Medical Science DMZ

A Science DMZ is a portion of the network, built at or near the local network perimeter of an individual research institution, that is designed such that the equipment, configuration, and security poli- cies are optimized for high-performance workflows and large datasets.

Developed by ESnet engineers, the Science DMZ model addresses common network performance problems encountered at research institutions by creating an environment that is tailored to the needs of high performance science applications, including high-volume bulk data transfer, remote experiment control, and data visualization.

The Science DMZ architecture also maintains the security of the data through a number of distinct techniques, but does not employ commercial firewalls due to their negative impact on performance. As a result, the Science DMZ model is not currently employed in environments subject to the HIPAA Security Rule and HITECH requirements, due to the presumed technical controls based on de facto use of stateful and deep packet–inspecting commercial firewalls.

We have taken a central of tenet of the Science DMZ, and reengineered it for “restricted data” as a Medical Science DMZ. We have defined a Medical Science DMZ as a method or approach that allows data flows at scale while simultaneously addressing the HIPAA Security Rule and related regulations governing biomedical data and appropriately managing risk. We emphasize use cases that involve scientists transferring and processing medical research data that have very different requirements than those of medical centers communicating with suppliers, service providers, and employees. Our network design pattern addresses Big Data and can be implemented using a combination of physical, administrative, and technical safeguards.

Cite the Medical Science DMZ

Two versions of our Medical Science DMZ paper have been published in Journal of the American Medical Informatics Association (JAMIA) — a “brief communication” in JAMIA 23(6), November 2016, and a “full” version in JAMIA 25(3), March 2018. Citation information for the “full” version of our Medical Science DMZ paper – the canonical citation – is as follows:

Sean Peisert, Eli Dart, William K. Barnett, James Cuff, Robert L. Grossman, Edward Balas, Ari Berman, Anurag Shankar, and Brian Tierney, “The Medical Science DMZ: A Network Design Pattern for Data-Intensive Medical Science,” Journal of the American Medical Informatics Association (JAMIA), 26(3):267–274, March 1, 2018. DOI:10.1093/jamia/ocx104

	Author = {Sean Peisert and Eli Dart and Barnett, William K. and James Cuff and Grossman, Robert L. and Edward Balas and Ari Berman and Anurag Shankar and Brian Tierney},
	Journal = {Journal of the American Medical Informatics Association (JAMIA)},
	Month = {March 1},
	Number = {3},
	Pages = {267--274},
	Title = {{The Medical Science DMZ: A Network Design Pattern for Data-Intensive Medical Science}},
	Volume = {26},
	Year = {2018}}
Cybersecurity R&D for Science and Energy at the Berkeley Lab

My research interests include distributed robotics, mobile computing and programmable matter.