Subscribe options

Select your newsletters:

Please enter your email address:

@

Your email address will only be used for the purpose of sending you the ITER Organization publication(s) that you have requested. ITER Organization will not transfer your email address or other personal data to any other party or use it for commercial purposes.

If you change your mind, you can easily unsubscribe by clicking the unsubscribe option at the bottom of an email you've received from ITER Organization.

For more information, see our Privacy policy.

News & Media

Latest ITER Newsline

  • Fusion world | Innovative approaches and how ITER can help

    More than 30 private fusion companies from around the world attended ITER's inaugural Private Sector Fusion Workshop in May 2024. Four of them participated in a [...]

    Read more

  • Robert Aymar (1936-2024) | A vision turned into reality

    Robert Aymar, who played a key role in the development of fusion research in France and worldwide, and who headed the ITER project for 10 years (1993-2003) befo [...]

    Read more

  • The ITER community | United in a common goal

    Gathered on the ITER platform for a group photo (the first one since 2019, in pre-Covid times) the crowd looks impressive. Although several hundred strong, it r [...]

    Read more

  • Vacuum vessel | Europe completes first of five sectors

    The ITER assembly teams are gearing up to receive a 440-tonne machine component shipped from Italy—sector #5, the first of five vacuum vessel sectors expected f [...]

    Read more

  • SOFT 2024 | Dublin conference highlights progress and outstanding challenges

    Nestled in the residential suburb of Glasnevin, Dublin City University is a fairly young academic institution. When it opened its doors in 1980 it had just 200 [...]

    Read more

Of Interest

See archived entries

IT security

Defending ITER's cyberspace

Cybercrime is not just the domain of thriller authors who have exploited the theme since the dawn of the computer age. In today's interconnected world threats from cyberspace are a daily occurrence and everyone—individuals and big companies alike—needs to guard against unwanted intrusions. At ITER, IT security is in a good shape, says Romain Bourgue.
 
The blue bar graph on the dashboard shows the number of cyber attacks on ITER's IT system—ranging from several hundred up to several thousand an hour according to IT security expert Romain Bourgue. (Click to view larger version...)
The blue bar graph on the dashboard shows the number of cyber attacks on ITER's IT system—ranging from several hundred up to several thousand an hour according to IT security expert Romain Bourgue.
We've all experienced the annoyance of a virus on our home computers. To defend against another attack we keep our computers updated, arm them with the latest antivirus software, and make sure our information is safely stored in second or even third copy on external devices.

The situation is much more serious when a big company's IT security is breached. "The consequences can be far-reaching," says Romain Bourgue, responsible for IT security at ITER. "A virus in an industrial information system can translate into losing the control of a vital piece of equipment like a pump, a lift or a crane. Effective protection of all IT assets is crucial for the entire ITER Project."

When Bourgue joined ITER in 2016, an initial status check of ITER's information system confirmed that it was adequately protected. But, there was no reason to be complacent. "Cyber threats are a constant challenge," he says. "Every day we detect and deter up to 70,000 attacks on our IT systems."

"In addition, of the 60,000 emails received from the outside every day only a tenth reaches ITER email accounts. We reject the remaining 90 percent because of spam or malicious software, so-called malware."

How then do we maintain the high-level protection of ITER's roughly 3,000 computers—including its 600 servers—against this constant barrage of cyber warfare? Just as with your home computer, regular software updates and data backups are the backbone of IT systems protection. But there is always the specter of emerging threats or targeted attacks going undetected. That is why constant monitoring is a key element of cyber security. It helps to detect early signs of a compromise and take proactive actions to prevent a breach.

New threats in the cyber world pop up like mushrooms. It is impossible to predict what the next one will be and where it will strike. So how do you prepare for the unknown? "We are aiming to limit our exposure and control our environment," says Bourgue. "This may at times appear restrictive."

Several rows of dark sleek cabinets in the basement of the ITER building host some of ITER's 600 servers. (Click to view larger version...)
Several rows of dark sleek cabinets in the basement of the ITER building host some of ITER's 600 servers.
One such measure is the constraint on administrator rights for individual computers. "It's a way to protect ourselves against threats that would leverage administrator rights," explains Bourgue.

Bourgue has also taken to simulating attacks on the IT system. "Like a good locksmith needs to understand how a lock works, we need to understand how our security reacts when a breach occurs," says Bourgue. Such scenarios help to monitor and test ITER's IT security.

The challenge for an IT security system is to find the right balance between usability of the IT system and alignment with overall project needs. ITER's computer network needs to be secure, but the user's productivity should not be impacted.

For Bourgue the user is a key player when it comes to IT security. Whether in front of a computer screen in an office or at a switchboard on the worksite, each and every IT user at ITER needs to stay alert. "As users of IT equipment, we are the first line of defense," says Bourgue.

Over the next five years, Bourgue will implement new IT security measures to keep in line with the demands of the growing project and the ever-increasing number of cyber challenges. He envisages a security operations centre and regular IT security training courses to ensure the IT awareness of all staff.

As if on cue, Bourgue's laptop sounds an alert. "Someone is trying to connect to a website that does bitcoin mining. It's probably malware." Never a dull moment for IT security.


return to the latest published articles