Cloud server an avenue for foreign nationals to use certain U.S. nuclear codes



Written by

A cloud-based server at a national lab allows researchers from across the globe access to computer codes that could help them design safer nuclear reactors, or safely transport nuclear material.

Opened for business in April of last year by the Radiation Safety Information Computational Center, the server allows its users to work on projects “in the interests of the U.S. government.” So far, only 80 people have access, but Timothy Valentine, director of the center, hopes that will soon expand.

The center is teaming up with Nuclear Energy Agency’s Data Bank to establish a training workshop in late fall or early winter for those who usually have limited access to the code, particularly Russian citizens.

U.S. regulations on nuclear exports normally prevent researchers or students from certain countries, like Russia, from accessing the code. Creating the cloud server allowed the government to give some people access in a secure, controlled way, Valentine said.

“Prior to developing the secure CLOUD server some individuals would have been denied access to the use of certain computer codes,” Valentine said in a statement. “With the secure cloud server, more people can utilize these codes.”

When standing up the server in 2014, Valentine and his team underwent a “quite involved” process to develop and test the server’s security plan, said Valentine, director of RSICC, which is housed at Oak Ridge National Laboratory.

As a security precaution, the cloud server is “its own island” at Oak Ridge, Valentine said, meaning it has no connections to the lab’s standard computing systems. And the server only allows users to upload ASCII text files. Users will be blocked from the system if they try to upload anything else, he said.

“Because this system is being opened up to foreign nationals from sensitive countries, we have to be very careful about the access protocols and how the system is firewalled off from all other systems at the laboratory,” Valentine said.

The RSICC cloud server is a private in-house cloud with a 24 teraflop computing capacity that can easily accommodate 100 to 200 simultaneous users, Valentine said.

The staff wants to eventually increase access to the server, but they also want to monitor how much their current users are accessing the system and evaluate if they need to increase the computer’s size, Valentine said.

When asked later about guarding against hacking, Valentine said in a statement that only executable versions — instead of source files — are available on the system, and “steps have been taken to ensure that the executables will not work on any other computing system should the computer be hacked.”

He added: “The system is routinely monitored for activity and approved and unauthorized persons can be tracked when attempting to access the system.”

The RSICC at Oak Ridge National Laboratory holds more than 2,000 nuclear technology-related software packages. The code in question is Monte Carlo N-Particle Transport Code, which can help engineers and scientists with a variety of work in the nuclear space, including developing safe fusion reactors, Valentine said, or helping with nuclear medicine.

The idea of putting MCNP and a few other codes on the cloud had been circulating for awhile, Valentine said, but he put pen to paper in 2013 and wrote a few white papers on the subject to the National Nuclear Security Administration. The project got funding in 2014.

“There was a lot of enthusiasm,” Valentine said to FedScoop, “because they could see how it could really prevent diversion of these codes when you really want to get people to use them, for nuclear safety in particular, but you don’t want them to be easily accessible to people who shouldn’t have it.”

Providing access — questions and opportunities

Citizens of countries such as Russia, India and China normally cannot get access to MCNP, but citizens from those countries and a few others who are working at U.S. national laboratories, universities or at businesses in the U.S., are currently eligible to use the RSICC secure cloud server, Valentine said.

But Edwin Lyman, senior scientist at the Union of Concerned Scientists, told FedScoop there has to be a high bar for allowing access in this way to ensure people do not exploit it for nefarious purposes.

“I’m a little skeptical that there’s really such a real demand out there, that there’s such a compelling reason that requires this kind of change in policy,” Lyman said. “I think it just raises more questions than answers in my mind.”

He said the less available the code is, the better. One concern is that people could come up with “creative” ways to use the code — like using it to design a core for an improvised nuclear explosive device.

The code is “not a complete nuclear weapon design tool,” Lyman said. “But there are calculations you can do that would be informative or would support that.”

Sara Pozzi, a nuclear engineering and radiological sciences professor at University of Michigan, cautioned that she is not sure why there is a perceived risk. She speculated that “in principle a code like MCNP can be used to determine the amount of mass and the shape of a critical assembly.”

In response to these concerns, Valentine said in a statement that “RSICC collects experimental and computational benchmarks that can be applied to shielding, radiation detection, medical and health physics. These have direct application to nuclear safety and health, but not to creating improvised nuclear devices.”

All users are informed that their input and output files are copied and retained, he noted, adding that “it is unlikely that someone would want to conduct illicit activities on a system in which all of the information can easily be reviewed.”

One benefit of having people access the code through a secure cloud server is getting to see how users are using the code in conjunction with other codes, Valentine said. Often researchers use more than one code, and compare the results against experimental observations, he said.

“As we expand the use of this cloud to other people, I’m fairly confident that there will be other really beneficial programs that come out of this,” Valentine said. “And when people use these codes, we learn a lot about how they use them, we learn about — are there new capabilities that we need to examine to include in the codes? And are there areas where the codes are far superior, or far inferior than other codes that people are using?”

The Russians, for example, have codes similar to MCNP, Valentine said.

It may seem surprising that collaborating with Russia would be in the U.S.’s interest, but both countries are members of the NEA. They also work together on nuclear nonproliferation efforts like the Plutonium Management and Disposition Agreement, in which both countries have agreed to each dispose of at least 34 metric tons of plutonium.

Receiving access to the MCNP would allow Russians to use the code for their applications which would typically include “reactor design, radiation protection and programs that they collaborate with other NEA member countries,” Valentine said. But to attend a NEA-hosted training program on codes like MCNP, you have to already have access to MCNP, he said.

“There’s some researchers at Russian institutes who do what we call nuclear criticality safety who would like to be able to use MCNP,” Valentine said. “But right now, given the restrictions of the distribution of MCNP, they’re not able to.”

Using the server — reactor design and dose modeling

Under collaboration with the Department of Energy, two Russians are using the cloud server to evaluate the dose effects of the 1986 Chernobyl nuclear disaster on people living in the area, Valentine said.

Some people in international collaborations have also been able to use the server to get access to the code, including several people working on a project called ITER — a multinational agreement, of which the U.S. is a part, to work together to build an experimental fusion reactor.

The design tool chosen for that project was MCNP, Valentine said.

ITER work had to be run on an “archaic” RSICC-run server that required users to send in jobs to someone in Oak Ridge to run the code for them — the users couldn’t run it themselves, Valentine said.

If there was an error, it would take much longer to solve the problem, Valentine said.

“What our cloud allows is them to directly access it so if they submit a job and they run it and get the error message quickly, then they know they’ve got something wrong and they can modify their input files and then re-execute the code,” Valentine said. “So it’s greatly enhanced the way that they can use the code.”

And for some foreign students studying nuclear engineering and nuclear science in the U.S., “the cloud provides an avenue by which they can actually use the code to further their education, while at the same time making sure that it’s secure and that there’s no diversion of the software itself,” he said.

Michigan professor Pozzi teaches a class about radiation shielding, and while she was unsure if any of her students had accessed the code in this way, she did tell FedScoop that some foreign nationals in her class had had trouble getting access to the code in the past.

“It would be very helpful to us if we could quickly get access to the foreign nationals in the class to be able to run this code,” Pozzi said.

As a replacement, she said some of those students have used an open source toolkit called Geant4, which often produces similar results. But the code’s runtimes are much longer than MCNP, Pozzi said.

Lyman at the Union of Concerned Scientists said the government should provide a more compelling reason for opening up access to a sensitive code like this.

“They really need to do a better job of specifying applications where access to this code really would make a dramatic difference in health and safety,” Lyman said. “I don’t think you know giving it to graduate students so they can fiddle around with advanced reactor design — I don’t think that’s a good reason.”

When asked about addressing concerns that the code might not dramatically improve health and safety, Valentine said in a statement: “Other codes have similar capability as MCNP, but many are not as validated as MCNP nor have the extensive computational abilities.”

He added that, “In general the use of MCNP allows researchers, engineers and designers to reduce excess conservatism in design work that would otherwise be required when using less sophisticated computational codes.”

-In this Story-

Cloud, Tech