.

That kind of work attracts a lot of interest, not all of it good. Attackers range from hackers to organized crime to foreign governments. The motives are economic, national security, or simply the challenge of attacking a government facility. The targets include intellectual property, customer data and other proprietary or business information, and personal information such as employee Social Security numbers.

Concurrent with the need to protect our sensitive information assets, we must also allow for appropriate and authorized sharing of data, scientific instruments, and computing resources with scientists around the world. Collaboration is an imperative of modern science, and IT enables effective and efficient partnering without regard to time or place. In addition, we have to ensure the availability of computing resources, including one of the world's largest supercomputers.

Cyberattacks are constantly evolving and increasingly sophisticated, making it impossible to get ahead of the perpetrators. To counter these attacks, the lab has deployed a defense-in-depth strategy with seven layers of protective measures. Each successive layer is designed to protect information and computing assets from attacks that get past the layers above.

Photograph by Mark Roberts