The Isolated Secure Laboratory Environment allows a wide range of operating systems, configurations, software and instruments to be joined onto a highly secure autonomous network.
Because their operating systems and configurations often don’t meet federal security mandates, laboratory instruments and computers cannot typically connect to the Centers for Disease Control and Prevention’s Business Network, stymieing data access, sharing and storage. CDC’s Isolated Secure Laboratory Environment is changing that.
CDC's Isolated Secure Laboratory Environment
Centers for Disease Control and Prevention
ISLE has standardized firewall rules that allow for lab equipment to connect and access to limited CDC network resources. Connections can be expanded to include non-standardized ISLE configurations with review and assistance from CDC data network and IT security teams.
“ISLE is a completely dedicated autonomous network that runs parallel to CDC’s existing Business Network,” said Charles Avery, chief of the Program Services Branch within the CIO’s Office. “This network will have the core services of any network, such as DNS and [dynamic host configuration protocol], but it also brings in modern technology that otherwise would not be available to offline computers, such as exploratory data analysis and visualization.”
Additionally, ISLE allows for cloud and blockchain applications that move data securely and for an environmental-quality management system that can centralize the temperature monitoring of deep freezers that store specimens, for example. Also, maintenance and quality-of-service auditing of the lab equipment can be conducted by remote vendors that log in to make fixes in real time.
Until now, lab equipment and computers ran in offline mode, which was a challenge to researchers, Avery said, adding that data movement often happened via biometric thumb drives. “It doesn’t allow for the easy transport and analysis of data as well as leveraging the new, cutting-edge technologies such as cloud and [Microsoft Office] 365 and blockchain and internet of things,” he said. “ISLE actually solves all of these problems by allowing a wide range of nonstandard operating systems, configurations, software and instruments to be joined onto a highly secure autonomous network while still allowing the labs to leverage modern technology and meet the federal security guidelines.”
Each of CDC’s 200-plus labs has its own objectives, and it’s not unusual for half the lab equipment to be on the Business Network and the other half offline. ISLE moves all of it onto the same autonomous network and applies security controls to allow for the movement of data.
“When a computer is joined to the ISLE, it is given a specific security profile that defines the baseline services that that specific computer is allowed to do,” Avery said. “By default, all computers are fairly locked down, and you cannot access the internet at all or send email, but you can store data to a secure network share. This network file share can then be accessed by both the lab computers on the ISLE and also the standard, non-lab computers outside of the labs. That simple change is huge for the lab scientists that are trying to constantly capture, analyze and review data, and you couldn’t do that without having the computers networked in some manner.”
CDC instituted a central lab IT point of contact that facilitates ISLE connection requests, troubleshoots and maintains lab network, equipment and user information.
In August 2018, the Laboratory IT Tiger Team was formed to focus on standardizing and optimizing lab-specific IT support models and processes overall. ISLE was one project to come out of that initiative.
To date, CDC has moved all the labs – about 770 computers and pieces of equipment – on its Chamblee, Ga., campus onto ISLE, and the feedback from lab workers has been favorable, said Wendi Kuhnert, senior advisor for laboratory science to the deputy director for infectious diseases at CDC and a Tiger Team co-lead.
The department is now working to connect the labs at its Atlanta headquarters to ISLE – work that will continue into 2022. After that, it will move on to other domestic labs before connecting international ones, likely in 2023, Avery said. CDC has more than 200 labs in total.
Concurrent with the rollouts will be efforts to expand ISLE services to bring in new technology and more capabilities, he added.
“Especially with sequencing and where we are with our ability to collect data, we need the same capacity to analyze and move and share our data in a secure way,” Kuhnert said. “As data gets bigger and bigger, this has become much more important. That’s definitely a benefit we’re already seeing and will continue to see as we move forward.”