Tag Archives: Department of Energy

National Laboratories Information Technology(NLIT) Summit 2025:Top 5 Insights on Automation, Cybersecurity and More

Posted on by
Reply

Technology enables Government agencies to strengthen security, increase efficiency and collaborate across departments. This year at the National Laboratories Information Technology (NLIT) Summit, representatives from the National Laboratories, Government IT decision-makers and industry and vendor partners gathered to discuss recent advancements in IT across the Department of Energy (DOE) labs, featuring panels, interactive sessions and demonstrations focused on emerging, mission-driven technologies. Carahsoft stood alongside its partners, such as Amazon Web Services (AWS), Snowflake and GitLab to support the DOE’s mission objectives. Together, we deliver secure, compliant solutions that drive innovation—from MultiCloud strategies and generative AI to streamlined IT procurement.

Here are the top themes discussed at this year’s summit.

Artificial Intelligence Exploration

The National Laboratories are at the forefront of advancing artificial intelligence (AI) and High Performance Computing (HPC) to meet critical mission objectives. Several DOE labs are showcasing this commitment through transformative initiatives. At Los Alamos National Laboratory, the establishment of the National Security AI Office and the deployment of the Venado AI supercomputer reflect a strategic focus on embedding AI into national security operations. Sandia National Laboratories is leading innovation with “vibe coding,” an AI-assisted development methodology that allows developers to generate code based on described functionality, streamlining the software development process.

To further accelerate AI and HPC capabilities, the National Laboratories are leveraging NVIDIA technologies, including GPU-powered infrastructure and AI toolkits, to support high-throughput data analysis, simulation and machine learning applications. This partnership enables scalable performance and energy-efficient computing tailored to complex scientific workloads.

In response to growing cybersecurity threats, labs are also deploying AI-driven automated response systems to detect and neutralize risks in real time. These combined efforts enhance the DOE’s cybersecurity posture while reinforcing the National Laboratories’ leadership in next-generation computing and AI innovation.

Argo: A New Generative AI Platform

As part of its development, Argo incorporates technologies from OpenAI to support advanced natural language processing and generative tasks. By integrating OpenAI models with internal controls and security protocols, Argonne can deliver high-performing language tools tailored to research and mission needs, without compromising data integrity.

Future enhancements to Argo will include:

  • Document upload for summarization and analysis
  • Adjustable response styles that range from creative and exploratory to focused and deterministic
  • Integration of Argonne-specific knowledge and internal documents for contextualized outputs
  • Onsite deployment of GPU resources to host fine-tuned and open-source LLMs, enabling operational applications such as translation, code generation and scientific research

Through Argo, Argonne is setting a benchmark for secure, mission-aligned AI deployment across the DOE ecosystem.

An Automated Approach to Cybersecurity 

Sandia National Laboratories emphasized the critical need to embed security at every stage of the software development lifecycle through a DevSecOps approach. In the session “From DevOps to DevSecOps: ASC DSO at Sandia’s Journey toward Secure Software” Stuart Baxley, a Senior Research & Development Computer Scientist shared how Sandia integrates automated tools and continuous monitoring to enable early threat detection and fast remediation—reducing both risk and cost compared to reactive approaches. Agencies with automation tools, such as GitLab, enable the National Laboratories to manage their unique software development environments.

To enhance cybersecurity posture, Sandia recommends the adoption of key security practices and tools, including. Static Application Security Testing (SAST), Software Bill of Materials (SBOM) and container scanning. Leveraging these capabilities is essential to maintaining resilience in an increasingly complex and dynamic threat environment.

Efficiency Through the Cloud

Lawrence Berkeley National Laboratory has advanced its cloud adoption efforts through the Materials Project initiative, leveraging Amazon Web Services (AWS) to significantly improve the availability, accessibility and scalability of its data products. This successful deployment offers a strong blueprint for other national laboratories exploring cloud migration.

By transitioning to cloud infrastructure, the lab has unlocked a range of strategic benefits including enhanced collaboration, improved high-performance computing capabilities, robust encryption and data security and accelerated AI-driven research. These advantages position cloud adoption not just as a technical upgrade, but as a critical enabler of research efficiency, data innovation and scientific discovery in today’s increasingly data-intensive environment.

Managing Diverse Data

As datasets across the National Laboratories continue to grow in size and complexity, effective data management becomes increasingly challenging. Oak Ridge National Laboratory advocates for a holistic approach, recognizing that no single tool can address every need. Instead, the focus should be on strengthening data transfer capabilities and adopting integrated strategies to improve overall data mobility and accessibility.

In alignment with federal mandates, laboratories and agencies managing research data must prioritize the following:

  • Transparency – ensuring data is accessible to the public to support open research
  • Up-to-date data management practices – implementing current tools and processes
  • Comprehensive audit trails and metadata documentation – maintaining accountability and traceability

By improving data transfer methods and aligning with these core principles, National Laboratories can enhance collaboration, uphold security standards and maximize the impact of their research.

Through a combination of strong data governance, cloud adoption, AI integration and cybersecurity automation, the National Laboratories remain committed to advancing innovation and IT excellence across the DOE ecosystem.

Through data management, cloud application, AI and cybersecurity automation, the National Laboratories maintain a comprehensive strategy to continually fulfill their mission of advancing IT knowledge and collaboration across the DOE.

To learn more about technologies featured at NLIT, visit Carahsoft’s artificial intelligence portfolio.

Securing Operational Technology with Cyber-Informed Engineering

Posted on by
Reply

Cyber-Informed Engineering (CIE) is an initiative by Idaho National Laboratory with funding from the Department of Energy (DOE). The goal of CIE is to secure physical operations through the combination of cybersecurity and engineering approaches. Today, engineering mitigations are used from time to time to address cyber risks but are used neither universally nor systematically. CIE recognizes the importance and necessity of using both engineering tools and conventional cybersecurity designs to secure operational technology (OT) networks.

Protecting Critical Infrastructure

Access to OT information in IT networks, very often through PI servers, is essential to many kinds of business automation, such as automatically ordering spare parts or scheduling maintenance crews. However, because all modern automation involves computers, as businesses continue to automate processes more targets for cyberattacks are created. In addition, data in motion is the lifeblood of modern automation, but all cyber-sabotage attacks on OT systems are information, and every connection between systems and IT/OT networks is an opportunity for attacks to spread. Thus, the more automation is deployed, the more opportunities are created to attack the ever-increasing number of targets. Cybersecurity is an issue that becomes steadily more pressing as businesses automate.

The IT/OT boundary, where PI servers tend to be deployed, is very often a consequence boundary. Worst-case consequences on the OT network are very often dramatically different and more severe than consequences on IT networks. Worst-case business consequences often include expensive incident response costs, such as businesses having to buy identity fraud insurance for customers whose information was leaked into the Internet. On the other hand, worst-case consequences for OT networks in a power plant or a high-speed passenger rail switching system often include threats to worker and public safety, or to the availability of critical infrastructure services to the nation. When worst-case OT consequences are unacceptable, engineering-grade protections must be deployed at the IT/OT interface to prevent worst-case scenarios from being realized.

Waterfall Security OT and Cyber-Informed Engineering Blog Embedded Image 2024

Conventional OT Security Programs

Using exclusively IT style mitigations to protect critical OT networks is often not enough—when public safety or critical infrastructures are at risk, it is not enough to hope that cyberattacks can be detected before they compromise critical infrastructure. It is not enough to hope that if detected in time, an incident response team can be assembled fast enough to prevent consequences. Engineering-grade designs are expected to reliably perform critical physical operations within a specified threat environment until the next scheduled opportunity to upgrade defenses, with a large margin for error.

The Threat Landscape

Remote-controlled attacks are the modern attack pattern used by hacktivists, ransomware criminals and nation-states. Modern remote-controlled attacks use social media research and clever phishing emails to trick potential victims into revealing passwords or opening malicious attachments. Once remote attackers gain a foothold in their target network, they control the compromised machine remotely, using it to attack other machines through layers of firewalls, including the IT/OT firewalls deployed to send OT data into PI servers to enable IT/OT integration. Attackers then repeat, spreading further until they reach essential OT systems or valuable information that a business would be willing to pay to recover.

‘Living off the land’ is another type of remote-controlled attack seen recently. After gaining a foothold in an IT network, attackers erase all hint of their presence, including any malware that was used to gain their foothold. Eventually compromising the IT domain controller, attackers create their own remote access and credentials. These new accounts look like a normal employee logging in; no alarms are raised as the attackers use normal operating system tools in their attacks, making them extremely difficult to detect.

Unbreachable Protection with Unidirectional Gateways

In the face of sophisticated remote-control attacks, safe integration of critical OT networks with PI servers and other business automations must involve network engineering. The most common approach to network engineering is to protect the IT/OT consequence boundary with a Unidirectional Gateway. The gateways are a combination of hardware and software; the software makes copies of PI and other OT servers from OT networks, while the hardware allows information to travel in only one direction, from the OT network out to the IT network. The gateways move OT data out to where the enterprise can use it while preventing any remote-control attacks or attack information getting back through into the OT network. Even if a deceived insider carries a piece of malware into an OT network and inadvertently activates it, that malware cannot connect out to the Internet through the gateway, much less receive any attack commands from the Internet.

Increasingly, critical infrastructures are expected to have OT networks that operate reliably and independently of the IT network, even when the IT network is compromised. A Unidirectional Gateway provides OT data to PI servers and other business automation, with no ability for malware, remote-control commands or other attack information to penetrate the gateway into operations. By eliminating the risks associated with firewalls at the IT/OT consequence boundary, industrial enterprises can be confident of the integrity of their OT systems, even in the face of the most sophisticated of modern, network-based attacks.

As Cyber-Informed Engineering emerges as the most important change in OT security in a decade, Waterfall Security’s Unidirectional Security Gateways, certified to be truly unidirectional, are leading the world in safe IT/OT and OT/cloud integration, even in the face of the most sophisticated of cyber threats. Watch our webinar “Cyber-Informed Engineering for OT Security and AVEVA PI Users” to see how Waterfall’s solutions enable safe IT/OT integration and protect safe and reliable physical operations, especially for AVEVA PI installations.