Upload
olivia-napier
View
215
Download
2
Tags:
Embed Size (px)
Citation preview
3-5 October 2007© 2007, BRIITE Biomedical Research Institutions Information Technology Exchange
Implementing Security without Inhibiting Research:Mission Impossible?
( http://www.esp.org/briite/meetings )
Robert J. [email protected]
(206) 667 4778
Biomedical Research Institutions Information Technology Exchange
Robert J. [email protected]
(206) 667 4778
( http://www.esp.org/briite/meetings )
3-5 October 2007© 2007, BRIITE
Implementing Security without Inhibiting Research:Mission Impossible?
Implementing Security without Inhibiting Research:Mission Impossible?
Biomedical Research Institutions Information Technology Exchange
( http://www.esp.org/rjr/briite-RJR-salk-2005.pdf)
Robert J. [email protected]
(206) 667 4778
Impossible?Maybe not.
But it is very hard.
3-5 October 2007© 2007, BRIITE
(206) 667 4778
Implementing Security without Inhibiting Research:Mission Impossible?
Impossible?Maybe not.
But it is very hard.
Biomedical Research Institutions Information Technology Exchange
( http://www.esp.org/rjr/briite-RJR-salk-2005.pdf)
Robert J. Robbins
3-5 October 2007© 2007, BRIITE
The challenge is real, yet we all need to figure out how to implement some kind of solution anyway.
5© 2007, BRIITE http://www.briite.org
(206) 667 4778
Implementing Security without Inhibiting Research:Mission Impossible?
Impossible?Maybe not.
But it is very hard.
Biomedical Research Institutions Information Technology Exchange
( http://www.esp.org/rjr/briite-RJR-salk-2005.pdf)
Robert J. Robbins
3-5 October 2007© 2007, BRIITE
The challenge is real, yet we all need to figure out how to implement some kind of solution anyway.
And, we had better be prepared to replace our solution with a better solution every few years for the next decade.
6© 2007, BRIITE http://www.briite.org
The Problem
• Culture clash between research and security.
7© 2007, BRIITE http://www.briite.org
The Problem
• Culture clash between research and security.
• Work occurs within decentralized organizations.
8© 2007, BRIITE http://www.briite.org
The Problem
• Culture clash between research and security.
• Work occurs within decentralized organizations.
• Work occurs across institutional boundaries.
9© 2007, BRIITE http://www.briite.org
The Problem
• Culture clash between research and security.
• Work occurs within decentralized organizations.
• Work occurs across institutional boundaries.
• Problem keeps changing.
10© 2007, BRIITE http://www.briite.org
The Problem
• Culture clash between research and security.
• Work occurs within decentralized organizations.
• Work occurs across institutional boundaries.
• Problem keeps changing.
• Rules keep changing.
11© 2007, BRIITE http://www.briite.org
The Problem
• Culture clash between research and security.
• Work occurs within decentralized organizations.
• Work occurs across institutional boundaries.
• Problem keeps changing.
• Rules keep changing.
• Solution keeps changing.
12© 2007, BRIITE http://www.briite.org
The Problem
• Culture clash between research and security.
• Work occurs within decentralized organizations.
• Work occurs across institutional boundaries.
• Problem keeps changing.
• Rules keep changing.
• Solution keeps changing.
• Human-subjects work is especially challenging.
CultureClash
14© 2007, BRIITE http://www.briite.org
Culture Clash
SECURITY
closed
RESEARCH
open
15© 2007, BRIITE http://www.briite.org
Culture Clash
SECURITY
closed
planned
RESEARCH
open
opportunistic
16© 2007, BRIITE http://www.briite.org
Culture Clash
SECURITY
closed
planned
structured
RESEARCH
open
opportunistic
creative
17© 2007, BRIITE http://www.briite.org
Culture Clash
SECURITY
closed
planned
structured
respect authority
RESEARCH
open
opportunistic
creative
challenge authority
18© 2007, BRIITE http://www.briite.org
Culture Clash
SECURITY
closed
planned
structured
respect authority
process driven
. . .
RESEARCH
open
opportunistic
creative
challenge authority
one-off mentality
. . .
DecentralizedOrganizations
20© 2007, BRIITE http://www.briite.org
Decentralized Organizations
Would this work in your organization:
21© 2007, BRIITE http://www.briite.org
Decentralized Organizations
Would this work in your organization:
Your convenience is no reason for me to sacrifice the security of my network…
22© 2007, BRIITE http://www.briite.org
Decentralized Organizations
Would this work in your organization:
But it does work in the military, where this quote originates.
Your convenience is no reason for me to sacrifice the security of my network…
23© 2007, BRIITE http://www.briite.org
True Story
Conversation between network administrator (N) and faculty member (F):
24© 2007, BRIITE http://www.briite.org
True Story
Conversation between network administrator (N) and faculty member (F):
N: These changes will improve the security of our network.
25© 2007, BRIITE http://www.briite.org
True Story
Conversation between network administrator (N) and faculty member (F):
N: These changes will improve the security of our network.
F: But they will make it impossible for my lab to carry out its research.
26© 2007, BRIITE http://www.briite.org
True Story
Conversation between network administrator (N) and faculty member (F):
N: These changes will improve the security of our network.
F: But they will make it impossible for my lab to carry out its research.
N: With a little effort you should be able to find a work-around.
27© 2007, BRIITE http://www.briite.org
True Story
Conversation between network administrator (N) and faculty member (F):
N: These changes will improve the security of our network.
F: But they will make it impossible for my lab to carry out its research.
N: With a little effort you should be able to find a work-around.
F: My staff and I have already devoted substantial effort to the problem and there is no work-around for us. However, we have determined that a relatively minor change in your security plan would meet your security needs while still allowing us to carry out our research.
28© 2007, BRIITE http://www.briite.org
True Story
Conversation between network administrator (N) and faculty member (F):
N: These changes will improve the security of our network.
F: But they will make it impossible for my lab to carry out its research.
N: With a little effort you should be able to find a work-around.
F: My staff and I have already devoted substantial effort to the problem and there is no work-around for us. However, we have determined that a relatively minor change in your security plan would meet your security needs while still allowing us to carry out our research.
N: What do you know about network security?
You’re just an end user.
29© 2007, BRIITE http://www.briite.org
True Story
Conversation between network administrator (N) and faculty member (F):
N: These changes will improve the security of our network.
F: But they will make it impossible for my lab to carry out its research.
N: With a little effort you should be able to find a work-around.
F: My staff and I have already devoted substantial effort to the problem and there is no work-around for us. However, we have determined that a relatively minor change in your security plan would meet your security needs while still allowing us to carry out our research.
N: What do you know about network security?
You’re just an end user.
Yes, but this end user also had a Nobel Prize and about two attractive job offers a month from other institutions.
30© 2007, BRIITE http://www.briite.org
True Story
Conversation between network administrator (N) and faculty member (F):
N: These changes will improve the security of our network.
F: But they will make it impossible for my lab to carry out its research.
N: With a little effort you should be able to find a work-around.
F: My staff and I have already devoted substantial effort to the problem and there is no work-around for us. However, we have determined that a relatively minor change in your security plan would meet your security needs while still allowing us to carry out our research.
N: What do you know about network security. You’re just an end user.
Yes, but this end user also had a Nobel Prize and about two attractive job offers a month from other institutions.POP
QUIZ
31© 2007, BRIITE http://www.briite.org
True Story
Conversation between network administrator (N) and faculty member (F):
N: These changes will improve the security of our network.
F: But they will make it impossible for my lab to carry out its research.
N: With a little effort you should be able to find a work-around.
F: My staff and I have already devoted substantial effort to the problem and there is no work-around for us. However, we have determined that a relatively minor change in your security plan would meet your security needs while still allowing us to carry out our research.
N: What do you know about network security. You’re just an end user.
Yes, but this end user also had a Nobel Prize and about two attractive job offers a month from other institutions.
The most likely outcome was:
32© 2007, BRIITE http://www.briite.org
True Story
Conversation between network administrator (N) and faculty member (F):
N: These changes will improve the security of our network.
F: But they will make it impossible for my lab to carry out its research.
N: With a little effort you should be able to find a work-around.
F: My staff and I have already devoted substantial effort to the problem and there is no work-around for us. However, we have determined that a relatively minor change in your security plan would meet your security needs while still allowing us to carry out our research.
N: What do you know about network security. You’re just an end user.
Yes, but this end user also had a Nobel Prize and about two attractive job offers a month from other institutions.
The most likely outcome was:
1.The researcher totally changed his research program to meet the new security standards, or . . .
33© 2007, BRIITE http://www.briite.org
True Story
Conversation between network administrator (N) and faculty member (F):
N: These changes will improve the security of our network.
F: But they will make it impossible for my lab to carry out its research.
N: With a little effort you should be able to find a work-around.
F: My staff and I have already devoted substantial effort to the problem and there is no work-around for us. However, we have determined that a relatively minor change in your security plan would meet your security needs while still allowing us to carry out our research.
N: What do you know about network security. You’re just an end user.
Yes, but this end user also had a Nobel Prize and about two attractive job offers a month from other institutions.
The most likely outcome was:
1.The researcher totally changed his research program to meet the new security standards, or . . .
2.The network administrator found himself with the opportunity to spend more time with his family.
Work SpansInstitutionalBoundaries
35© 2007, BRIITE http://www.briite.org
Much biomedical research is now conducted by teams of collaborators, often spanning multiple institutions.
Research that starts at one institution segues into multi-institutional work as students graduate, post-docs move on, and other changes occur.
Work Spans Institutions
36© 2007, BRIITE http://www.briite.org
Research often is accomplished by INFORMAL teams of workers, spanning multiple organizations.
These teams dynamically come into existence to meet a research need, then disband.
Work Spans Institutions
37© 2007, BRIITE http://www.briite.org
Portions of tens (or hundreds) of such teams exist at any one time within any research organization.
These teams are often not based on any formal relationships between the home institutions of the researchers.
Work Spans Institutions
38© 2007, BRIITE http://www.briite.org
Delivering high quality security across such teams either involves:
a proliferation of accounts across institutions, or
a security system designed for a totally decentralized federation
Work Spans Institutions
39© 2007, BRIITE http://www.briite.org
Delivering high quality security across such teams either involves:
a proliferation of accounts across institutions, or
a security system designed for a totally decentralized federation
Work Spans Institutions
No currently available security system is designed to meet the needs of a totally decentralized
federation.
Problem KeepsChanging
41© 2007, BRIITE http://www.briite.org
Changes in Problem Scope
Achieving security of research systems:
42© 2007, BRIITE http://www.briite.org
Changes in Problem Scope
Achieving security of research systems:
within labs
43© 2007, BRIITE http://www.briite.org
Changes in Problem Scope
Achieving security of research systems:
within labs
across labs
44© 2007, BRIITE http://www.briite.org
Changes in Problem Scope
Achieving security of research systems:
within labs
across labs
across departments
45© 2007, BRIITE http://www.briite.org
Changes in Problem Scope
Achieving security of research systems:
within labs
across labs
across departments
across campuses
46© 2007, BRIITE http://www.briite.org
Changes in Problem Scope
Achieving security of research systems:
within labs
across labs
across departments
across campuses
across institutions
47© 2007, BRIITE http://www.briite.org
Changes in Problem Scope
Achieving security of research systems:
within labs
across labs
across departments
across campuses
across institutions
across state boundaries
48© 2007, BRIITE http://www.briite.org
Changes in Problem Scope
Achieving security of research systems:
within labs
across labs
across departments
across campuses
across institutions
across state boundaries
across national boundaries
49© 2007, BRIITE http://www.briite.org
Changes in Problem Domain
New problems keep arising:
financial system
confidential data on lost laptops
web site break-ins
student music downloads
termination policies
HIPAA
. . .
50© 2007, BRIITE http://www.briite.org
Changes in Logical Status
Some change is so profound that jokes become reality.
51© 2007, BRIITE http://www.briite.org
Changes in Logical Status
Some change is so profound that jokes become reality.
Sarcastic comment:
DNA is inherently identifiable. Pretty soon we’ll have to start putting deliberate errors into DNA sequences before we can share them…
52© 2007, BRIITE http://www.briite.org
Changes in Logical Status
Some change is so profound that jokes become reality.
Sarcastic comment:
DNA is inherently identifiable. Pretty soon we’ll have to start putting deliberate errors into DNA sequences before we can share them…
Recent article in Science
53© 2007, BRIITE http://www.briite.org
Changes in Logical Status
Page 2:
Tactics for de-identifying genomic data:
54© 2007, BRIITE http://www.briite.org
Changes in Logical Status
Page 2:
Tactics for de-identifying genomic data:
55© 2007, BRIITE http://www.briite.org
Changes in Logical Status
Page 2:
Tactics for de-identifying genomic data:
When reality starts to resemble parody, things are getting too
complex for comfort.
Rules KeepChanging
57© 2007, BRIITE http://www.briite.org
Rules Keep Changing
HIPAA
Sarbanes Oxley
News stories of lost laptops
Internal audit departments
Non-research savvy auditors
Engaged boards of directors
. . .
Solution KeepsChanging
59© 2007, BRIITE http://www.briite.org
Solution Keeps Changing
We need comprehensive support for implementing security in a totally decentralized federation.
No such solution exists.
So we keep implementing the approximation du jour (or maybe de jure).
Human SubjectsResearch
61© 2007, BRIITE http://www.briite.org
What is Human Subjects Research?
Certain activities are obviously human subjects research, appropriately covered by IRB rules and procedures.
But, where are the limits? What activities are covered and what are not?
Effect of food additive?
Price of popcorn in movie theaters?
Production of recipe book?
62© 2007, BRIITE http://www.briite.org
HSR Criteria
Project:
MBA student wants to interview theater managers about price of popcorn at different times and for different features.
Problem:
Should this activity be considered research involving human subjects covered by 45 CFR part 46?
Answer:
63© 2007, BRIITE http://www.briite.org
HSR Criteria
Project:
MBA student wants to interview theater managers about price of popcorn at different times and for different features.
Problem:
Should this activity be considered research involving human subjects covered by 45 CFR part 46?
Answer:
64© 2007, BRIITE http://www.briite.org
HSR Criteria
Project:
MBA student wants to interview theater managers about price of popcorn at different times and for different features.
Problem:
Should this activity be considered research involving human subjects covered by 45 CFR part 46?
Answer:
65© 2007, BRIITE http://www.briite.org
Project:
MBA student wants to interview theater managers about price of popcorn at different times and for different features.
Problem:
Should this activity be considered research involving human subjects covered by 45 CFR part 46?
Answer:
HSR Criteria
?
66© 2007, BRIITE http://www.briite.org
HSR Criteria
Project:
Research team wants to interview IRB heads, security officers, other institutional leaders to determine the policy requirements governing the deployment of multi-site digital security systems.
Problem:
Should this activity be considered research involving human subjects covered by 45 CFR part 46?
67© 2007, BRIITE http://www.briite.org
HSR Criteria
Project:
Research team wants to interview IRB heads, security officers, other institutional leaders to determine the policy requirements governing the deployment of multi-site digital security systems.
Problem:
Should this activity be considered research involving human subjects covered by 45 CFR part 46?
68© 2007, BRIITE http://www.briite.org
HSR Criteria
Project:
Research team wants to interview IRB heads, security officers, other institutional leaders to determine the policy requirements governing the deployment of multi-site digital security systems.
Problem:
Should this activity be considered research involving human subjects covered by 45 CFR part 46?
?
END