How secure is the SEAL lab?

How secure is SEAL?

There are always risks with making data available on computers, but SEAL makes data security its top priority. New threats are regularly assessed and protocols adapted to ensure very high levels of security.

SEAL effectively addresses both external attack (e.g. hackers) and internal errors (e.g., mistaken releases of data or compromising of security). Security is implemented through hardware/software controls, and administrative controls. We maintain a detailed security plan for the SEAL Lab that is available to data providers needing to verify our security plan.

Some elements of the security plan include:

User screening
Access and CCTV controls
Results release vetting requirements
Secure data import and deletion controls
Physical controls such as cabling requirements, connectivity controls and access authorization.
Software controls including multi-factor authentication, firewalls, password management and group policy controls.
Administrative controls include validation of user authorization to conduct research and implementation of data sharing agreements.

The major threat highlighted in the media is of coordinated external attack.

Given that SEAL is not connected to the internet, we have effectively minimized this threat. That allows us to focus on every day security risks – a researcher capturing a screenshot with their phone, or letting an unauthorized person into the lab to show them something.

We manage these threats through user agreements and clear communication. It is in the interest of everyone involved with SEAL that it remain secure, and so we actively educate researchers about common shortcuts or habits that put security at risk.

We have gone to great lengths to invest in technologies and processes that protect from external security threats. We also act as a community to address those elements of security that cannot be solved technologically.