HPC STX Overview

Transcript

1. LLNL-PRES-2001524 This work was performed under the auspices of the

   U.S. Department of Energy by Lawrence Livermore National Laboratory under contract DE- AC52-07NA27344. Lawrence Livermore National Security, LLC Ian Lee HPC Security Architect HPC Security Technical Exchange 2024 An overview and out brief 2024-11-17

2. 2 LLNL-PRES-2001524 What was the STX?

3. 3 LLNL-PRES-2001524 “An event to bring together experts, practitioners, and

   enthusiasts in government high-performance computing (HPC) security to share insights, discuss challenges, and explore innovative solutions.” What was the STX?

4. 4 LLNL-PRES-2001524 ▪ 2018 June – 2023 June — LLNL,

   SNL, LANL HPC ISSO / security meetups at Livermore or New Mexico ▪ 2023 November – Supercomputing Gov User Group Meeting — About 80 attendees — “This is the Denver convention center, find us a better venue and we’ll talk” ▪ 2023 December – “First” HPC STX — LLNL, SNL, LANL + ORNL, NASA, DoD History

5. 5 LLNL-PRES-2001524 ▪ 80 registrants from across government, contractors, foreign

   partners, academia ▪ ~ 25 high level topics for discussion — HPC stack surveys — Compliance and baselines — Assessments, incident handling, threat hunting — Challenges with procurement, staffing — And more! ▪ Meeting notes / write-ups available (low side, and high side) HPC STX 2024

6. 6 LLNL-PRES-2001524 ▪ Government wide Community of Interest around HPC

   Security ▪ Build lasting connections between government organizations committed to HPC security. ▪ Find areas of shared interest to collaborate on into the future apart from this event. ▪ Present a unified force to those writing requirements / policy Goals

7. 7 LLNL-PRES-2001524 Major Topics ▪ Site Overviews — Lots of

   similarities, but also some differences ▪ Security Compliance and Baselines — STIGs, NIST, Audits, etc ▪ Technology and Tools — HPC software stacks, configuration management, security tooling ▪ Identity Management and Account Provisioning ▪ Software Approvals and User Software ▪ Logging and Monitoring — User, system, and network monitoring ▪ Vulnerability Management — Scanning tools and threat hunting ▪ Incident Handling and Disaster Recovery — Incident sharing, backup policies ▪ Challenges — Vendors, staffing, training ▪ Future Directions — HPC Security Working Group, NIST HPC Overlay

8. 8 LLNL-PRES-2001524 ▪ Starting sense of “what are we doing,

   and what should we be talking about?” — Who should be talking, ▪ ~ 40 pages of CUI notes from unclassified and collateral Secret sessions — Posted to NIPR Intellipedia ▪ Fantastic feedback, some adjustments coming in 2025. — “We should bring X other people to hear this information!” — Planning an out brief to more senior leaders as part of the next event. Outcomes

9. 9 LLNL-PRES-2001524 ▪ Sharing of TOSS (https://hpc.llnl.gov/toss) with DoD sites

   ▪ Meeting regarding sharing of DoD RADIX tool with DOE ▪ Expand invitation to include more senior decision makers and risk executives ▪ Better sense of what to discuss so more can participate next time. Outcomes

10. 10 LLNL-PRES-2001524 ▪ Dates: Tuesday April 1 - Friday April

    4, 2025 ▪ Location: Lawrence Livermore National Laboratory in Livermore, CA, USA ▪ Registration: Details will be sent out in early-mid December ▪ Email me to get on the list or suggest topics or presentations: [email protected] HPC STX 2025

11. Thank you! [email protected]