CERN: Digitally open, too

The Open Days are here!! From tomorrow onwards, we will be welcoming thousands of people to CERN. No barriers, no boundaries!

 

For decades, we have welcomed researchers and visitors from around the world to work at CERN, discuss physics research and attend our training sessions, lectures and conferences. This is how fundamental research should be conducted!!! But have you ever noticed how you are welcome at CERN in the digital world, too? Once you are affiliated and are registered with CERN, you receive a CERN computing account and e-mail address.  You can register your laptops, PCs and smartphones to use our (wireless) network, you can easily create your personal webpage, and profit from a vast disk space for file storage (AFS and DFS). CERN is indeed an Open Campus and not only during the Open Days. CERN is an Open Campus in the digital world.

This digital Open Campus culture is exactly the reason why “computer security” has been delegated to you. With academic freedom comes responsibility for everything you do: you are responsible for the computer security of the laptops, smart phones and PCs you use, the accounts and passwords you own, the files and documents you store, the programmes and applications you have installed or written, and the computer services and systems you manage. Because we do not control the operating systems you run, we are not responsible for the programmes and applications you install and the webpages you browse (“Why “Security” is not ME…”).

Alternatively, we could change that: we could block network access for every incompliant PC and laptop; we could close the CERN outer perimeter firewall completely and deny access to news pages, Facebook, YouTube and others; we could impose on you the Windows 7 and SLC6 operating systems; and we could allow only certain programming languages to be used. But dictating and restricting you would contradict the freedom and liberty of CERN’s academic work. In fact, it would interfere with CERN’s academic freedom, and we would rather get the balance right!

Therefore, while breathing the Open Campus air at CERN, that balance requires you to take your share: “”Security” is YOU!” We are, of course, ready to help you take on this responsibility. If you feel uncomfortable with it, you can delegate that responsibility to the IT Department which provides a multitude of secured computing services such as up-to-date operating systems, anti-virus software, protected file storage space, secured web servers and databases. Contact them and avoid reinventing the wheel (see our Bulletin article on “Stop fighting alone, let synergy rule!”). Rather, focus on your core work and don’t fiddle with issues where you might not be an expert ☺. Avoid the blunder of others who presented us with awesome web applications, fully functional with lots of bells and whistles, but which, after scrutiny, turned out to be flawed and posed a security risk to the Organization,  and was eventually scrapped by a dismayed developer…

For further information, please check our dedicated training sessions on secure coding

Check our website for further information, answers to your questions or help, or write to Computer.Security@cern.ch.

If you want to learn more about computer security incidents and issues at CERN, just follow our Monthly Report.


Access the entire collection of Computer Security articles here.

by Computer Security Team