|
America’s precious and powerful supercomputers
are bound together by the “Grid/TeraGrid”
which has now been proven to be extraordinarily vulnerable
to intrusion. The recent hack of the Grid was most likely
accomplished by a small group of young U.S. hackers.
What we — the public — do not know is if
the hackers were able to access information pertaining
to national security — the “crown jewels,”
so to speak.
What we do know is that one member of the Grid is Argonne
National Laboratory outside of Chicago which supports
upwards of 200 research projects, ranging from studies
of the atomic nucleus to global climate change research.
But classified, secret projects are also being undertaken
at Argonne. The question now becomes — was any
information dealing with national security projects
obtained by the hackers.
The designated spokesperson for the TeraGrid, Peter
Beckman, refuses to respond to inquiries.
In all likelihood, the silence comes from an unreasoned,
reflexive insistence by those ultimately responsible
for securing computer infrastructure, the Department
of Homeland Security and agents of the FBI. They have
silenced computer scientists and quasi-governmental
agencies like the National Science Foundation from discussing
the intrusion.
Scientists, who are supposed to thrive on a full, open
and free exchange of information, have been prevented
(have allowed themselves to be prevented) from discussing
the dangers inherent in their very crackable computers.
In doing so, they are engaging in a cover-up of the
problem and allowing it to happen again. Once hacked,
a prized target will be hit again, as night follows
day.
The computers and what was hacked
Your personal computer, purchased last year, probably
operates at about 5 billion (5,000,000,000) operations
per second. A supercomputer operates at one teraflop
— a trillion (1,000,000,000,000) operations per
second. Now, think about supercomputers, located in
different parts of the country, lashed together in harmony,
all crunching, and munching and manipulating gigantic
gobs of ones and zeros (computerese for information)
Think 20 teraflops — 20,000,000,000,000 operations
— every second.
This system is sometimes called the Grid, other times
the TeraGrid or even “Extensible Terascale Facility”
(ETF). Many scientists who build and run that conglomeration
of supercomputers would agree that it’s the next
major evolution of the Internet, and from the little
we know, the TeraGrid does good stuff.
If you’re trying to predict dangerous weather
conditions that may spawn tornadoes so that people in
the affected area might be given a few extra minutes
advance caution, warnings that could be the difference
between life and death, you need the “Grid.”
Physicians checking brain images of a patient suspected
of suffering Alzheimer’s can use the Grid to compare
it to images of healthy brains. A single breast cancer
patient’s mammogram can be analyzed and compared
over time to millions of other mammograms, then diagnosed
by experts across the globe. It can screen a list of
possible medicines in minutes rather than a full year,
and deliver the right one to the victim of a rare virus
or parasite.
Building a bridge in an earthquake? Engineers using
the Grid can test just how much stress and pressure
the materials can take. If you’re an astronomer,
the Grid can help map the sky for celestial objects,
As Amy M. Braverman put it her fine article on Computer
Scientist Ira “Father
of the Grid” Foster in the University of Chicago
Magazine, soon the Grid will be used for “connecting
operating rooms ... the emergency rooms, radiology,
ambulances, and resident’s hand-held tablet PCs.”
Smart people, dumb decisions
Without getting into techie-hell, the folks who brought
you the Grid/TeraGrid/ETF needed to make it very easy
for all these different powerful computers across the
country to work together. In order to make that happen,
each computer had to be “open” — a
simple, easy and convenient way for computers and their
operators (i.e. scientists, grad students etc.) to “talk”
to and with one another. “Open” means it's
easy for users to enter. But it also means easy for
hackers, “abusers” to use access as well.
Mike Scher, an IT security expert, attorney, and Director
of Neohapsis Labs, a highly respected computer security
company, explains it this way.
“The university — and the Grid — that
model is essentially open. Not open in that anyone is
allowed onto anything, but that anyone who needs access
has to be allowed onto the Grid. The researcher today
may be Dr. X a the medical school, with regulated data;
the researcher tomorrow may be Prof.Y at the physics
low temperature facility with patentable methods at
play; next week it could be grad student doing open
research for a publicly-funded project.”
“Given a ‘maintain it yourself’ campus
computing model at most facilities, and no funding for
central maintenance of user's workstations, the problem
of openness is compounded.” The sad fact, Scher,
concludes, is that the IT people, Information Technology
folks who are charged with maintaining the security
of the Supercomputers, lack critical resources of time,
material, and technology to tackle the task.
Superprofessors who design supercomputers and superGrids
probably hadn’t figured out what the “threat
model” from hackers looks like. They probably
knew they needed to keep hackers out but it appears
they just didn’t figure how smart even mediocre
hackers had become.
The problem is pervasive. Not only hasn’t money
been allocated to develop computer security on the Grid,
few professors are even writing articles about it. Perhaps
the Department of Homeland Security needs an additional
increase over their fiscal year 2004 of $41 billion.
Never underestimate a hacker’s desire for trophies.
And hacking the Grid was exactly that — a king
sized trillion-operations-a- second trophy they could
show off to their pals. Nothing more, nothing less.
What it all means
Thomas M. Eidson, who works for the National Institute
of Aerospace, took a look at the need for additional
security considerations for the Grid in an April 2003
paper. His conclusion? “The security plan for
a Grid must consist of a set of appropriately balanced
procedures. These procedures should not be too severe
or they will get ignored and security will be compromised.
They also should all be at the same general security
level or a weak procedure will undermine the extra work
used to implement a more severe security procedure.”
Mike Rosing, an engineer at the University of Wisconsin,
translates, “In non-geek speak, securing a grid
is almost impossible. There are too many people and
systems involved. It's a Tower of Babel, just spread
out on the ground instead of going up. National Security
stuff should not be done on a grid computer network.
Weather, astronomy and anthropological bone growth is
ok, but nuclear weapons calculations are a no-no. At
least for now.”
But the imposed silence by and from the $41 billion
Homeland Security office, its absolute refusal to communicate
about the safety and security of this nation’s
most powerful computers, and the possibility that our
most sensitive secrets are open for inspection by real
enemies, makes this reporter nervous.
Next — Part Two: What 'security' at Homeland
Security?
Lewis
Z. Koch can be reached by email at lzkoch@comcast.net.
|
