Cybersecurity
Argonne National Laboratory has an aggressive cybersecurity program, combining expert staff with hardware and software capabilities that help protect against intrusion and detect attacks. Argonne’s cybersecurity program is regularly reviewed by groups of external experts. Argonne staff also receive annual training in cybersecurity. While no site connected to the Internet is impervious, we have many safeguards.
All interactions with LCRC computers use Secure Shell authentication, a cryptographic network protocol for secure data communication.
For authorized users, access to data stored in LCRC is managed by standard Linux file access mechanisms, which enable the file owner to limit access to themselves or specific groups of users, typically the members of their project. We can also set up special groups, as needed.
Note that the LCRC system administrators with root privileges are not constrained by the file permissions, and they have the capability to open and/or copy all files on the system. They can also assume a user’s identity on the system. LCRC staff will never copy, expose, discuss, or in any other way communicate your project information to anyone outside of your project, the LCRC, or Argonne National Laboratory cybersecurity officials without your explicit permission unless required to do so by law. It is your responsibility to encrypt data if you wish to prevent its exposure under those circumstances.
Generally speaking, administrators use these highly elevated privileges only when requested, or if a suspected problem/security issue exists. Following are instances where LCRC staff might look at your files:
- We may review .error, .output, and scheduler log files to determine if a job failure was due to user error or a system failure.
- If you request our assistance via any mechanism (for example, help ticket, direct personal email, in person, etc.), we interpret that request to be explicit permission to view your files if we think doing so will aid us in resolving your issue.
We do not permit certain kinds of information on LCRC systems, including, but not limited to, personally identifiable information (data that falls under the Privacy Act of 1974, 5 U.S.C. 552a), classified information, unclassified controlled nuclear information (UCNI), naval nuclear propulsion information (NNPI), the design or development of nuclear, biological, or chemical weapons, or any weapons of mass destruction. The use of LCRC resources for personal or non-work-related activities is also prohibited. Project PIs are responsible for knowing whether their project generates any of these prohibited data types or information that falls under Export Control. Currently, the use of export-controlled codes is prohibited. For questions, please contact LCRC support, support@lcrc.anl.gov.