Like any other organisation, institute or enterprise, CERN is under permanent attack by evildoers. Attackers try to break into our data centres, misuse the computing power of the Worldwide LHC Computing Grid and attempt to steal your CERN password or compromise your laptop or PC. 2018 was no different from the years before. As 2019 begins, we would like to share a few fun facts on CERN computer security and our activities in 2018.

Cybersecurity is a marathon and, as in previous years, CERN computing resources were challenged by many different parties. Thanks to your awareness and care, the proactiveness of our colleagues in keeping the data centres and their computing services up to date, the quick responses when incidents have happened and the willingness of the CERN Management to embark on new protective measures, CERN has been spared from major cyber-disasters. Still, we have not been idle! All our computer security interventions are documented in our Monthly Report and some of them have been discussed in previous Bulletin articles. Here are a few fun facts:

• 116 computer security interventions were performed by the CERN Computer Security team in 2018;
• 2TB of data per day was analysed in CERN’s Security Operations Centre;
• This data is compared online with about 17 000 suspicious IP addresses, domain names or known malicious files (so-called indicators of compromise, IoC);
• The most serious computer security incident so far (back in 2016) required 30 person-weeks of in-depth studies before it was finally concluded;
• 3 Macbooks were found to have been infected in 2018;
• 2670 CERN e-mail addresses (and local passwords!) associated with an external web service were exposed in a single data breach of that service;
• In the last “clicking campaign”, 15.2% of the email recipients clicked and would potentially have rendered their device compromised;
• 516 878 EUR in compensation has been demanded following an alleged licence violation;
• 126 CERN staff and users have so far been trained to become White Hats;
• 26% of non-computer devices, e.g. control systems, webcams, printers, coffee machines, smart meters, oscilloscopes, Raspberry Pis and Arduinos – devices of the so-called Internet of Things – connected to CERN’s office network have been found to be vulnerable;
• 2766 Service Now tickets were handled in 2018.

Will 2019 be calmer? That would be unexpected and against worldwide trends. Instead, 2019 will doubtless be as interesting as the past! So we continue to count on your help: with a sufficient amount of awareness, sensitivity and caution – STOP – THINK – DON’T CLICK – you can protect your own computers, tablets and smart phones, documents, photos and data, bank accounts and online accounts – and contribute significantly to protecting CERN!!! We wish you, your friends and your families a safe and secure 2019!

Christoph M. Madsen/CERN Video Productions

_______

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.