The dangers of the Pentagon's cloud


The Pentagon has bought into the cloud computing concept and is in the process of consolidating its servers and networks to adapt to it. Moving the military onto the cloud makes sense to Defense Department leaders for two reasons: cost and agility.

Generals claim the transition to the cloud will provide a needed third capability, security. Cyber analysts, however, are not completely sold.

The Defense Department unveiled its Cloud Computing Strategy in July with its plans to move the military "from the current state of a duplicative, cumbersome, and costly set of application silos to an end state which is an agile, secure, and cost effective service environment that can rapidly respond to changing mission needs," according to the strategy document.

In basic terms, the Pentagon's current computer system has dedicated hardware and servers for every computer system. Under the new system, or the cloud, contractors will deliver software that is installed on the cloud or infrastructure service provider (ISP) where it runs on processing power in a consolidated data center.

Ian Malloy is the CEO for Malloy Labs. He is working to stand up cyber security operations in order to combat cyber threats such as Flame, Stuxnet, and Gauss. Mallow understands why the Pentagon is hoping to save money by moving to the Cloud, but he worries the Pentagon is setting itself up for a catastrophic failure from a cyber attack.

"The cloud infrastructure is virtually leaving little to protect full loss of data should the proper attack be performed," Malloy said.

He worries that computer engineers have not had enough time to explore the cloud concept and the potential vulnerabilities before transferring the Defense Department's massive infrastructure onto it.

"Though they espouse advancements in cloud security funding to initialize and begin the process of transferring operationally sensitive systems to a new realm they forget how young and insecure the cloud is," Malloy said.

Outages seen with Amazon Web Service's Public Cloud has made other cyber security analysts leery of the potential risks of moving large agencies onto the Cloud.

Kevin Williams works on the B-1 program for Boeing on systems engineering integration. He worries the cloud will not allow for enough redundancy and leave the Defense Department exposed by putting "too many eggs into one basket." The Pentagon must be sure to diversify their cloud computing sources, he said.

"Most cloud providers will offer different types of redundancy within their architecture as optional features," he said. "However, this redundancy is still contained within a single system – never put all of your eggs in the same basket.  By diversifying your cloud computing sources, you reduce your exposure to a catastrophic cascading failure from a single cloud provider."

Protecting infrastructure from cascading failure requires the additional investment in "automatic failover." This is an expensive addition, but it's a necessary one the Pentagon will have to make, Williams said. That investment could bite into the expected savings the military anticipates.

The Defense Department's Cloud Computing Strategy states the military has planned this transition to make its networks more efficient as technology and computing becomes more complex. As the amount of  networks and computing power grows, Williams is concerned the cloud could work against itself by shrinking bandwidth for some users.

U.S. military networks are spread out across the world. By consolidating the number of servers, there is the risk that too many users would be stuck on a limited number of high capacity trunk lines flowing into data centers in fewer parts of the world.

"If you have enough users, this could potentially create higher latencies and lower bandwidth speeds which can negatively impact some applications," Williams said.

Both Williams and Malloy suggested the Pentagon is underestimating the costs associated with transitioning to a cloud computing strategy.

"Relying on creating a "secure" cloud environment as the new DoD funding initiative calls for requires too great of spending on securing the system, without even factoring in transition costs," Malloy said.

The Pentagon can't afford not to make those security investments with the U.S. military and government under constant cyber attacks, analysts said. A transition to the cloud computing concept could pose significant advantages for the military's future, but Williams and Malloy have plenty of doubts the transition will occur safely.

Show Full Article

Related Topics