Computer Security: Geneva, Suisse Romande and beyond

To ensure good computer security, it is essential for us to keep in close contact and collaboration with a multitude of official and unofficial, national and international bodies, agencies, associations and organisations in order to discuss best practices, to learn about the most recent (and, at times, still unpublished) vulnerabilities, and to handle jointly any security incident. A network of peers - in particular a network of trusted peers - can provide important intelligence about new vulnerabilities or ongoing attacks much earlier than information published in the media. In this article, we would like to introduce a few of the official peers we usually deal with.*

 

Directly relevant for CERN are SWITCH, our partner for networking in Switzerland, and our contacts within the WLCG, i.e. the European Grid Infrastructure (EGI), and the U.S. Open Science Grid (OSG). All three are essential partners when discussing security implementations and resolving security incidents. SWITCH, in particular, runs twice yearly a dedicated security workshop for Swiss universities and labs discussing a multitude of aspects surrounding “security”. SWITCH also provides monthly reports, which are available via our public website.

Outside this academic circle is the “Geneva Information Security Special Interest Group” (“GISSIG”) which is attended by chief information security officers, computer security officers and IT security experts from different international organisations based in Geneva. Generally, the GISSIG coordinates security implementations across UN organisations, but also discusses different security solutions and threat scenarios relevant to all members. The current members are (in alphabetical order): CERN, the Global Fund, the ILO, the International Committee and the International Federation of the Red Cross and Red Crescent, the Office of the UN High Commissioner for Human Rights, the IOM, the ITU, the UN Offices at Geneva, the UNHCR, the UN International Computing Centre, WIPO, the WHO and the WTO.

In addition to these dedicated, closed forums, three distinct associations provide more open, public forums for organisations, companies, enterprises and individuals interested in computer security, privacy and data protection. All three schedule regular evening sessions where different security aspects are presented and discussed. The GRIFES sessions happen 2-3 times a year and are usually open to the general public once you’ve registered with them. The CLUSIS sessions are open to all its members and the CERN Computer Security Team holds an enterprise membership (for CLUSIS) so that all CERN people can freely attend. It provides a wide programme, with many presentations scheduled almost every other month. The annual membership fee for the Swiss Romande chapter of the International Information Systems Security Certification Consortium ((ISC)2) is around 20 CHF and enables you to attend their meetings. All of these 
meetings are open to any interested parties and usually take place in the evenings - so feel free to attend! Please refer to their websites for their upcoming programmes. You might also find a few presentations and training sessions given by the CERN Computer Security Team to these forums.

Finally, there is a rather loose collaboration between organisations, labs and institutes concerned about the cyber-security of control systems deployed for their experiments and accelerators (“CS2HEP”). This community meets every other year just prior to the ICALEPCS conference.

*Of course, in parallel to these “official” partners, every security expert has built up during his/her career a network of unofficial peers whom he/she trusts and by whom he/she is trusted. However, those peers usually prefer to remain unnamed…


Check out our website for further information, answers to your questions and help, or e-mail Computer.Security@cern.ch.

If you want to learn more about computer security incidents and issues at CERN, just follow our Monthly Report.


Access the entire collection of Computer Security articles here.

by Computer Security Team