artistic title image
Home | All News Posts

Security Efforts at Helmholtz

Authors:

Picture of Voloshina, Irina  Voloshina, Irina

Posted on:

Fri., 21 Nov. 2025

Categories:

News

Tags:

Cybersecurity HIFIS Backbone

AI Assistance: None

Cybersecurity: the Why, the What, and the How

The Why

It’s probably hard to find someone who would deny, wholeheartedly, the need to have security measures in digital infrastructure. Cyber crime is on the rise, malware crawls through networks, and security incidents can paralyze operations for days, weeks, months. But what does security really mean?

The What

Firewalls, MFA, network segmentation… Solving the “low-hanging fruit” of known issues works as the first effort, to mitigate the most obvious threats - and yes, MFA, love it or hate it, eliminates a significant range of attacks.

The core “What”, however, is more than one “what”:

  • Objectives: “What does being secure mean in the context of our center / Helmholtz?”
  • Measurable results: “What benchmarks need to be achieved to reach objectives?”
  • Assets: “What are we protecting?”
  • Threats / Risks: “What (who) are we protecting it from?” When we answer these questions, we can start plotting the…

The How

The How is, compared to The What, simple and straightforward. “How can we reach the objectives?” This is where hands start itching for setting up firewalls, network access lists, and one more MFA on top. “How can we reach the objectives with consideration to assets and risks?” - which means that when implementing security measures, we need to know which measures make sense in our environment - and how can we make sure that they actually work.

So?

Helmholtz centers are unique, independent, specialized research institutions. While the research areas may vary, the need for adequate level of security is the same - and this is why, when it comes to cybersecurity, we should join forces on the strategic level. Security in the modern world is not a luxury - it is one of the pillars for ensuring continuity of the research, and its importance should be recognized on the appropriate level.

What’s Going On Now

  • A discussion has started with the Helmholtz Cyber Security working group, on topic of creating a unified cybersecurity strategy for Helmholtz centers. This strategy, among other things, would define the minimal security baseline to be implemented by all centers. This baseline is a high-level objective (aka The What), and its implementation (aka The How) would remain at the discretion of each Helmholtz center.
  • Strengthening collaboration between the Helmholtz Cyber Security working group and HIFIS team. The discussion about implementing a knowledge base service on Helmholtz Cloud has started, with centers being eager to share their own resources to aid others.
  • Engaging more participants from Helmholtz centers to collaborate on security-related initiatives. Both HIFIS and non-HIFIS folks are expressing interest in joining in - given lack of dedicated security people in some centers, their expertise can prove crucial in bringing everyone’s security level up to speed.

Want To Stay Informed?

Drop an email to our HIFIS Support if you want to stay tuned on the latest developments in security-related topics, or reach out on Mattermost. Just say “I want to be added to the list” and get access to the not-so-secret knowledge and a chance to chime in on the ongoing discussions.

- How did the hacker escape from the police? - He ransomware.