Earlier this month, teams working on the SKA Observatory (SKAO) - a multinational initiative building the world's largest radio telescopes in South Africa and Australia - gathered in the Netherlands in the village of Sint-Michielsgestel, near 's-Hertogenbosch (commonly known as Den Bosch) to collaborate, discuss, and plan the next steps of the project. Among the more pressing topics on the agenda was cybersecurity. 
 ​
In the wake of targeted cyberattacks on high-profile institutions like the European Southern Observatory and the British Library, it's clear that large scientific projects must take a proactive approach to securing their software. The SKAO has adopted a "defence in depth" approach: including security controls from the outset, in multiple layers, throughout all systems, even before the first observations begin. 

UK Astronomy Technology Centre software engineer Brendan McCollam hosted an "Authentication, Authorisation and Auditing" workshop for SKAO developers. Drawing on his experience building the Globus Auth identity and access management platform, he led a group of developers through a Simpsons-themed, hands-on exercise to help engineers introduce industry-standard OpenIDConnect/OAuth2 concepts to secure their applications. In the context of a small toy example – the grading system for Springfield Elementary – participants practised implementing authorisation restrictions, applying the principle of least privilege using "Roles", "Scopes", and group memberships to determine exactly who is allowed to do what. 
 
Around 50 engineers and stakeholders attended the workshop. Many of the topics raised during lively discussions will provide useful starting points for further work to strengthen the observatory's security posture as it prepares to accept observing proposals from astronomers and begin science operations​.