1. CERN, Security & the LHC … about the balance between academic freedom, operations & security Dr. Stefan Lüders (CERN Computer Security Officer) “ Protecting Office Computing, Computing Services, GRID & Controls” UAB Seminar December 18 th 2009
2.
3. Part I European Organization 20 European Members 2500 staff + 10.000 users 600M€ annual budget for Nuclear Research www.cern.ch Tim Berners-Lee
4.
5.
6.
7.
8.
9. Vulnerabilities are everywhere !!! Unpatched oscilloscope (running Win XP SP2) Lack of input validation & sanitization Confidential data on Wikis, Webs, CVS… Free passwords on Google…
17. Hunt for the Beauty in Nature China 3000yrs ago ancient Greeks Dmitri Mendeleev 1869 1930-today Niels Bohr 1913
18. The Standard Model of HEP Particles Forces Gluons (8) Quarks Mesons Baryons Nuclei Graviton ? Bosons (W,Z) Atoms Light Chemistry Electronics Solar system Galaxies Black holes Neutron decay Beta radioactivity Neutrino interactions Burning of the sun Strong Photon Gravitational Weak Electromagnetic Bottom Strange Down Top Charm Up 2/3 2/3 2/3 -1/3 -1/3 -1/3 each quark: R , B , G 3 colors Quarks Electric Charge Tau Muon Electron Tau Neutrino Muon Neutrino Electron Neutrino -1 -1 -1 0 0 0 Electric Charge Leptons But what makes them weight ??? Peter Higgs
19. Observables & Instruments Radio Telescope Spy Glass Telescope Microscope Electron Microscope Particle Accelerator The observable Universe Galaxies The Solar System Proton Atom Cell Virus Higgs? Nuclei 10 -34 10 -30 10 -26 10 -22 10 -18 10 -14 10 -10 10 -6 1m 10 6 10 10 10 14 10 18 10 22 10 26
21. LHC Beam Optics Steer a beam of 85 kg TNT through a 3mm hole 10.000 times per second ! World’s largest superconducting installation (27km @ 1.9 ° K) worth 2B€ Vacuum Cryogenics Quench Protection Beam Position
22. CERN Accelerator Complex Pre-Accelerators Timing Machine Protection Beam Dump Beam Orbit Radio Frequency
23. General Infrastructure Safety Radiation Monitoring Cooling & Ventilation Electricity Alarmhandling Facility Management Access Control
24. Data Acquisition Control The ATLAS Experiment 7000 tons Ø22m × 43m 500M€ pure hardware http://atlas.ch Data Acquisition (Sub-)Detectors The cavern: 53m × 30m × 35m 92m below ground About 100 million data channels Run Control Experiment Triggering
25. Control Systems for Experiments The CMS Experiment 500M€ pure hardware 12500 tons, Ø15m × 22m http://cmsinfo.cern.ch Safety Gas Distribution Smoke Radiation Cooling & Ventilation Sniffer High Voltage Electricity Magnet Cryogenics About one million control channels
26. Control Systems at CERN Experiment: ALICE, ATLAS, CMS, LHCb, LHCf and TOTEM ALPHA (AD-5), Cast, Collaps, Compass, Dirac, Gamma Irradiation Facility, ISOLTRAP, MICE R&D, Miniball, Mistral, NA48/3, NA49, NA60, nTOF, Witch, … GCS, MCS, MSS, and Cryogenics System Accelerator Infrastructure: ADT, ACS, BQE, BPAWT, BDI, BIC, BLM, BOF, BPM, BOB, BSRT, BTV, BRA, CWAT, Cryo (Frigo, SM18 & Tunnel), BCTDC, BCTF, FGC, LEIR Low Level RF, LHC Beam Control System, LBDS, HC, LHC Logging Service, LTI, MKQA, APWL, BPL, OASIS, PIC, QDS/QPS, BQS, SPS BT, BQK, Vacuum System, WIC, and BWS Accelerators: AB/OP, AD, CNGS, CCC, CLIC, ISOLDE, ISOLDE offline, LEIR, LHC, Linac 2, Linac 3, PS, PS Booster, REX, SM18, and SPS Safety: ACIS, AC PS1, AC PS2, AC SPS1, AC SPS2, Alarm Repeater, ARCON, ADS, CSA, SGGAZ, SFDIN, CSAM, CESAR, DSS, LACS, LASS, LASER, Radmon, RAMSES, MSAT, Radio Protection Service, Sniffer System, SUSI, TIM, and Video Surveillance Infrastructure: CV, ENS, FM, DBR, Gamma Spectroscopy, TS/CSE, and YAMS
29. Overview The (r)evolution of control systems... Team Up: Risks & Mitigations are int’l ! ...omitted security aspects! Mitigation: Defense-in-Depth Why worry ? The risk equation
30. Standard Hard and Software Ethernet & Wireless Common of the shelf HW WWW & Emails Modbus/TCP, OPC & Telnet Desktop PCs & Laptops C++, Java, XML, Corba... Shared Accounts & Passwords Oracle, Labview… Windows & Linux
33. “ Controls” is not IT ! (1) System Life Cycle 3 – 5 years 5 – 20 years Availability scheduled interventions OK 24h / 7d / 365d Confidentiality high low Time Criticality delays tolerated critical “ Office IT” “ Controls” Security Knowledge exists usually low Intrusion detection standard … no signatures… Usage of wireless frequent increasing use DHCP standard Fixed IPs in hardware configurations
34. “ Controls” is not IT ! (2) Patches & Upgrades frequent infrequent or impossible (needs extensive tests) Antivirus Software standard rare or impossible (might block CPU) Reboots standard rare or impossible (processes will stop) Admin Rights to be avoided needs to run controls processes “ Office IT” “ Controls” Password Changes standard rare or impossible (password “hardwired”) Changes frequent, formal & coordinated rare, informal & not always coordinated "Do not touch a running system !!!"
35. Standard Vulnerabilities Ethernet & Wireless Common of the shelf HW WWW & Emails Modbus/TCP, OPC & Telnet Desktop PCs & Laptops C++, Java, XML, Corba... Shared Accounts & Passwords Oracle, Labview... Windows & Linux
43. Damage by Viruses / Worms ? 2003/08/11: W32.Blaster.Worm 2003: The “Slammer” worm disables safety monitoring system of the Davis-Besse nuclear power plant for 5h.
44. Damage by Lack of Robustness ? “ Your software license has expired.” (Not at CERN )
45. Damage by Insiders ? 2000: Ex-Employee hacked “wirelessly” 46x into a sewage plant and flooded the basement of a Hyatt Regency hotel.
46. Damage by Attackers ? 2003/08/11: W32.Blaster.Worm April 2007 We’re HEP, so who will attack us ?!
47. LHC First Beam Day Hmm… A defaced web-page at an LHC experiment… A “flame” message to some Greek “competitors”… … on 10/09/2008: Just coincidence ? … user accounts !?!
48.
49. Defence-in-Depth (Network-) Protocols Firmware & Operating Systems Devices & Hardware Software & Applications System Integrator & Manufacturer Operator & User Third party applications
50. Myths about Cyber-Security “Firewall protection is sufficient..." "Network security, that's all you need !" "Everything can be solved by technique !" "More and better gadgets can solve security problems..." "You can keep attackers out..." "Field devices can't be hacked..." "IDSs can identify possible control system attacks..." "Encryption protects you..."
51. Ground Rules for Cyber-Security Separate Networks Control (Remote) Access Increase Robustness Patch, Patch, Patch !!! Review Development Life-Cycle Foster Collaboration & Policies Inherit IT Security, too !
52.
53.
54.
55.
56.
57.
58. Team up: The International Risk Vulnerability × Threat × Consequence Risk =
59.
60.
61.
62.
63.
64. Summary The (r)evolution of control systems... Team Up: Risks & Mitigations are int’l ! ...omitted security aspects! Mitigation: Defense-in-Depth Why worry ? The risk equation
65. Happy New Year ! 1992 1970 1982 2000 1979 1995 1986 2001 1973 2010!
CERN is run by 20 European Member States, but many non-European countries are also involved in different ways. Fundamental research in particle physics Designs, builds & operates large accelerators Designs, builds & operates large experimental facilities together with outside institutes Financed by 20 European countries SFR ~1000M budget - operation + new accelerators ~2,400 staff (dropping from 3450 to ~2150 by 2006) > 5,000 users (researchers) from Europe and all over the world ~ 1000/year rotate The current Member States are: Austria, Belgium, Bulgaria, the Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Italy, The Netherlands, Norway, Poland, Portugal, the Slovak Republic, Spain, Sweden, Switzerland and the United Kingdom. Member States have special duties and privileges. They make a contribution to the capital and operating costs of the CERN programmes, and are represented in the Council, responsible for all important decisions about the Organization and its activities. Some States (or International Organizations) for which membership is either not possible or not yet feasible are Observers. 'Observer' status allows Non-Member States to attend Council meetings and to receive Council documents, without taking part in the decision-making procedures of the Organization.Scientists from 220 Institutes and Universities of non-Members States also use CERN's facilities. Physicists and their funding agencies from both Member and non-Member States are responsible for the financing, construction and operation of the experiments on which they collaborate. CERN spends much of its budget on building new machines (such as the Large Hadron Collider), and it can only partially contribute to the cost of the experiments. Observer States and Organizations currently involved in CERN programmes are: the European Commission, India, Israel, Japan, the Russian Federation, Turkey, UNESCO and the USA. Non-Member States currently involved in CERN programmes are: Algeria, Argentina, Armenia, Australia, Azerbaijan, Belarus, Brazil, Canada, China, Croatia, Cyprus, Estonia, Georgia, Iceland, India, Iran, Ireland, Mexico, Morocco, Pakistan, Peru, Romania, Serbia, Slovenia, South Africa, South Korea, Taiwan and the Ukraine.
OPTIONAL
Like our ETs, our ancient ancestors did the same: observing, classification and interpretation. 4 Elements show the beauty of nature. But this did not explain everything. Mendeleev et al. did it again: observing, classification and interpretation. Bohr cleaned the table reducing to p,n,e The 1930 become again worse…..
Today, the theory sorts again the particle zoo. All particles and forces have been confirmed by HEP experiments. But the theory (the standard model) still has many open questions. Therefore, HEP has to conduct more experiments… And rather than colliding CARs we collide particles. The most stable ones are e or p. LEP, LHC
Its like guiding a light beam with lenses. Here we use magnetic fields -> magnets. Cooled to obtain higher efficiencies and not to produce to much useless heat. Small cross section of the beam to enlarge colliding area. The tinier the particles the larger the collider (particle accelerator). We want to smash the CAR into tinier parts -> higher speeds needed. Superfluid Helium Energy-efficiency: the larger the radius, the smaller the energy loss Energy of each beam equals that of a Jumbo Jet 747 at takeoff (takeoff weight 400t, speed 180 kmh). Beam can melt 500kg of copper in 100 microseconds. Energy stored in the 1232 dipole magnets (10 GJ) is equivalent of that of an aircraft carrier (100000t) at 30knots or an Airbus A380 travelling at 700 km/h. Millions of parameters to control through literally 1000 PCs and PLCs using PROFIbus, WorldFIP and Ethernet TCP/IP. Control of beam injection, beam orbit, beam position, beam ramping, magnets RF & power, cooling, beam dump, machine protection, radiation, personnel access. 1.9 K cooler than the universe at 2.74K (Cosmic Microwave Background Radiation) CERN Control Centre (CCC), Technical Control Room (TCR), Meyrin, Prevessin Control Room (MCR/PCR), Safety Control Room (SCR), CERN Safety Alarm Monitoring (CSAM), Cooling & Ventilation, Electricity & Power, Cryogenics, Gas Detection (Sniffer), Smoke Detection, Radiation Monitoring. Avoid influence to/from the environment -> bury into the ground (radiation, other particles, barriers).
Also the detectors grow. Like the zoom-objectives from SLR cameras. Or magnifying glass, microscope, X-ray, … Raw information is measured. The CMS tracker comprises ~250 square metres of silicon detectors - about the area of a 25m-long swimming pool. The silicon Pixel detector comprises (in its basic form) more than 23 million detector elements in an area of just over 0.5 square meters. The lead tungstate crystals forming the ECAL are 98% metal (by mass) but are completely transparent. The 80000 crystals in the ECAL have a total mass equivalent to that of ~24 adult African elephants - and are supported by 0.4mm thick structures made from carbon-fibre (in the endcaps) and glass fibre (in the barrel) to a precision of a fraction of a millimetre. The brass used for the endcap HCAL comes from recuperated artillery shells from Russian warships. The CMS magnet will be the largest solenoid ever built. The maximum magnetic field supplied by the solenoid is 4 Tesla - approximately 100000 times the strength of the magnetic field of the earth. The amount of iron used as the magnet return yoke is roughly equivalent to that used to build the Eiffel Tower in Paris. The energy stored in the CMS magnet when running at 4 Tesla could be used to melt 18 tonnes of solid gold. During one second of CMS running, a data volume equivalent to 10,000 Encyclopaedia Britannica is recorded The data rate handled by the CMS event builder (~500 Gbit/s) is equivalent to the amount of data currently exchanged by the world's Telecom networks. The total number of processors in the CMS event filter equals the number of workstations at CERN today (~4000 - how many failures per day?!). Control of Experiment (ECS), Magnet (MSS/MCS), Data Acquisition (DAQ), Trigger (HLT), Data Taking (Run Control), Detector Safety (DSS), Gas (GCS), C+V, Power/Electricity, Racks.