NSF 2021 Cybersecurity Summit: ESNET Security Group Impact on Network Architecture

The Energy Sciences Network (ESnet) is a high performance, unclassified network built to support scientific research and is engineered and optimized for large-scale science. Every few years our network is redesigned to systematically take advantage of hardware and software advances – the current effort is ESnet6. Since the previous redesign, the security group has grown in both headcount as well as experience and has been better able to provide advice during the early architecture/design stage as well as during the current implementation phases of the ESnet6 project.

In this talk Scott Campbell will discuss some of the social, technical and architectural outcomes that were beneficial to the organization at large. One of the unexpected benefits of this was the heightened visibility for the security group and improved communication between the various core groups within ESnet. This visibility has created a much better understanding of the ways that the various groups interact, and their different methods of problem solving and time management. By being involved early (and changes not being "bolted on"), security design elements have been incorporated into workflows early, reducing friction and problems for engineering. In addition the increased visibility to the security group has been given a much louder voice in getting projects accepted and understood. A particularly good example of success is the design and operation of the management network. From routing and sinkholes to the way that address space is laid out for simpler ACL construction, having the security group involved created design decisions that are both tightly integrated and vetted during the core design process.
Be the first to comment