PPT

Download Report

Transcript PPT 

Implementing Security without
Inhibiting Research:
Mission Impossible?
( http://www.esp.org/briite/meetings )
Robert J. Robbins
[email protected]
(206) 667 4778
© 2007, BRIITE
Biomedical Research Institutions Information Technology Exchange
3-5 October 2007
Implementing Security without
Inhibiting Research:
Mission Impossible?
( http://www.esp.org/briite/meetings )
Robert J. Robbins
[email protected]
(206) 667 4778
© 2007, BRIITE
Biomedical Research Institutions Information Technology Exchange
3-5 October 2007
Implementing Security without
Inhibiting Research:
Mission Impossible?
Impossible?
( http://www.esp.org/rjr/briite-RJR-salk-2005.pdf)
Maybe not.
Robert J. Robbins
But it is very hard.
[email protected]
(206) 667 4778
© 2007, BRIITE
Biomedical Research Institutions Information Technology Exchange
3-5 October 2007
Implementing
Security
without
The
challenge is real,
yet we
all
Research:
need toInhibiting
figure out how
to implement
some kind
of solution
anyway.
Mission
Impossible?
Impossible?
( http://www.esp.org/rjr/briite-RJR-salk-2005.pdf)
Maybe not.
Robert J. Robbins
But it is very hard.
[email protected]
(206) 667 4778
© 2007, BRIITE
Biomedical Research Institutions Information Technology Exchange
3-5 October 2007
Implementing
Security
without
The
challenge is real,
yet we
all
Research:
need toInhibiting
figure out how
to implement
some kind
of solution
anyway.
Mission
Impossible?
Impossible?
( http://www.esp.org/rjr/briite-RJR-salk-2005.pdf)
And,
we had better be prepared to
Maybe
not.
replace our solution with a better
Robert J. Robbins
solution every
few
years
for
the
next
[email protected]
But it (206)
is very
hard.
decade.
667 4778
© 2007, BRIITE
Biomedical Research Institutions
Information Technology Exchange
http://www.briite.org
3-5 October 2007
5
The Problem
•
© 2007, BRIITE
Culture clash between research and security.
http://www.briite.org
6
The Problem
•
•
© 2007, BRIITE
Culture clash between research and security.
Work occurs within decentralized organizations.
http://www.briite.org
7
The Problem
•
•
•
© 2007, BRIITE
Culture clash between research and security.
Work occurs within decentralized organizations.
Work occurs across institutional boundaries.
http://www.briite.org
8
The Problem
•
•
•
•
© 2007, BRIITE
Culture clash between research and security.
Work occurs within decentralized organizations.
Work occurs across institutional boundaries.
Problem keeps changing.
http://www.briite.org
9
The Problem
•
•
•
•
•
© 2007, BRIITE
Culture clash between research and security.
Work occurs within decentralized organizations.
Work occurs across institutional boundaries.
Problem keeps changing.
Rules keep changing.
http://www.briite.org
10
The Problem
•
•
•
•
•
•
© 2007, BRIITE
Culture clash between research and security.
Work occurs within decentralized organizations.
Work occurs across institutional boundaries.
Problem keeps changing.
Rules keep changing.
Solution keeps changing.
http://www.briite.org
11
The Problem
•
•
•
•
•
•
•
© 2007, BRIITE
Culture clash between research and security.
Work occurs within decentralized organizations.
Work occurs across institutional boundaries.
Problem keeps changing.
Rules keep changing.
Solution keeps changing.
Human-subjects work is especially challenging.
http://www.briite.org
12
Culture
Clash
Culture Clash
RESEARCH
open
© 2007, BRIITE
SECURITY
closed
http://www.briite.org
14
Culture Clash
RESEARCH
open
opportunistic
© 2007, BRIITE
SECURITY
closed
planned
http://www.briite.org
15
Culture Clash
RESEARCH
open
opportunistic
creative
© 2007, BRIITE
SECURITY
closed
planned
structured
http://www.briite.org
16
Culture Clash
RESEARCH
open
opportunistic
creative
challenge authority
© 2007, BRIITE
SECURITY
closed
planned
structured
respect authority
http://www.briite.org
17
Culture Clash
RESEARCH
open
opportunistic
creative
challenge authority
one-off mentality
...
© 2007, BRIITE
SECURITY
closed
planned
structured
respect authority
process driven
...
http://www.briite.org
18
Decentralized
Organizations
Decentralized Organizations
Would this work in your organization:
© 2007, BRIITE
http://www.briite.org
20
Decentralized Organizations
Would this work in your organization:
Your convenience is no reason for me to
sacrifice the security of my network…
© 2007, BRIITE
http://www.briite.org
21
Decentralized Organizations
Would this work in your organization:
Your convenience is no reason for me to
sacrifice the security of my network…
But it does work in the military, where
this quote originates.
© 2007, BRIITE
http://www.briite.org
22
True Story
Conversation between network administrator (N) and faculty member (F):
© 2007, BRIITE
http://www.briite.org
23
True Story
Conversation between network administrator (N) and faculty member (F):
N: These changes will improve the security of our network.
© 2007, BRIITE
http://www.briite.org
24
True Story
Conversation between network administrator (N) and faculty member (F):
N: These changes will improve the security of our network.
F: But they will make it impossible for my lab to carry out its research.
© 2007, BRIITE
http://www.briite.org
25
True Story
Conversation between network administrator (N) and faculty member (F):
N: These changes will improve the security of our network.
F: But they will make it impossible for my lab to carry out its research.
N: With a little effort you should be able to find a work-around.
© 2007, BRIITE
http://www.briite.org
26
True Story
Conversation between network administrator (N) and faculty member (F):
N: These changes will improve the security of our network.
F: But they will make it impossible for my lab to carry out its research.
N: With a little effort you should be able to find a work-around.
F: My staff and I have already devoted substantial effort to the
problem and there is no work-around for us. However, we have
determined that a relatively minor change in your security plan
would meet your security needs while still allowing us to carry out
our research.
© 2007, BRIITE
http://www.briite.org
27
True Story
Conversation between network administrator (N) and faculty member (F):
N: These changes will improve the security of our network.
F: But they will make it impossible for my lab to carry out its research.
N: With a little effort you should be able to find a work-around.
F: My staff and I have already devoted substantial effort to the
problem and there is no work-around for us. However, we have
determined that a relatively minor change in your security plan
would meet your security needs while still allowing us to carry out
our research.
N: What do you know about network security?
You’re just an end user.
© 2007, BRIITE
http://www.briite.org
28
True Story
Conversation between network administrator (N) and faculty member (F):
Yes, but this end user also had a Nobel
F: But they will make it impossible for my lab to carry out its research.
Prize and about two attractive job offers
N: With a little effort you should be able to find a work-around.
a month from other institutions.
N: These changes will improve the security of our network.
F: My staff and I have already devoted substantial effort to the
problem and there is no work-around for us. However, we have
determined that a relatively minor change in your security plan
would meet your security needs while still allowing us to carry out
our research.
N: What do you know about network security?
You’re just an end user.
© 2007, BRIITE
http://www.briite.org
29
True Story
Conversation between network administrator (N) and faculty member (F):
Yes, but this end user also had a Nobel
F: But they will make it impossible for my lab to carry out its research.
Prize and about two attractive job offers
N: With a little effort you should be able to find a work-around.
a month from other institutions.
N: These changes will improve the security of our network.
POP
QUIZ
F: My staff and I have already devoted substantial effort to the
problem and there is no work-around for us. However, we have
determined that a relatively minor change in your security plan
would meet your security needs while still allowing us to carry out
our research.
N: What do you know about network security. You’re just an end user.
© 2007, BRIITE
http://www.briite.org
30
True Story
Conversation between network administrator (N) and faculty member (F):
The
most
likely
outcome
was:
N:
These
changes
will improve
the security
of our network.
Yes, but this end user also had a Nobel
F: But they will make it impossible for my lab to carry out its research.
Prize and about two attractive job offers
N: With a little effort you should be able to find a work-around.
a month from other institutions.
F: My staff and I have already devoted substantial effort to the
problem and there is no work-around for us. However, we have
determined that a relatively minor change in your security plan
would meet your security needs while still allowing us to carry out
our research.
N: What do you know about network security. You’re just an end user.
© 2007, BRIITE
http://www.briite.org
31
True Story
Conversation between network administrator (N) and faculty member (F):
The
most
likely
outcome
was:
N:
These
changes
will improve
the security
of our network.
Yes, but this end user also had a Nobel
F: But they will make it impossible for my lab to carry out its research.
Prize
and researcher
about two attractive
job offers
1.
The
totally
changed
his
N: With a little effort you should be able to find a work-around.
a month
from other
institutions.
research
program
to meet the new
F: My staff and I have already devoted substantial effort to the
problem
and there isstandards,
no work-around or
for us.
we have
security
. .However,
.
determined that a relatively minor change in your security plan
would meet your security needs while still allowing us to carry out
our research.
N: What do you know about network security. You’re just an end user.
© 2007, BRIITE
http://www.briite.org
32
True Story
Conversation between network administrator (N) and faculty member (F):
The
most
likely
outcome
was:
N:
These
changes
will improve
the security
of our network.
Yes, but this end user also had a Nobel
F: But they will make it impossible for my lab to carry out its research.
Prize
and researcher
about two attractive
job offers
1.
The
totally
changed
his
N: With a little effort you should be able to find a work-around.
a month
from other
institutions.
research
program
to meet the new
F: My staff and I have already devoted substantial effort to the
problem
and there isstandards,
no work-around or
for us.
we have
security
. .However,
.
determined that a relatively minor change in your security plan
would meet your security needs while still allowing us to carry out
2.research.
The network administrator found
our
himself
the opportunity
to an end user.
N: What do
you knowwith
about network
security. You’re just
spend more time with his family.
© 2007, BRIITE
http://www.briite.org
33
Work Spans
Institutional
Boundaries
Work Spans Institutions
Much biomedical research is now
conducted by teams of collaborators,
often spanning multiple institutions.
Research that starts at one institution
segues into multi-institutional work as
students graduate, post-docs move
on, and other changes occur.
© 2007, BRIITE
http://www.briite.org
35
Work Spans Institutions
Research often is accomplished by
INFORMAL teams of workers,
spanning multiple organizations.
These teams dynamically come into
existence to meet a research need,
then disband.
© 2007, BRIITE
http://www.briite.org
36
Work Spans Institutions
Portions of tens (or hundreds) of such
teams exist at any one time within any
research organization.
These teams are often not based on
any formal relationships between the
home institutions of the researchers.
© 2007, BRIITE
http://www.briite.org
37
Work Spans Institutions
Delivering high quality security across
such teams either involves:
a proliferation of accounts across
institutions, or
a security system designed for a
totally decentralized federation
© 2007, BRIITE
http://www.briite.org
38
Work Spans Institutions
Delivering high quality security across
such teams either involves:
No currently available security
a proliferation of accounts across
system
is
designed
to
meet
the
institutions, or
needs of a totally decentralized
a security system
designed for a
federation.
totally decentralized federation
© 2007, BRIITE
http://www.briite.org
39
Problem Keeps
Changing
Changes in Problem Scope
Achieving security of research systems:
© 2007, BRIITE
http://www.briite.org
41
Changes in Problem Scope
Achieving security of research systems:
within labs
© 2007, BRIITE
http://www.briite.org
42
Changes in Problem Scope
Achieving security of research systems:
within labs
across labs
© 2007, BRIITE
http://www.briite.org
43
Changes in Problem Scope
Achieving security of research systems:
within labs
across labs
across departments
© 2007, BRIITE
http://www.briite.org
44
Changes in Problem Scope
Achieving security of research systems:
within labs
across labs
across departments
across campuses
© 2007, BRIITE
http://www.briite.org
45
Changes in Problem Scope
Achieving security of research systems:
within labs
across labs
across departments
across campuses
across institutions
© 2007, BRIITE
http://www.briite.org
46
Changes in Problem Scope
Achieving security of research systems:
within labs
across labs
across departments
across campuses
across institutions
across state boundaries
© 2007, BRIITE
http://www.briite.org
47
Changes in Problem Scope
Achieving security of research systems:
within labs
across labs
across departments
across campuses
across institutions
across state boundaries
across national boundaries
© 2007, BRIITE
http://www.briite.org
48
Changes in Problem Domain
New problems keep arising:
financial system
confidential data on lost laptops
web site break-ins
student music downloads
termination policies
HIPAA
...
© 2007, BRIITE
http://www.briite.org
49
Changes in Logical Status
Some change is so
profound that jokes
become reality.
© 2007, BRIITE
http://www.briite.org
50
Changes in Logical Status
Some change is so
profound that jokes
become reality.
Sarcastic comment:
DNA is inherently
identifiable. Pretty soon
we’ll have to start putting
deliberate errors into
DNA sequences before
we can share them…
© 2007, BRIITE
http://www.briite.org
51
Changes in Logical Status
Some change is so
profound that jokes
become reality.
Sarcastic comment:
DNA is inherently
identifiable. Pretty soon
we’ll have to start putting
deliberate errors into
DNA sequences before
we can share them…
Recent article in Science
© 2007, BRIITE
http://www.briite.org
52
Changes in Logical Status
Page 2:
Tactics for de-identifying
genomic data:
© 2007, BRIITE
http://www.briite.org
53
Changes in Logical Status
Page 2:
Tactics for de-identifying
genomic data:
© 2007, BRIITE
http://www.briite.org
54
Changes in Logical Status
Page 2:
Tactics for de-identifying
genomic data:
When reality starts to resemble
parody, things are getting too
complex for comfort.
© 2007, BRIITE
http://www.briite.org
55
Rules Keep
Changing
Rules Keep Changing
HIPAA
Sarbanes Oxley
News stories of lost laptops
Internal audit departments
Non-research savvy auditors
Engaged boards of directors
...
© 2007, BRIITE
http://www.briite.org
57
Solution Keeps
Changing
Solution Keeps Changing
We need comprehensive support for
implementing security in a totally
decentralized federation.
No such solution exists.
So we keep implementing the
approximation du jour (or maybe de jure).
© 2007, BRIITE
http://www.briite.org
59
Human Subjects
Research
What is Human Subjects Research?
Certain activities are obviously human
subjects research, appropriately covered
by IRB rules and procedures.
But, where are the limits? What activities
are covered and what are not?
Effect of food additive?
Price of popcorn in movie theaters?
Production of recipe book?
© 2007, BRIITE
http://www.briite.org
61
HSR Criteria
Project:
MBA student wants to
interview theater managers
about price of popcorn at
different times and for
different features.
Problem:
Should this activity be
considered research
involving human subjects
covered by 45 CFR part 46?
Answer:
© 2007, BRIITE
http://www.briite.org
62
HSR Criteria
Project:
MBA student wants to
interview theater managers
about price of popcorn at
different times and for
different features.
Problem:
Should this activity be
considered research
involving human subjects
covered by 45 CFR part 46?
Answer:
© 2007, BRIITE
http://www.briite.org
63
HSR Criteria
Project:

MBA student wants to
interview theater managers
about price of popcorn at
different times and for
different features.


Problem:
Should this activity be
considered research
involving human subjects
covered by 45 CFR part 46?
Answer:
© 2007, BRIITE


http://www.briite.org
64
HSR Criteria
Project:

MBA student wants to
interview theater managers
about price of popcorn at
different times and for
different features.

Problem:
?

Should this activity be
considered research
involving human subjects
covered by 45 CFR part 46?


Answer:

© 2007, BRIITE
http://www.briite.org
65
HSR Criteria
Project:
Research team wants to
interview IRB heads,
security officers, other
institutional leaders to
determine the policy
requirements governing the
deployment of multi-site
digital security systems.
Problem:
Should this activity be
considered research
involving human subjects
covered by 45 CFR part 46?
© 2007, BRIITE
http://www.briite.org
66
HSR Criteria
Project:

Research team wants to
interview IRB heads,
security officers, other
institutional leaders to
determine the policy
requirements governing the
deployment of multi-site
digital security systems.


Problem:

Should this activity be
considered research
involving human subjects
covered by 45 CFR part 46?


© 2007, BRIITE
http://www.briite.org
67
HSR Criteria
Project:

Research team wants to
interview IRB heads,
security officers, other
institutional leaders to
determine the policy
requirements governing the
deployment of multi-site
digital security systems.

?
Problem:
Should this activity be
considered research
involving human subjects
covered by 45 CFR part 46?
© 2007, BRIITE
http://www.briite.org
68
END