Skip to main content

The new protocols will enable researchers to process protected data at scale

The National Center for Computational Sciences (NCCS) at the US Department of Energy’s (DOE’s) Oak Ridge National Laboratory (ORNL) has unveiled CITADEL, a new framework of security protocols that will enable researchers to harness the NCCS’s supercomputers for open-science projects using protected data

Although ORNL has a long history of conducting computational analysis on “open-research” data, which is typically easy to publish and disseminate, CITADEL will implement new security controls for handling large datasets that include private information. For example, this new capability will provide unprecedented levels of high-performance computing (HPC) power for research projects in the health care field, which requires patient privacy protection under the Health Insurance Portability and Accountability Act (HIPAA).

The CITADEL framework allows protected health information (PHI), personally identifiable information (PII), data protected under International Traffic in Arms Regulations, and other types of data that require privacy to be securely used on the Summit supercomputer, the upcoming Frontier exascale system, and other systems managed by the Oak Ridge Leadership Computing Facility (OLCF), a DOE Office of Science User Facility at ORNL.

The elevated security was implemented by the Scalable Protected Infrastructure (SPI) team within the NCCS with assistance from ORNL Risk Management and ORNL’s Information Technology Services Division (ITSD). The team began building from a prototype framework originally developed by Edmon Begoli, previous director of the Scalable Protected Data Facilities (SPDF) at NCCS, to enable the large-scale analysis of PHI data from the US Department of Veterans Affairs’ (VA’s) Million Veteran Program. The SPI team refined the prototype and extended the CITADEL capability to accommodate diverse programs and sponsors. The SPI team includes members from several different groups—including HPC Cybersecurity and Information Engineering, HPC Scalable Systems, SPDF, and ITSD—and is led by J. “Robert” Michael, the NCCS’s chief data architect.

“If you’re coming to ORNL, you hope that you’re going to be able to use these large supercomputers that are the best in the world. And so the question is: How do we allow people with highly protected data to leverage this vital resource in a way that’s compliant with the Federal Information Security Management Act?” Michael said. “With CITADEL, we’re utilizing an encrypted parallel file system that improves both performance and security, ensuring that we’re doing this in compliance with all of the regulations that are in place to protect this data.”

CITADEL’s security improvements aren’t just technical—new administrative protocols were also established for handling private data. Although ORNL already adheres to the National Institute of Standards and Technology’s security and privacy controls for moderate Official Use Only data, the SPI team developed extra precautions to manage private data such that it cannot be accessed by other researchers or used by other projects. For example, HIPAA-protected data for a project sponsored by the VA will be kept absolutely separate from HIPAA-protected data for a projected sponsored by the Centers for Medicare and Medicaid Services (CMS).

“The challenge with health data is that to do anything with it, you have huge privacy concerns,” said Jeremy Cohen, a program manager for the VA and CMS at SPDF. “So if you’re going to house this data, you have to treat the system as you would a secure environment in terms of the securities and policies that are wrapped around it—who gets access to the data, what they do with the data, and what can and cannot be moved out of that environment.”

With its new level of security for private data, CITADEL will present many new possibilities for research projects that previously could not access Summit, the nation’s most powerful and smartest scientific supercomputer. For example, using medical records that include handwritten doctor’s notes were problematic before CITADEL; although names and addresses could be automatically stripped out of structured medical records, freeform notes were not as simple.

“When you start talking about notes, where a physician has gone in and just written information, there aren’t really tools out there that reliably and with a high degree of confidence strip out identifying data,” Cohen said. “So that has been a limiting factor on where notes data can be used. It has to be kept in the environment. Now, having this capability to use CITADEL and burst out to Summit is huge because it opens up that resource for the first time ever to identifiable health data.”

Kevin Kerr, chief information security officer for ORNL’s ITSD, advised the SPI team in scoping out potential security issues. He also serves as ITSD’s risk manager.

“I watch what’s going on in the world, and while I may not know every risk or threat that’s out there, I can say, ‘Because you’re doing this, here’s some things that we need to think about,’” Kerr said. As a result, Kerr and his team consider many what-if scenarios.

The ITSD is responsible for ensuring ORNL’s compliance with all federal regulations and orders, so Kerr was ultimately responsible for vetting CITADEL’s proposed security processes. After months of evaluation within the current federal approval—as well as having the system tested by a “red team” of security professionals—Kerr approved the enhancements and the use of CITADEL on ORNL computers. CITADEL has also undergone comprehensive technical-, legal-, and policy-oriented reviews and received third-party accreditation.

UT-Battelle LLC manages Oak Ridge National Laboratory for DOE’s Office of Science, the single largest supporter of basic research in the physical sciences in the United States. DOE’s Office of Science is working to address some of the most pressing challenges of our time. For more information, visit

Coury Turczyn

Coury Turczyn writes communications content for the Oak Ridge Leadership Computing Facility (OLCF). He has worked in different communications fields over the years, though much of his career has been devoted to local journalism. He helped create Knoxville’s alternative news weekly, Metro Pulse, in 1991 and served as its managing editor for nine years; he returned to the paper in 2006 as its editor-in-chief, until its closure in 2014. Several months later, he and two other former Metro Pulse editors dared to start a new weekly paper, the Knoxville Mercury, based on a hybrid nonprofit ownership model. In between his journalism stints, Coury worked as a web content editor for, the G4 cable TV network, and