“What keeps the lights on in the world of high-performance computing?” This question, posed by Dr. Margaret Salazar of the National Institute of Standards and Technology (NIST), reverberated through the halls of the 5th High-Performance Computing Security Workshop. It’s a dilemma at the crossroads of innovation and vulnerability. High-performance computing (HPC) systems, the linchpins behind breakthroughs in fields ranging from climate modeling to pharmaceutical development, are growing increasingly complex—and so are the threats against them.
HPC systems underpin not just scientific discovery but also economic competitiveness. Their security, therefore, is not a luxury but an imperative. The NIST HPC Security Working Group (WG) convened leading experts from government, academia, and industry to share insights on safeguarding these critical infrastructures. This gathering underscored the evolving security challenges HPC faces and illuminated paths forward.

Historically, HPC environments prioritized performance and scalability, often at the expense of security. The rapid expansion of computational power has introduced a proliferation of attack surfaces. As Dr. Salazar noted, “Security in HPC cannot be an afterthought; it must be integrated from architecture to operation.” This paradigm shift acknowledges that adversaries, be they nation-states or cybercriminals, view HPC centers as high-value targets—not just for data theft but also for disruption and espionage.
The workshop highlighted several pressing issues. Among them:
/ The complexity of HPC architectures, combining heterogeneous hardware and software components, which complicates traditional security measures
/ The difficulty in applying conventional cybersecurity frameworks designed for standard IT environments to the unique HPC landscape
/ Insider threats and supply chain vulnerabilities as persistent concerns, particularly given the sensitivity of research and proprietary information housed in HPC systems
/ The challenge of balancing performance optimization with robust security controls, as security mechanisms often introduce latency or resource overheads
From a technologist’s perspective, these challenges demand novel approaches. For instance, Dr. Jian Liu of Oak Ridge National Laboratory emphasized the need for adaptive security models that leverage artificial intelligence and machine learning to detect anomalous behavior without impeding computational efficiency. “Static defenses won’t keep pace with dynamic threats,” he asserted.
Policy experts at the workshop underscored the importance of establishing clear guidelines and standards. They advocate for collaboration across sectors to harmonize security protocols. As Sophia Martinez, a cybersecurity policy analyst with the Department of Energy, pointed out, “The HPC community must unite around shared best practices to build resilience that transcends individual institutions.”
Users of HPC systems, ranging from academic researchers to commercial entities, face their own set of dilemmas. Many lack cybersecurity expertise, making them vulnerable to social engineering attacks or misconfigurations. The workshop stressed the critical role of education and user awareness programs as part of a holistic security posture.
Adversaries, meanwhile, are growing bolder. The report from the workshop’s threat intelligence panel outlined the increased sophistication of attacks, including supply chain compromises and exploitation of zero-day vulnerabilities in HPC-specific software stacks. The consequences of successful breaches are profound: intellectual property loss, erosion of public trust, and potential national security implications.
Why does this matter beyond the HPC community? Because high-performance computing drives innovation that touches every facet of modern life—from weather prediction that saves lives to drug discovery that improves health outcomes. A compromise in HPC security could cascade into disruptions across industries and governments. The interconnected nature of these systems means that a breach in one facility could have ripple effects globally.
As the workshop concluded, a resonant theme emerged: security in HPC is a collective responsibility that demands vigilance, innovation, and cooperation. The stakes are high, but so is the potential for progress when security and performance are not in opposition but rather in partnership.
In an era where computational power defines competitive advantage, one must ask—can we afford to treat HPC security as anything less than foundational? The answer, as the experts gathered at the 5th HPC Security Workshop made abundantly clear, is a resounding no.




