Operational security, threat intelligence & distributed computing: the WLCG Security Operations Center Working Group

David Crooks; Liviu Vâlsan; Kashif Mohammad; Shawn McKee; Paul Clark; Adam Boutcher; Adam Padée; Michał Wójcik; Henryk Giemza; Bas Kreukniet

doi:10.1051/epjconf/201921403029

Proceedings

Open Access

EPJ Web of Conferences 214, 03029 (2019)
https://doi.org/10.1051/epjconf/201921403029

Operational security, threat intelligence & distributed computing: the WLCG Security Operations Center Working Group

David Crooks¹^*, Liviu Vâlsan²^**, Kashif Mohammad³^***, Shawn McKee⁴^****, Paul Clark⁵^†, Adam Boutcher⁵^‡, Adam Padée⁶^§, Michał Wójcik⁶^¶, Henryk Giemza⁶^∥ and Bas Kreukniet⁷^** on behalf of the WLCG Security Operations Center Working Group

¹ STFC Rutherford Appleton Laboratory, Harwell Campus, Didcot, Oxfordshire OX11 0QX, United Kingdom
² CERN, The European Organisation for Nuclear Research, 1211 Geneva 23, Switzerland
³ University of Oxford, Department of Physics, Denys Wilkinson Building, Keble Road, Oxford, OX1 3RH, United Kingdom
⁴ Physics Department, University of Michigan, Ann Arbor, MI 48109-1040, USA
⁵ Institute for Particle Physics Phenomenology, Ogden Centre for Fundamental Physics, Department of Physics, University of Durham, Science Laboratories, South Rd, Durham DH1 3LE, United Kingdom
⁶ Narodowe Centrum Badań Jądrowych, ul. Andrzeja Sołtana 7, 05-400 Otwock-Świerk, Poland
⁷ SURFsara, SURF Science Park Building, Science Park 140, 1098 XG, Amsterdam, The Netherlands

^* e-mail: david.crooks@stfc.ac.uk
^** e-mail: liviu.valsan@cern.ch
^*** e-mail: kashif.mohammad@physics.ox.ac.uk
^**** e-mail: smckee@umich.edu
^† e-mail: paul.w.clark@durham.ac.uk
^‡ e-mail: adam.j.boutcher@durham.ac.uk
^§ e-mail: adam.padee@ncbj.gov.pl
^¶ e-mail: michal.wojcik@ncbj.gov.pl
^∥ e-mail: henryk.giemza@ncbj.gov.pl
^** e-mail: bas.kreukniet@surfsara.nl

Published online: 17 September 2019

Abstract

The modern security landscape for distributed computing in High Energy Physics (HEP) includes a wide range of threats employing different attack vectors. The nature of these threats is such that the most effective method for dealing with them is to work collaboratively, both within the HEP community and with partners further afield - these can, and should, include institutional and campus security teams. In parallel with this work, an appropriate technology stack is essential, incorporating current work on Big Data analytics. The work of the Worldwide LHC Computing Grid (WLCG) Security Operations Center (SOC) Working Group (WG) [1] is to pursue these goals to form a reference design (or guidelines) for WLCG sites of different types. The strategy of the group is to identify necessary components - starting with threat intelligence (MISP [2]) and network intrusion detection (Bro [3]), building a working model over time. We present on the progress of the working group thus far, in particular on the programme of workshops now underway. These workshops give an opportunity to engage with sites to allow the development of advice and procedures for deployment, as well as facilitating wider discussions on how to best work with trust groups at different levels. These trust groups vary in scope but can include institutes, National Grid Infrastructures and the WLCG as a whole.

© The Authors, published by EDP Sciences, 2019

This is an Open Access article distributed under the terms of the Creative Commons Attribution License 4.0, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.