Department of Defense May Give Private Cloud Vendors Access To Top Secret Data

An anonymous reader sends news that the U.S. Department of Defense is pondering methods to store its most sensitive data in the cloud. The DoD issued an information request (PDF) to see whether the commercial marketplace can provide remote computing services for Level 5 and Level 6 workloads, which include restricted military data. "The DoD anticipates that the infrastructure will range from configurations featuring between 10,000 and 200,000 virtual machines. Any vendors selected to the scheme would be subject to an accreditation process and to security screening, and the DoD is employing the Federal Risk and Authorization Management Program to establish screening procedures for authorized cloud vendors, and to generate procedures for continuous monitoring and auditing."

Outrage

[hammeraxe]

I expect there to be outrage here on slashdot. But think about it. How is this really different from, lets say, Lockheed Martin designing the F-35 and storing all the design data associated with it. Sure, they're not a "private cloud vendor", but they're probably running a bunch of servers for this purpose. So "top secret cloud" is already happening.

Re:Outrage

[BitZtream]

Except that 'cloud' at Lockheed is entirely 'in house' and not accessible from the outside world at all. Its certainly not available on the Internet. Us old folks call it 'a file server on the internal network'. Of course, us old folks don't call things 'the cloud' either unless talking to people who don't understand networks, so for your case I'll use 'cloud'. Lets not forget that Lockheed is also the one who actually designed and built the thing, so they already have the data by definition.

Lockheed also doesn't want the data getting stolen, they are VERY motivated to protect it. They can't sell F-35s for a ridiculous price if anyone can make them for a lot less. The government doesn't want China getting F-35s, so they are both motivated to work together to make sure that doesn't happen.

Someone else, like Box, Dropbox, Google or Sharefile only have the interest of not getting some bad publicity. If the designs for the F-35 are stolen from one of those systems, at most they are out a single customer, Lockheed, but not enough of the rest of the world is going to give a shit and move as well ... ASSUMING Lockheed would. The sharing services don't care if China gets the plans to the F-35. Worst case, some rogue nation gets the plans, makes a bunch of military assets and then invades the US (I did say WORST case), the execs at the sharing service will have already sold some assets well in advance and moved somewhere they can watch the thing play out from relative safety.

There is practically no real motivation for file sharing services to put more than a basic effort into security other than small amounts of pride. Greed trumps pride.

You don't understand the outrage because you don't understand the pattern and you're simplifying it into something its not.

Of course, you're also just reading the slashdot headline and summary and not the actual article, which states that they are looking for ways to certify contractors to create and work on a DoD private cloud ... NOT outsourcing their data storage to someone else like Box or Sharefile. It'll be in a DoD owned and managed data center at some military installation.

So basically, not only do you not understand why slashdotters with a clue would be outraged, you don't understand what is actually being discussed, partially due to the ignorance of slashdot editors but mostly because you couldn't be bothered to read the story you're commenting on.

Re:Outrage

[AmiMoJo]

Except that 'cloud' at Lockheed is entirely 'in house' and not accessible from the outside world at all. Its certainly not available on the Internet.

I seriously doubt that, as do many Chinese/Russian hackers. Even if the fileserver itself isn't on the internet, you can bet that client machines which connect to it are. I bet they allow VPN access to their internal network too, since they have more than one location.

China and Russia already have the F-35 plans.