To honour its 70 years of contributions to scientific knowledge, technological innovation and international collaboration, CERN has put together a rich and diverse programme, at CERN and across its Member States, Associate Member States and beyond. This programme includes exhibitions, the first of which can now be visited at Geneva Airport as part of a collaboration between the two organisations. Inaugurated on 2 May, the exhibition’s three components will occupy the wall leading to the security check before entering the departure lounge, the “Panorama” terrace and the international terminal until autumn 2024.

Find out more on the “CERN and its neighbours” website.

The NA64 experiment started operations at CERN’s SPS North Area in 2016. Its aim is to search for unknown particles from a hypothetical “dark sector”. For these searches, NA64 directs an electron beam onto a fixed target. Researchers then look for unknown dark sector particles produced by collisions between the beam’s electrons and the target’s atomic nuclei.

Recently, the NA64 team started using a muon beam from the SPS to search for new particles that interact predominantly with muons – heavier versions of the electron – and could explain simultaneously the long-standing puzzle of the muon’s anomalous magnetic moment and the dark-matter (DM) problem. Their first results were accepted in the journal Physical Review Letters on 8 April.

In this paper, the NA64 collaboration sets new limits on the available parameter space – the window where the researchers could find a hypothetical dark boson Z’ coupling only to muons and tauons for given values of its mass and coupling strength. In the so-called vanilla model, the Z’ can only decay back into neutrinos and could provide an explanation of the muon’s anomalous magnetic moment puzzle. However, in extended models, it can also decay into DM candidates. This would solve the DM problem by predicting the observed relic density of DM particles created in the early universe. With these results, the NA64 collaboration demonstrates the great potential of muon beams in dark matter searches and in future new physics scenarios preferably coupled to muons.

“Muons scattering off the nuclei in the target could produce a hypothetical dark boson Z’, followed by its invisible decay into either a pair of neutrinos or a pair of dark-matter candidates, depending on the underlying model,” explains the deputy Technical Coordinator Laura Molina Bueno. “The signature of this production would be missing energy and momentum in our detectors.”

To search for this, a 160 GeV tertiary muon beam derived from the primary SPS proton beam is fired onto an electromagnetic calorimeter acting as an active target. The experimentalists then search for events in which one final-state muon has a momentum lower than 80 GeV with no detectable activity in the downstream calorimeters.

As no event matching these conditions was observed in the expected signal region, the researchers were able to exclude this region and conclude that, for the first model, the only possible mass window for a dark boson Z’ to explain the g-2 muon anomaly is from 6 MeV up to 40 MeV. Their results also indicate that light thermal dark matter coupled to the standard model via a (Lmu-Ltau) Z’ cannot be heavier than 40 MeV.

NA64 is among the first experiments searching for dark sectors weakly coupled to muons. The experimentalists are confident that they will cover the available parameter space in the future by using higher beam intensities. “Using a muon beam opens a new window to explore other well-motivated new physics scenarios, such as benchmark dark-photon models, scalar portals, millicharged particles or lepton-flavour violating processes,” concludes NA64 co-Spokesperson Paolo Crivelli.

To all those fine folks out there who are interested in computer security, who take care of the secrecy of their passwords and other credentials, who protect their laptops and smartphone adequately with up-to-date operating systems and antivirus software, and who apply due diligence when developing and running their IT services and/or control systems, I would issue just two words:

THANK YOU!

Thank you for reading our articles. Thank you for showing an interest in privacy and security. Thank you for wanting to learn more about this. Thank you, because you are the generation who can get it right. Or better, as my generation of 1971 didn't screw everything up.

What’s gone before
Look, for example, at an ancient telephone – the one with a rotary dial. Back then, fear of being spied on was minimal, and only an issue if you annoyed your country. Today, we all carry small spying devices around that collect all our personal information and pass it on. Maybe not immediately to governments, but to big multinationals that make money from our personal data. The secrecy of the post has become WhatsApp, Threema, Signal and Telegram – each with their own privacy-preserving means (or not). With the cloud came the Wild West. Analogue cameras became Instagram and TikTok. Apple revolutionised our record and tape collection. CDs? Bah. MP3s? Not anymore. Linear television became Netflix, Amazon Prime and Disney+. Amazon and Google know much more about our shopping habits than the old neighbourhood shopkeeper ever did. And workout information now goes to Strava, Fitbit or the like. Mapping out the world. Our nicely cloaked private world has become frighteningly transparent and public. Orwell’s 1984 surveillance state at its best. At least there is a silver lining in the form of the European Union’s General Data Protection Regulation, which the big companies try to aggressively bend and small startups try to creatively circumvent.

Like with privacy, digitalisation over the past decades has tied our lives into symbiosis with technology. Physical security has become cybersecurity. Today, all the amenities of life are technology-supported. Depending where you are, this is the case to varying degrees. Consider electricity. In most of our countries, electricity is the One Ring that rules it all. No electricity, no cold food or (worse) medication. No electricity, no communication. No electricity, no fresh water, as water pumps need electricity. Similarly for fuelling stations. No electricity, no public transport. Going shopping? Erm, how did you pay last time? Of course, you might have some batteries left over, or a diesel generator. But in the long run? We live in symbiosis with a technology backbone. With electricity. With the control systems deployed for running this backbone. In the past, this backbone was threatened only by physical means – by conflicts. By nation states in an increasingly peaceful world. While we thought that those times were gone, our backbone is now much more susceptible to threats. No need for nation states anymore, when a small group of (state-sponsored) criminals can create havoc. Like the attacks on Saudi Aramco. Like Stuxnet against Iranian nuclear centrifuges. Like Russian hackers allegedly attacking Ukrainian infrastructure prior to the invasion of Crimea. Like the ransomware attacks against Maersk. Like the Conti ransomware group against anyone else on this planet. The COVID-19 pandemic and Russia’s war against Ukraine have shown how fragile our technological backbone has become, how inherently insecure it is and how easily it can be brought to a halt. Threats to this backbone won’t disappear.

And the future, the sunny world of clouds, requires even more backbone. More interconnectivity, more technology, more complexity. Ergo more vulnerabilities. And ergo more severe consequences. Self-driving cars talk to each other and to the traffic lights. Cities become smart. Cashless stores RFID your shopping basket and charge your credit card automatically. Your fridge orders missing items automagically, delivered by drone within 10 minutes. In this brave new Wild West, the genie is out of Pandora’s box. Our technological backbone needs reinforcement. The stupid internet of unsecure things needs improvement. The zillions of layers, virtual machines, containers, software interdependencies, agility, DevOps and just-in-time need experts to put the genie back in the bottle. To adapt technology such that it serves but does not burden. To bring security into every single layer by default. Making security an equal among other IT equals: functionality, usability, maintainability, availability and – security. While threats and threat actors will never give up (and will actually become more and more sophisticated), we need to counter the increasing number of vulnerabilities and keep the consequences of successful attacks at bay.

Now, enter you!
We will never have 100% secure systems – and those who promise this to you are either liars or salespeople or both. “Security will always be exactly as bad as it can possibly be while allowing everything to still function” (Nat Howard). Because we’re lazy and ignorant, because security is usually just a cost factor with limited benefits: security, convenience, cost – pick two. This makes security only as good as the weakest link in the chain of technology. This makes security a people problem. But this also makes security a problem that can be solved by people. You are the crucial generation. The first twists and turns towards a more privacy-preserving and secure future have started. Facebook and Google have been restrained from collecting data. WhatsApp becomes Threema or Signal. Security must again move into focus, joining the other —ities and reinforcing the CIA triangle: confidentiality (hush! for your personal life), integrity (your bank statement) and availability (giving you electricity when you need it). Actually, in industry this is instead the AIC triangle (availability: your supermarket; integrity: the soundness of the bridges you cross to get there; and confidentiality: Coca Cola’s secret recipe).

Since my generation failed to consistently, coherently, efficiently and effectively push those triangles through as it should have, the baton is now handed to you. Together, let’s break up the old mantra of “freedom, security, convenience – choose two” (Dan Geer) and see how we can still get all three deployed on an acceptable level. Open your mind to think secure and privacy-preserving. If you haven’t done so yet, learn how to prevent and protect, how to plan, design, develop and build secure and privacy-preserving applications, software and systems. How to operate systems in a secure and privacy-preserving fashion – finding weaknesses and vulnerabilities, detecting abuse and ensuring that sufficient log information is at hand, and using the magic means available to understand what happened if the evil bad has compromised your system: forensics, incident coordination and response.

In addition to the new round of WhiteHat and Zebra training sessions, which are coming up very soon, we’re happy to announce that dedicated online training courses on all security matters are now available to all of you at any time, with our thanks to the HR training team. The SecureFlag training platform provides hands-on courses, exercises and virtual environments for you to improve your skills in secure software development in your favourite programming language (demo video). Learn how to securely configure your systems, virtual machines and containers and how to securely operate your web and computing services. These new, dedicated courses are provided for your benefit and for the benefit of a secure organisation – to clean up the security and privacy mess. THANK YOU!

______

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.

CERN and the US government have released a joint statement concerning future planning for large research infrastructures, advanced scientific computing and open science. The Joint Statement of Intent was signed in Washington DC in April by CERN Director-General, Fabiola Gianotti, and Principal Deputy US Chief Technology Officer, Deirdre Mulligan, of the White House Office of Science and Technology (pictured).

Acknowledging their longstanding partnership in nuclear and particle physics, CERN and the US intend to enhance collaboration in planning activities for large-scale, resource-intensive facilities with the goal of providing a sustainable and responsible pathway for the peaceful use of future accelerator technologies.

Concerning the proposed Future Circular Collider, FCC-ee, which would collide electrons and positrons to produce copious quantities of Higgs bosons, the text states: “Should the CERN Member States determine the FCC-ee is likely to be CERN’s next world-leading research facility following the high-luminosity Large Hadron Collider, the United States intends to collaborate on its construction and physics exploitation, subject to appropriate domestic approvals.” A technical and financial feasibility study for the proposed FCC is due to be completed in March 2025.

CERN and the US also intend to discuss potential collaboration on pilot projects to incorporate new analytics techniques and tools such as AI into particle physics research at scale and affirm their collective mission “to take swift strategic action that leads to accelerating widespread adoption of equitable open research, science, and scholarship throughout the world”.

In December 2023, the high-energy physics advisory panel to the US Department of Energy and the National Science Foundation released a 10-year strategic plan for US particle physics. Meanwhile, the next update of the European Strategy for Particle Physics, which is formed through a broad consultation of the particle physics community in Europe and beyond, is about to get under way. The CERN Council has set the deadline for submitting written input for the next Strategy update at 31 March 2025, with a view to concluding the process in June 2026. The final report of the FCC Feasibility Study will be a key component of that input.