Medical Science DMZ

We have defined a Medical Science DMZ as a method that allows data flows at scale while simultaneously addressing the HIPAA Security Rule and related regulations governing biomedical data and appropriately managing risk.

Detecting Distributed Denial of Service Attacks on Wide-Area Networks

This project develops techniques for detecting DDoS attacks and disambiguating them from large-scale science flows. It is funded by the DOE iJC3 Cyber R&D program and is led by [Sean Peisert](

Toward a Hardware/Software Co-Design Framework for Ensuring the Integrity of Exascale Scientific Data

This project takes a broad look at several aspects of security and scientific integrity issues in HPC systems. It is funded by DOE ASCR and is led by [Sean Peisert](

An Automated, Disruption Tolerant Key Management System for the Power Grid

This project is designing and developing a key management system to meet the unique requirements of electrical power distribution systems. It is funded by DOE OE's CEDS program and is led by [Sean Peisert](

Host and Network Resilience

This project focused on mapping and analyzing the qualities of resilient networks by investigating components of redundancy, diversity, quality of service, etc... The project's goal is to be able to quantify and compare the resilience of networks in a scientifically meaningful way. This project was led at LBNL by [Sean Peisert](

Symbiosis in Byzantine Fault Tolerance and Intrusion Detection

This project was funded by NSF's SaTC program, and was co-led by [Sean Peisert]( The theme of this effort was to integrate Byzantine fault-tolerance (BFT) into intrusion detection systems (IDS), at both the fundamental and system levels, thereby improving both BFT and IDS. potential to improve BFT.

NetSage - an open privacy-aware network measurement, analysis, and visualization service

NetSage is a network measurement, analysis and visualization service funded by the National Science Foundation and is designed to address the needs of today's international networks. This project is co-led by [Sean Peisert]( at LBNL.

Cyber Security of Power Distribution Systems by Detecting Differences Between Real-time Micro-Synchrophasor Measurements and Cyber-Reported SCADA

This project is using micro-PMU measurements and SCADA commands to develop a system to detect cyberattacks against the power distribution grid. It is funded by DOE OE's CEDS program and is led by [Sean Peisert](

The Hive Mind: Applying a Distributed Security Sensor Network to GENI.

This project sought to define and prototype a security layer using a method of intrusion detection based on mobile agents and swarm intelligence. The project was funded by NSF's CISE Directorate, and was led by [Sean Peisert](

Application of Cyber Security Techniques in the Protection of Efficient Cyber-Physical Energy Generation Systems

The goal of this project was to design and implement a measurement network, which can detect and report the resultant impact of cyber security attacks on the distribution system network. It was funded by DOE OE's CEDS program and was co-led by [Chuck McParland]( and [Sean Peisert](

A Mathematical and Data-Driven Approach to Intrusion Detection for High-Performance Computing

This project developed mathematical and statistical techniques to analyze the secure access and use of high-performance computer systems. It was funded by DOE ASCR and was originally led by David H. Bailey.

I3P Data Sanitization

This project looked at defining means for understanding what data can be sanitized, and how. At LBNL, this project was led by [Sean Peisert]( and was funded by the Institute for Information Infrastructure Protection (I3P).