Cloud computing has burst recently into technology and business scene promising great technical and economic advantages, like offering On-demand provisioning of computer services, improved flexibility and scalability as well as reducing costs. Another attractive point of the cloud is its ability to enable a mobile workforce, which brings enhanced flexibility and efficiency. But cloud computing systems also provide attackers with new opportunities and can amplify the ability of the attacker to compromise the computing infrastructure.
Defense Department senior leaders have directed DoD to adopt cloud computing to support the warfighter, a direction that will become a pillar of the department’s strength and security, officials said. Navy Rear Adm. Nancy A. Norton, DISA’s vice director, said the cloud will simplify and provide flexibility to the way DoD works with information that’s secure, rather than having many servers scattered around the globe for every command. The February 2011 Federal Cloud Computing Strategy released by the U.S. Chief Information Officer reinforces the United States Government’s plans to move information technology away from traditional workstations and toward cloud computing environments.
However Military has concerns about security of the cloud. There is a high degree of implicit trust between the computational nodes within a cloud or a distributed computing infrastructure, which allows malware to propagate rapidly once it is within the enclave, says DARPA. Cloud computing infrastructures, in particular, tightly integrate large numbers of hosts using high speed interconnection fabrics that can serve to propagate attacks even more rapidly than conventional networked systems. Today’s hosts, of course, are highly vulnerable, but even if the hosts within a cloud are reasonably secure, any residual vulnerability in the hosts will be amplified dramatically.
The Military has stringent security requirements, hence calls for development of Secure Cloud Services with stringent compliance and security measures like, Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP) and Federal Information Processing Standards (FIPS). The trend is to focus on developing private clouds, so as not to compromise on national security from inside and outside threats, and be more reliable to handle mission critical workloads. IDC reports predicts that by FY 2014 U.S. Federal government spending on private cloud will be $1.7 billion vs. just $118.3 million on a public cloud.
Cyber security and Information Assurance Research and Development (CSIA) is one of the priority areas of Federal Government’s multi-agency Networking and Information Technology Research and Development (NITRD) Program. DoD agencies have added a fifth element to CSIA Strategic Plan called “Assuring the Mission.” This program element focuses on developing technologies to be aware of missions and threats, compute optimal assurance solutions, and implement protection as needed via mission agility or infrastructure reinforcement.
DARPA believes that we must not only address host vulnerabilities but must also pursue clean‐ slate approaches to the design of networked computations and cloud‐computing infrastructures. Since 2011 DARPA’s Mission-oriented Resilient Clouds (MRC) program has been working to research and develop methods to increase the security and reliability of the cloud.
The program indicates a shift in the way DOD is approaching cloud security, said Bryan Ward, cloud computing practice director at Serco, a military technical services provider that’s considering an MRC bid. “Most of the cloud tools that are out there are one-off manifestations of traditional tools that focus on the physical infrastructure,” he said. “Standards bodies and research organizations…are all recognizing that a lot of these tools need to be revamped to look at the virtual network that’s created by the cloud.” Ward said he thinks that MRC’s approach is designed to get researchers thinking about cloud security in different and novel ways. “They want people to think out of the box,” he said.
But Ron Ritchey, a cloud security principal at Booz Allen Hamilton, a firm based in McLean, Va., that provides technology consulting services to DOD and other government agencies, noted that as DARPA explores the thin forward edge of cloud security, it needs to be careful that any new technologies it cultivates don’t cause inadvertent harm.
IDST Monthly Access Membership Required
You must be a IDST Monthly Access member to access this content.