When Open Science Meets Real-World Cybersecurity

Open science thrives on unrestricted data sharing, yet that very openness can expose research facilities to cyber threats when security is an afterthought. At Fermilab, the tension between massive public datasets and traditional enterprise safeguards forces a cultural shift: security teams must embed themselves early in project lifecycles, translating scientific requirements into manageable risk controls. This collaborative model not only prevents accidental data leaks but also preserves the agility researchers need to push the frontiers of high‑energy physics, setting a precedent for universities and national labs worldwide.

When availability outweighs confidentiality, the classic CIA triad bends toward a more nuanced NIST framework. Publicly releasable information can forgo costly encryption at rest, focusing instead on integrity and uptime, while proprietary systems remain under moderate confidentiality controls. This differentiated approach reduces operational overhead without compromising essential protections, allowing Fermilab to maintain continuous access to terabytes of experimental data. The practice illustrates how tailored control sets can reconcile the seemingly opposing goals of open research and robust cyber hygiene.

Legacy operational technology—custom accelerators, aging OT hardware, and bespoke control systems—poses the greatest long‑term cyber risk. Replacement cycles span decades, making integration of modern security tools challenging. DOE’s Center of Excellence for Operational Technology (CoE4OT), co‑chaired by Kwiatkowski, tackles this by standardizing architecture, upskilling staff, and instituting continuous monitoring across the lab network. The initiative not only mitigates vulnerabilities in one‑off precision machines but also offers a scalable blueprint for other research institutions wrestling with similar legacy constraints, ensuring that scientific progress remains resilient against evolving cyber threats.