ABSTRACT
Continuous monitoring represents a potentially significant paradigm shift for cyber security as practiced throughout the US Federal Government. With continuous monitoring, rather than test a system once every three years during certification and accreditation, the security controls that are most vital and most volatile in a computer system are tested continuously to assure a high level of system security. A key goal is to provide near-real time security status-related information to organizational officials so they may take appropriate risk mitigation actions and make cost-effective, risk-based decisions regarding the operation of the information systems.
Continuous monitoring implementation has initially focused on desktop computer systems. Designing a solution to continuously monitor servers will be considerably more complex and challenging. The challenge will be even greater for computers used for scientific instrumentation and experimentation. This paper describes the challenges of adapting and applying the new cyber paradigm of continuous monitoring for supercomputing. It describes research at Los Alamos National Laboratory intended to develop an approach to continuous monitoring appropriate for supercomputers.
- CHAOS. Linux distribution for high performance computing. http://code.google.com/p/chaos-release/wiki/CHAOSDescription=:Google Scholar
- DHS. Draft technical requirements. https://www.fbo.gov/utils/view?id=ae650dd0661deab13c6805f94a54Google Scholar
- NIST. Frequently asked questions continuous monitoring. http://csrc.nist.gov/groups/SMA/fisma/documents/faq-continuous-monitoring.pdf.Google Scholar
- NIST. Fy 2012 reporting instructions for the federal information security management act and agencyprivacy management. http://www.whitehouse.gov/sites/default/files/omb/memoranda/20112-20.pdf.Google Scholar
- NIST. Guide for applying the risk management framework to federal information systems. http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf.Google Scholar
- NIST. Security content automation protocol.scap.nist.gov/use-case/cyberscope//.Google Scholar
- NIST. Specification for the extensible configuration checklist description format (xccdf) version 1.2. http://csrc.nist.gov/publications/nistir/ir7275-rev4/NISTIR-7275r4.pdf.Google Scholar
- NIST. The united states government configuration baseline (usgbc). http://usgcb.nist.gov/.Google Scholar
- O. of Management and Budget. Fy 2011 reporting instructions for the federal information security management act and agency privacy management. http://www.whitehouse.gov/sites/default/files/omb/memoranda/20133.pdf.Google Scholar
- F. N. Radio. Dhs hones dynamic approach to securing agency computer networks. http://www.federalnewsradio.com/473/2922072/DHS-hones-dynamic-approach-to-securing-agency-computer-networks.Google Scholar
- scap.org. Open scap.http://open-scap.org/page/MainP age:Google Scholar
Index Terms
- Continuous monitoring and cyber security for high performance computing
Recommendations
Continuous Monitoring and Assessment of Cybersecurity Risks in Large Computing Infrastructures
HPCC-CSS-ICESS '15: Proceedings of the 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conf on Embedded Software and SystemsThe dynamic and increasingly stealthy techniques used by cyber criminals to target critical computing infrastructure of an organization requires appropriate response mechanism on the part of the organization. Government agencies and regulatory bodies ...
Government regulations in cyber security: Framework, standards and recommendations
AbstractCyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...
Comments