National science and technology investments are invaluable enablers of tomorrow鈥檚 innovation. But U.S. federal research labs are often stuck with outdated cybersecurity methods that don鈥檛 work in our increasingly connected world and aren鈥檛 able to address emerging threats like聽. Elite hackers, meanwhile, are innovating. Now more than ever, federal leaders must reimagine and robustly resource cybersecurity solutions at research labs to meet looming challenges head on.
President Biden鈥檚 May 12 cybersecurity executive order is a聽major step in the right direction. It calls for a new approach to securing federal agencies based on 鈥渮ero trust.鈥 Zero trust is an overarching philosophy with profound implications on cybersecurity architectures, founded on core principles: assume a breach; never trust, always verify; and allow only least-privileged access based on contextual factors. Putting the directive into action will require significant funding from Congress and a steadfast commitment from leaders鈥攊ncluding those overseeing research organizations.聽
Research leaders and scientists need to understand the immense impact this will have on their lab operations鈥攁nd they must help shape the development of mission-driven, integrated solutions. A zero trust mindset is the opposite of how federal research labs are secured today (i.e., trust within an isolated lab network). Laboratory and research software and equipment is non-traditional IT, often small scale and hard to secure, so isolating it on its own network was the lowest-cost solution. But isolating scientific tech has never been a satisfying solution, often frustrating staff who can鈥檛 get their IT needs met quickly and vexing IT/cybersecurity staff who aren鈥檛 resourced to secure every new, unique piece of software or device that researchers require. And beyond custom software and large, connected devices (like mass spectrometers and sequencers), labs have unsupported/outdated/non-standard operating systems, massive datasets, and insufficient encryption, all of which create unique cybersecurity challenges.
Some scientists also face challenges obtaining IT support and shy away from addressing complex cybersecurity paperwork that seems to do nothing but hinder their research goals. Further, scientists have long-term goals and limited funding tied to producing results on deadline, which incentivizes labs to focus more on research goals and less on cybersecurity.聽