Recommendations of the

South Pole User's Committee


This memorandum summarizes the recommendations of the South Pole User's Committee (SPUC) for 2001. The topics on which these recommendations are based were discussed at the annual meeting on 25 and 26 June 2001; the minutes for that meeting are available as a separate document from Raytheon Polar Services (RPSC). The present memorandum was begun in executive session at that meeting and refined by committee members through email correspondence; it will be distributed in both email and paper form.

(1) Internet Security at South Pole--- The RPSC plan for consolidation and reorganization of internet communications to the Pole is a laudable realization of past committee recommendations that packet filtering be implemented for all TCP/IP communications to the Pole. This plan allows RPSC to assert essentially complete control over internet communications to the Pole. Scientists working at South Pole are concerned that this control could be implemented in a way which is detrimental to scientific activity. In the past, science computers at the Pole have had unimpeded internet connectivity, and science groups have relied on this capability in the design of their systems. Some machines---those used for access to the World-Wide-Web using internet browsers---must still have full internet access for solicited incoming packets. This includes the use of "anonymous ftp" connections to remote machines. The World Wide Web has become an indispensable tool for accessing scientific and engineering information, and it is essential that this use not be disrupted for security reasons. Other machines---those used for real-time data acquisition and control---are best protected by severely restricting incoming packets by source and type. The policies for packet filtering and port blocking on science computers should be determined in consultation with each science group. RPSC might suggest a standard, default setting for communications to and from science machines, and the RPSC system should implement the security policies requested by each science group in a timely manner. The internet infrastructure must be capable of supporting a heterogeneous mix of machines and protocols. In particular, Appletalk must be supported. DHCP connections should be supported for science machines. Permanent IP addresses should also be supported for machines needing them, such as real-time data acquisition computers.

Two internet protocols requiring special security treatment are "telnet" and "ftp", because use of these protocols can involve the transmission of clear-text (non-encrypted) passwords over the internet, where they are subject to interception and abuse. The use of "telnet" and "ftp" server applications at the South Pole should be phased out, in favor of their "ssh" (secure shell) replacements, and RPSC should implement this policy by packet filtering. On most computer systems, secure shell ("ssh") protocols can be used to replace all "ftp" and "telnet" applications. Secure shell encrypts all critical internet communications, and provides facilities for enhanced user and computer identity authentication using public key cryptography and certificates. There are, unfortunately, computer systems critical to some science projects which use "telnet" and "ftp" and cannot be readily upgraded to use "ssh". In order to facilitate the phaseout of "telnet" at the pole, the committee recommends that RPSC make available accounts for grantees on South Pole machines which can be accessed with "ssh". Grantees can then login to those RPSC South Pole machines using "ssh" and then use "telnet" or "ftp" to access their project machines. This restricts the transmission of clear-text passwords to the local South Pole network, and will allow shutting off of all "telnet"-protocol and "ftp"-server packets between the Pole and the outside world.

The committee recommends that RPSC implement public-key and certificate server machines at the Pole, and make them available to grantees as an optional service. This will encourage the use of public-key authentication protocols among South Pole computers. The use of this resource should be voluntary.

(2) Qualification of new computers--- RPSC should develop and publish on the RPSC website a definitive set of requirements for allowing network access to grantee computers. Demonstration of working virus protection software is a reasonable and prudent requirement. Placing restrictions on science machines in the form of the required presence or absence of particular software is, however, an impediment to scientific productivity. In order to conduct scientific research at the Pole, scientists must be able to bring their own machines to Pole, connect those machines to the network in a timely manner, maintain administrative (root) control of those machines, and run programs of their own devising under any operating system. Any attempt to protect the network from hypothetical attack through inspection of the disk contents of science computers is ineffective against all but the most incompetent guilty. It can safely be assumed that grantee scientists will not deliberately damage the computer network. The committee notes that implementation of public key and certificate servers at the Pole, as recommended above, will facilitate the authentication of new computers and computer users.

(3) Full-time, high-priority email--- Many science projects would benefit from the ability to exchange short email messages with Pole at any time of the day, even when the satellites which normally carry internet traffic are not available. This is especially important for experiments which monitor transient events such as earthquakes and supernovae, but most experiments would benefit from reduced delay times for email correspondence. The committee recommends that RPSC implement this capability using the "Iridium" satellite network, and suggests that a priority mechanism be put in place so that the occasional top priority message is guaranteed a delivery delay of no more than one second.

(4) The need for TDRS-3 --- The current suite of communications satellites, TDRS-1, MARISAT-2, and GOES-3, are capable of fulfilling the current science communications needs of South Pole Station. TDRS-1, however, is in fragile operating condtion, and may become unavailable at any time. The loss of TDRS-1 would be a significant detrement to South Pole science. Furthermore, it is likely that science communications needs over the next decade will expand to 20 Gigabyes per day, more than twice the current capacity. The committee therefore strongly supports and endorses initiatives to obtain additional satellite communications capacity. The most promising potential addition is TDRS-3, with a capacity of over 40 Gigabytes per day.

(5) Wireless Internet at Pole--- Wireless communications, especially wireless internet, are becoming inexpensive, reliable, and easy to use. These systems have great potential utility for many science experiments at the Pole. It must be remembered, however, that the South Pole is one of the world's preeminent radio observatories for astronomy and ionospheric research, and that all radio transmissions are therefore a potential threat to science which is not easy to assess or ameliorate. The committee suggests that wireless internet be restricted to summer-only scientific use. Wireless internet is useful mostly in the summer, when station activity expands to temporary, remote work areas. Many critical radio observations are made in the winter. During the winter, radio silence should be enforced, consistent with health and safety, and wireless internet should be shut down.

(6) Overland traverse of cargo from McMurdo--- The committee supports development of a capability for overland traverse of cargo from McMurdo station by tractor train. Overland traverses would greatly expand the potential scope of scientific activity at the Pole and would have no negative effects on any current South Pole science.

(7) Liquid Helium transport to experiments--- Recent improvements to Liquid Helium storage facilities have dramatically improved the dependability of the station's Liquid Helium supply. The new cryogenics facility being developed as part of SPSM will further reduce single points of failure. The committee recommends that RPSC now consider the problem of delivery of Liquid Helium from the storage facility to the experiments which use it. It is important that delivery of Liquid Helium to the experiments be possible almost all the time during the winter. Otherwise, it is likely that experiments will shut down during the best and coldest weather conditions for lack of a method to transport Liquid Helium from the storage facility to the experiments.

(8) South Pole Science Support during South Pole Station Modernization (SPSM) and South Pole Safety and Environmental modifications (SPSE)--- Science support during the construction of the new South Pole Station has been a primary concern of the committee. The scientific community appreciates the efforts make by RPSC and NSF to continue science support during SPSM. Science cargo has done an excellent job in both speed and reliability. The summer population limits continue to be tight and have resulted in the cancellation or postponement of some science activities.

Respectfully submitted for the committee,

Dr. Antony A. Stark
SAO Mail Stop 12
60 Garden St.
Cambridge, MA 02138
tel: 617-496-7648
FAX: 617-384-7830