Cyber-Attacks and the Risks for CERN

In the previous Bulletin, we discussed the cyber-risks for the accelerator complex. However, looking at the broader picture, the cyber-risks for CERN are much more diverse.

 

Attacks can not only harm the operation of accelerators or experiments, but also impact negatively on the operation of the Organization as a whole and/or its reputation. This would not only hamper and impede our work while making us looking plain stupid, but might also make funding agencies reconsider whether their money is well invested in CERN… Examples? Sure, let’s be imaginative!

What would be the consequences, if:

  • a laptop holding sensitive CERN documents is lost or stolen, and ends up on eBay?
  • your password is compromised and your mail account misused to send nasty messages to thousands of external mail addresses?
  • an attacker manages to add photos of naked women/men onto a prominent CERN website, and boasts about this on Twitter?
  • confidential documents like job application forms or password lists accidentally become public?
  • a member of the personnel downloads copyrighted material and CERN is subsequently sued by the rights holder?
  • an attacker infiltrates our central computing clusters or the LHC Computing Grid, and subsequently attacks - say - the Vatican’s website?
  • a large fraction of Windows PCs and laptops connected to the office network is infected by a brand-new breed of virus?


And what is the probability of any of the above happening? It's certainly not zero! Therefore, help the Organization to keep the risks of cyber attacks to a minimum! Recall that you are, in the first instance, responsible for the computer security of the laptops, smart phones and PCs you use, the accounts and passwords you own, the files and documents you hold, the programs and applications you have installed or, especially, those you have written, and the computer services and systems you manage. The Computer Security Team is ready to help you assume this responsibility by providing training and awareness, consulting and audits. Alternatively, you can delegate that responsibility to the IT department, which manages a multitude of secured computing services.

For further information, please check our website or contact us at Computer.Security@cern.ch.

Access the entire collection of Computer Security articles here.

by Computer Security Team