Agency Perspective DoD HPCMP Dr Reed L Mosher - Director ITL NSCI HPC Workshop 30 September 2016 Distribution A Approved for Public release distribution is unlimited Overview DoD HPCMP Overview Drivers for the Future Hardware Update Software Update Networking Update Cybersecurity Update Cyber Situational Awareness Distribution A Approved for Public release distribution is unlimited NSCI HPC Security Workshop Page-2 HPCMP High-Level Operational Concept Acquisition Engineering Users A technology-led innovation-focused program committed to extending HPC to address the DoD's most significant challenges DoD Supercomputing Resource Centers DSRCs US Air Force Research Laboratory DSRC Information-assured Networking Software Applications Decision Support Defense Research Engineering Network DREN Core Software US Army Research Laboratory DSRC Computational Environments US Army Engineer Research and Development Center DSRC Results Connects DoD HPC Centers and Users Science and Engineering Research Education and Training Maui High Performance Computing Center DSRC US Navy DSRC Support High-bandwidth Low-latency Full-service Network Distribution A Approved for Public release distribution is unlimited NSCI HPC Security Workshop Page-3 HPCMP Highlights Acquisition Engineering Science and Technology Spans many important use cases which require significant computation and networking capabilities Science and Technology S T - Test andSupport Evaluation Decision Active HPCMP presence in 53 of 62 DoD laboratories Vehicle aerodynamics structure and combustion for hypersonic flight Electromagnetic railgun design Directed energy weapon design Stratified turbulence for submarine design Blast protection for vehicles and occupants Discovery and analysis of new materials Test and Evaluation T E - Acquisition Engineering Acquisition Engineering Decision Support 20 out of 22 DoD Major Range and Test Facilities connected to DREN SDREN Supported 25 T E activities in FY15 for Joint Mission Environment Test Capability JMETC F-35 Joint Strike Fighter JSF Record and Playback Small Diameter Bomb SDB II Testing Acquisition Engineering - - 116 government and industry organizations use HPCMP software to assess the performance of more than 70 DoD weapon systems Military platform analysis and performance prediction Fixed wing air vehicles rotorcraft ships ground vehicles antennas RF signature not connected 45th Space Wing Patrick AFB FL 30th Space Wing Vandenberg AFB CA Distribution A Approved for Public release distribution is unlimited NSCI HPC Security Workshop Page-4 Drivers for the future S T T E and Acquisition Engineering requirements - - - - - Communities of Interest and potential new HPC user communities that are emerging e g hypersonics space electronic warfare autonomy A focus on addressing challenges for T E via HPC-enabled computational proving grounds Different workload classes that require rapid turnaround-time to meet T E and acquisition program deadlines that necessitate tailoring systems to meet Service Agency requirements Cost-effective HPC solutions that address the acquisition community and DoD's critical R D problems may require shared above-secret computing The volume of data produced by numerical models and T E events is challenging traditional data management and analysis methods New data-centric approaches such as data-intensive computing and decision analytics are essential to address these challenges Technical HPC challenges - - - Increasingly complex heterogeneous supercomputing architectures requires code refactoring new I O approaches new algorithms new resiliency approaches Increasingly complex physical and engineered systems requires multi-scale multiphysics modeling with uncertainty quantification and design optimization Increasingly diverse architectures e g data-intensive cognitive reconfigurable Maintaining a strong cybersecurity posture The HPCMP is committed to exploring these with the Services Agencies Prioritization and allocation of HPCMP resources will be identified through high-level Service Agency strategic engagement Distribution A Approved for Public release distribution is unlimited NSCI HPC Security Workshop Page-5 Hardware Update FY14 FY15 FY16 FY17 FY18 FY19 FY20 FY21 FY22 FY23 FY24 FY25 FY26-FY30 TI-13 3 PF AFRL Navy 1 FY14 - 1 PetaFLOP system 2 FY17 - Many-core pilot system 3 FY18 - Pilot architecture initial evaluation 4 FY19 - Pilot architecture small-scale system 5 FY20 - 10 PetaFLOP system pre-exascale 6 FY24 - Cognitive pilot small-scale system 7 FY25 - 100 PetaFLOP system early exascale 8 FY26 - Cognitive production system 9 FY31 - 1 ExaFLOP system 10 FY36 - 10 ExaFLOP system 11 FY36 - Quantum pilot small-scale system 12 FY40 - Quantum production system TI-14 8 PF ARL ERDC TI-15 10 PF AFRL Navy TI-16 11 PF ARL ERDC TI-17 20 PF AFRL Navy TI-18 30 PF ARL ERDC TI-19 47 PF AFRL Navy TI-20 71 PF ARL ERDC 5 PF 89% 9% 2% 2 8PF 90% 8% 2% 26 PF 94% 4% 2% FY36-FY40 Advent List TI-12 5 PF all sites 1 FY31-FY35 26 PF 91% 4% 5% 3 32 PF 89% 6% 5% 4 5 49 PF 85% 10% 5% 61 PF 75% 20% 5% 108 PF 82% 13% 5% 168 PF 75% 19% 6% 258 PF 77% 17% 6% 6 7 8 9 10 11 12 397 PF 74% 20% 6% 614 PF 79% Unclassified 15% Shared Classified SECRET and Above SECRET 6% Evaluation of early-production architectures for DoD HPCMP community o Balanced investments o o o o Shared classified computing Evaluating early-production architectures for DoD HPCMP community Data analytics for T E and Acquisition Engineering communities Data storage infrastructure Distribution A Approved for Public release distribution is unlimited NSCI HPC Security Workshop Page-6 HPCMP Supercomputing Centers Distribution A Approved for Public release distribution is unlimited Unclassified NSCI HPC Security Workshop Page-7 Software Update Computational Research and Engineering Acquisition Tools and Environments CREATE - CREATE has been developing and deploying 13 physics-based engineering tools to acquisition engineers government and industry - CREATE enables DoD engineers to develop and test virtual prototypes of DoD weapon systems - Currently 116 government and industry organizations are using CREATE software to assess the performance of more than 70 DoD weapon systems Must understand and be responsive to acquisition engineering requirements deadline and eventdriven by providing - Agile allocation of computer resources and job scheduling that accommodates customer workflows scheduled and unscheduled work and deadlines - - Rapid onboarding - Strong protection of intellectual property codes and data CREATE-GV CREATE-MG Easy and secure access to computational resources with ability to run store visualize and analyze results Distribution A Approved for Public release distribution is unlimited NSCI HPC Security Workshop Page-8 Network Security High-Level Operational Concept A technology-led innovation-focused program committed to extending HPC to address the DOD's most significant challenges Networking Removes the impact of distance to support the RDT E community anytime anywhere with a versatile low-latency high-throughput communications network Defense Research and Networking Engineering Network DREN DREN Use-Cases DREN Use-Cases Security Applies security intelligently to ensure proactive protection while promoting a productive environment for the RDT E community HPCMP Component Security HPC Center Security Networking Security HPCMP Customer Products Software Security Computer Network Defense Security Assessments Distribution A Approved for Public release distribution is unlimited Security Research Development R D NSCI HPC Security Workshop Page-9 Networking Update Defense Research Engineering Network DREN DoD's premier RDT E network - focused on S T and T E - provides separation from Warfighting networks High-bandwidth low-latency full-service network Connects DoD high performance computing HPC centers and users Secret-level network overlay on 0 Mbps DREN backbone SDREN 1-250 Mbps DREN III provides 50 Mbps to 250-500 Mbps 500-1 000 Mbps 40 Gbps service to DoD sites across a 100 Gbps backbone 1 000-2 500 Mbps Fully supports IPv6 Multicast Platform for next-generation network protocol and security information assurance research 50 Mbps Network # of Sites 2 500 -40 000 Mbps DREN 164 40 000 Mbps SDREN 71 1 Gbps 40 Gbps DSRC 100 100 Gbps Gbps One component of the DoD Information Networks- RDT E companion to NIPRNet SIPRNet Site Speeds Distribution A Approved for Public release distribution is unlimited Backbone NSCI HPC Security Workshop Page-10 Cybersecurity Update Cybersecurity Environment for Detection CEDAR Analysis and Reporting CEDAR - Measures of effectiveness MOE framework as independent capability to quantify security performance of cyber defense technologies Rapid Audit of Unix RADIX - Host-based scanning capability to effectively support HPCMP's Unix-centric computing environment and provide continuous monitoring capabilities for HPC assets RADIX Two-Factor Authentication using YubiKey - Implementation of YubiKey to enable secure authentication for Researchers and Scientists when accessing HPC assets Distribution A Approved for Public release distribution is unlimited NSCI HPC Security Workshop Page-11 UNCLASSIFIED FOR OFFICIAL USE ONLY HPCMP Cybersecurity OV-1 Cybersecurity Environment for Detection Analysis Reporting CSEP CSEP Comprehensive Security Assessment IAP CEDAR CSA Cybersecurity Enhancement Project CSEP Cybersecurity Service Provider CSSP Internet Access Point IAP Rapid Audit of Unix RADIX Service Delivery Point SDP Technical Assistance Center TAC Jigsaw IAP SDP SDP CEDAR CEDAR TAC SDP CEDAR CSA RADIX NMS CSSP CSA CSA RADIX A defense-in-depth strategy to intelligently apply security to the RDT E community Distribution A Approved for Public release distribution is unlimited NSCI HPC Security Workshop Page-12 HPCMP Security Architecture Transition to the DoD Risk Management Framework RMF - Follows the NIST SP 800-37 and SP 800-53 guidance - Follows the 8500 Series Directives Instructions - When RDT E mission requirements require deviation mitigations are implemented to provide equivalent protection at an acceptable risk - Works closely with DOD working groups to ensure RDT E needs are represented Monitoring by HPCMP Computer Network Defense Service Provider CNDSP a Level III Tier II USSTRATCOM-accredited CNDSP - Level III rating last validated May 2014 demonstrates exemplary performance - Actively monitors sensors deployed on DREN at DOD sites external interfaces Includes an advanced Command Cyber Readiness Inspection CCRI called a Comprehensive Security Assessment CSA - CSA teams use automated tools to conduct network host vulnerability scans penetration tests configuration reviews and network mapping - Continuous monitoring tools provide a risk score based on data gathered from CSA tools Intrusion Detection Systems and network flows Distribution A Approved for Public release distribution is unlimited NSCI HPC Security Workshop Page-13 UNCLASSIFIED Cyber Situational Awareness Tasker Examine applicability of high performance computing HPC to cyber situational awareness SA Response o o o FY16 Explore current HPC and cyber SA intersections Discussed HPC and cyber SA with key members of industry academia and government Multiple meetings with Deputy Director Cyber Office of the Under Secretary of Defense Acquisition Technology and Logistics Establish a rudimentary Spark capability on an HPCMP system Acquired hardware to create initial cyber-data repository FY17 Data assembly ontology workflow definition and target select collaborators Assemble representative raw cyber-data streams and associated ontology for use by collaborators Develop HPC processing pipeline to minimize data movement and optimize workflow Target and select set of cyber situational awareness collaborators focused on data analytics Test feasibility by applying current HPCMP assets to information feeds Initial detection analytics evaluated and pipeline workflow benchmarks documented FY18 Discovery exploration and enlightenment Collaborators perform data analytics studies against static datasets from data repository Collaborators report and document findings Benchmarks are performed comparing HPC solutions with traditional non-HPC solutions End of FY18 will include Major Decision Point regarding continuation or modified project objectives Distribution A Approved for Public release distribution is unlimited NSCI HPC Security Workshop Page-14 UNCLASSIFIED FOR OFFICIAL USE ONLY Harnessing HPC for Cyber Situational Awareness Functional Overview Planned Focus Domains to Elements of Cyber SA Awareness Mission Awareness Adversary Awareness Approach Rapidly ingest index assess and query numerous cybersecurity data sources to pursue the following cyber SA advanced analytics 1 Maintain Blue Asset Awareness Monitoring - Sample Use Case Pinpoint end-of-life non-supported systems still connected to networks i e Windows XP Server 2003 etc Ref DoD Cybersecurity Campaign 2 Maintain Network Status Picture Monitoring - Sample Use Case Classify bandwidth utilization per DREN site to provide awareness of network status and provide indicators of denial of service DoS or distributed DoS attacks 3 Identify Malicious Network Behavior Detection - Sample Use Case Detection of distributed web vulnerability scanning of public-facing DREN infrastructure 4 Generate Unusual Activity Alerts Alerting - Sample Use Case Identify patterns of activity that correspond to present core business in other known hostile HPC resources anhours opportunity countries significantly enhance cyber Data situational 5 Send Receive Priority Incident Sharing awareness Collaboration - Sample Use Case Real-time machine-to-machine dissemination of indicators of compromise The integration of HPC within the cyber workflow will provide Fusion and assessment of disparate data streams and realtime analysis using data science algorithms and machine learning both structured unstructured data Automated dynamic response mechanisms to significantly reduce the response time to threats days to minutes o o Network System Awareness Distribution A Approved for Public release distribution is unlimited NSCI HPC Security Workshop Page-15 Summary The HPCMP provides premier high performance computing HPC capability to the RDT E and Acquisition Engineering communities tailored to customer requirements A broad range of customer missions are targeted across the DOD Strategic engagement with Service Agency senior leadership to enhance HPCMP linkage with highest mission priorities Focus on understanding and supporting new user communities and Communities of Interest with continued support to current user communities Distribution A Approved for Public release distribution is unlimited NSCI HPC Security Workshop Page-16 Distribution A Approved for Public release distribution is unlimited NSCI HPC Security Workshop Page-17                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu