User Access to Scientific Facilities via 5G: A Cyber Security Thought Experiment

5G is more than an over-the-air radio technology upgrade. It is a strategy to extend Mobile Network Operator service offerings beyond traditional voice, instant messaging and Internet access. 5G Mobile Network Operators will offer new telecommunication services that include enhanced guarantees of confidentiality, integrity and availability. How could such services change the way Science collaborations connect scientists to supercomputers and other scientific facilities? Current scientific collaborations implicitly trust cloud service providers to securely store and process data. The perceived risks of outsourcing Science data security are counterbalanced by assurances that cloud providers operate at a scale that allows them to implement security measures impractical for Science collaborations (e.g. continuous system administrator behavioral monitoring and strict individual separation of duties). If that is true for a cloud service provider like Amazon Web Services (2018 revenue: $25.7 billion), could it also be true for Mobile Network Operators like Verizon Wireless (2018 revenue: $91.7 billion) or AT&T Mobility (2018 revenue: $71.3 billion)? DOE Leadership Class supercomputer facility users currently access them from the public Internet via Secure Shell. The sponsors and operators of the supercomputer facilities have determined that the public Internet path between the Scientist’s Device and the Login Node does not natively provide enough confidentiality or integrity to protect those communications. Therefore, the facilities achieve additional confidentiality and integrity by requiring Secure Shell encryption across those untrusted network paths. Using 5G Network Slice technology, a Mobile Network Operator may offer communication services between supercomputer users and facilities that natively provide confidentiality and integrity guarantees. Sponsors and operators of supercomputer facilities may determine that these guarantees provide enough confidentiality and integrity to protect those communications. If so, a 5G Network Slice could replace an SSH session running over the public Internet. Finally, this use case could be extended to other Office of Science user facility access requirements. Consider microscopy instruments at (e.g.) the Center for Nanoscale Materials or the Environmental Molecular Sciences Laboratory. The embedded systems controlling such instruments may not always support encrypted network access technologies like SSH. 5G Network Slices may offer an alternative to current VPN or SSH tunneling techniques, with additional benefits like guaranteed minimum bandwidth.