High-Risk Security: Protecting America’s Secrets and Scientists

The exact date on which your company will announce its newest widget may be an important trade secret as far as you're concerned. But it may be less sensitive than the confidential information that Lee Neely is charged with protecting: Ultra-classified details of the United States nuclear program.

Which is one reason that Neely is a fan of desktop virtualization.

Neely is senior cyber analyst at the Lawrence Livermore National Laboratory an hour east of San Francisco. Livermore scientists work on a wide range of programs, from alternative energy to counter-terrorism. But they are perhaps best known for their research on nuclear weapons, an enterprise that begin with the Cold War.

Computers, of course, have always been central to modern nuclear weapons engineering, and some of the machines at Livermore contain information that is so sensitive that they are not connected to any type of network at all, meaning they can be accessed only in-person.

But other machines are connected, some on super-secure networks designed just for the lab while others are linked to the same Internet that unites the rest of the world.

Connected People in a Disconnected Workplace

Neely said that Livermore's 7,000 users, many of them scientists, want to do all the online tasks that office workers everywhere do, like check an email from home or catch up on a sports score at work.

But until recently, that simply wasn't possible; any connection to the outside world was considered too risky for scientists at secure workstations.

"If someone wanted to access their email, they had to go down to the local Starbucks," Neely said. "We didn't have a lot of happy people." Especially because so much of the world’s scientific collaboration is done via email.

Hence the need for Virtualized Desktop Infrastructure.

Livemore’s VDI allows engineers to access a regular Windows desktop, with full Internet connectivity -- but sandboxed in a way that blocks infection via malware, or worse.

Keeping the Networks Safe

"We use the VDI to keep users out of harm's way," Neely said. "If someone happens to click on the wrong thing, we can just shut down their virtual machine. Without the VDI, we might have had to send someone out to replace their physical machine, and other computers that were connected to it. And the infection could get out of control. With the VDI, you have a functional computer, but one that isn't connected to the rest of the lab's resources."

What exactly are the sort of risks Neely is trying to avoid? A lot of the same ones you are. "The biggest risk we face is malware that is attached to email," he said. "And with a VDI, people can access their mail without us having to worry about this."

Next he said, is a familiar problem from the civilian world: "Drive-by" infections from nefarious Web sites. After that, though, Neely's job gets more interesting. For one thing, he said, his facility has a ".gov" domain name, which just by itself attracts attention. "The entire time we have been here, we have been a target," he said.

And then, of course, there are the high-value nuclear secrets contained inside the lab, though that's a topic Neely isn't allowed to discuss. About all he can say is that, "There is a lot of pressure to deliver."