Supercomputing 2022 — How will you keep the bad guys out of the world’s fastest computers that store your most sensitive data?
This was a growing concern at last month’s Supercomputing 2022 conference. Year after year, achieving the fastest system performance has been a hot topic. But the quest for speed comes at the cost of protecting some of these systems that perform critical workloads for science, weather modeling, economic forecasting, and national security.
Implementing security in the form of hardware or software usually degrades performance and reduces overall system performance and computational output. Security is an afterthought as the demand for increased supercomputing power increases.
Jeff McVeigh, vice president and general manager of Intel’s Supercomputing Group, said:
“‘We want to make sure we are getting the best possible performance. .
Security Needs Incentives
Performance and data security are a constant battle between vendors selling high performance systems and operators performing installations.
Speaking at a Supercomputing 2022 panel session, Yang Guo, a computer scientist at the National Institute of Standards and Technology (NIST) said:
Lack of enthusiasm for protecting high-performance computing systems prompted US government intervention, and NIST created a working group to address the issue. Guo leads his NIST HPC working group focused on developing system and data security guidelines, blueprints, and safeguards.
The HPC Working Group was created in January 2016 under then-President Barack Obama’s Executive Order 13702 to launch the National Strategic Computing Initiative. The group’s activity has picked up after a spate of attacks on European supercomputers. Some of them were involved in research into COVID-19.
HPC security is complex
Security in high-performance computing isn’t as simple as installing antivirus or scanning email, says Guo.
High-performance computers are a shared resource, where researchers reserve time and connect to the system to perform computations and simulations. Security requirements vary by HPC architecture. Some prioritize access control, hardware such as storage, faster CPUs, and memory for computation. The primary focus is to protect containers and sanitize computing his nodes associated with projects on HPC, he said.
Government agencies with sensitive data take a Fort Knox-style approach to protecting systems by cutting off normal network and wireless access. The “air-gapped” approach helps prevent malware from entering systems and ensures that only authorized users with clearance can access such systems.
The university also hosts a supercomputer that can be accessed by students and academics conducting scientific research. The administrators of these systems often have limited control over security managed by system vendors who want bragging rights to build the fastest computers in the world.
Leaving the management of the system to the vendor prioritizes guarantees for specific performance features, said Ricky Gregg, cybersecurity program manager for the U.S. Department of Defense’s High Performance Computing Modernization Program, during a panel discussion.
“One thing I learned many years ago was that the more money you spend on security, the less money you spend on performance. ,” said Greg.
During the Q&A session after the panel, some system administrators expressed frustration with vendor agreements that prioritize system performance and deprioritize security. The system administrator said implementing proprietary security her technology amounted to a breach of contract with the vendor. This left the system exposed.
Some panelists said vendors could tweak contracts with language to hand over security to field staff after a set period of time.
Different approaches to security
Government agencies, universities and vendors talked about supercomputing on the SC show floor. Security conversations were mostly behind closed doors, but the nature of supercomputing installations gave us a bird’s-eye view of different approaches to securing our systems.
The booth at the Texas Advanced Computing Center (TACC) at the University of Texas at Austin, which hosts multiple supercomputers on the Top 500 list of the world’s fastest supercomputers, focused on performance and software. TACC’s supercomputers are regularly scanned, and the center is equipped with tools to prevent intrusions and his two-factor authentication to authorize legitimate users, the official said. .
The Department of Defense employs a “walled garden” approach, dividing users, workloads, and supercomputing resources into DMZ-style perimeter areas where all communications are heavily guarded and monitored.
Massachusetts Institute of Technology (MIT) takes a Zero Trust approach to system security by eliminating root access. Instead, use a command line entry called sudo to give the HPC engineer root privileges. The sudo command provides a trail of activity that HPC engineers perform on their systems, said Albert Reuther, his member of senior staff at the MIT Lincoln Laboratory Supercomputing Center, during a panel discussion.
“What we really want is an audit of who was on the keyboard and who was that person,” says Reuter.
Improved security at the vendor level
The popular approach to high performance computing, which relies heavily on huge on-site installations with interconnected racks, has remained unchanged for decades. This contrasts with the commercial computing market, which is moving from offsite to the cloud. Trade show attendees expressed concerns about data security after leaving on-premises systems.
AWS is modernizing HPC by bringing it to the cloud. This allows you to scale up performance on demand while maintaining a higher level of security. In November, the company introduced his HPC7g, a set of cloud instances for high performance computing on Elastic Compute Cloud (EC2). EC2 employs a special controller called Nitro V5, which provides a confidential computing layer to protect data at rest, processing, or in transit.
Lowell Wofford, Principal Specialist Solutions Architect for High Performance Computing at AWS, said in a panel discussion: He added that hardware technology provides both security and bare-metal performance in virtual machines.
Intel builds sensitive computing features (locked enclaves for program execution) like Software Guard Extensions (SGX) into its fastest server chips. According to Intel’s McVeigh, a lazy approach by carriers has pushed chip makers to secure high-performance systems.
“I remember when security wasn’t a big deal in Windows. ‘It’s going to be,'” McVeigh said. “So it takes a lot of effort there. I think the same needs to apply. [in HPC].”
