LLNL-PRES-2001524 This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under contract DE- AC52-07NA27344. Lawrence Livermore National Security, LLC Ian Lee HPC Security Architect HPC Security Technical Exchange 2024 An overview and out brief 2024-11-17 

2 LLNL-PRES-2001524 What was the STX? 

3 LLNL-PRES-2001524 “An event to bring together experts, practitioners, and enthusiasts in government high-performance computing (HPC) security to share insights, discuss challenges, and explore innovative solutions.” What was the STX? 

4 LLNL-PRES-2001524 ▪ 2018 June – 2023 June — LLNL, SNL, LANL HPC ISSO / security meetups at Livermore or New Mexico ▪ 2023 November – Supercomputing Gov User Group Meeting — About 80 attendees — “This is the Denver convention center, find us a better venue and we’ll talk” ▪ 2023 December – “First” HPC STX — LLNL, SNL, LANL + ORNL, NASA, DoD History 

5 LLNL-PRES-2001524 ▪ 80 registrants from across government, contractors, foreign partners, academia ▪ ~ 25 high level topics for discussion — HPC stack surveys — Compliance and baselines — Assessments, incident handling, threat hunting — Challenges with procurement, staffing — And more! ▪ Meeting notes / write-ups available (low side, and high side) HPC STX 2024 

6 LLNL-PRES-2001524 ▪ Government wide Community of Interest around HPC Security ▪ Build lasting connections between government organizations committed to HPC security. ▪ Find areas of shared interest to collaborate on into the future apart from this event. ▪ Present a unified force to those writing requirements / policy Goals 

7 LLNL-PRES-2001524 Major Topics ▪ Site Overviews — Lots of similarities, but also some differences ▪ Security Compliance and Baselines — STIGs, NIST, Audits, etc ▪ Technology and Tools — HPC software stacks, configuration management, security tooling ▪ Identity Management and Account Provisioning ▪ Software Approvals and User Software ▪ Logging and Monitoring — User, system, and network monitoring ▪ Vulnerability Management — Scanning tools and threat hunting ▪ Incident Handling and Disaster Recovery — Incident sharing, backup policies ▪ Challenges — Vendors, staffing, training ▪ Future Directions — HPC Security Working Group, NIST HPC Overlay 

8 LLNL-PRES-2001524 ▪ Starting sense of “what are we doing, and what should we be talking about?” — Who should be talking, ▪ ~ 40 pages of CUI notes from unclassified and collateral Secret sessions — Posted to NIPR Intellipedia ▪ Fantastic feedback, some adjustments coming in 2025. — “We should bring X other people to hear this information!” — Planning an out brief to more senior leaders as part of the next event. Outcomes 

9 LLNL-PRES-2001524 ▪ Sharing of TOSS (https://hpc.llnl.gov/toss) with DoD sites ▪ Meeting regarding sharing of DoD RADIX tool with DOE ▪ Expand invitation to include more senior decision makers and risk executives ▪ Better sense of what to discuss so more can participate next time. Outcomes 

10 LLNL-PRES-2001524 ▪ Dates: Tuesday April 1 - Friday April 4, 2025 ▪ Location: Lawrence Livermore National Laboratory in Livermore, CA, USA ▪ Registration: Details will be sent out in early-mid December ▪ Email me to get on the list or suggest topics or presentations: [email protected] HPC STX 2025 

Thank you! [email protected]