There’s nothing like a disaster story to get the headlines whirring on just about anything else, and the fairly mundane subject of cloud computing -- all the current hype aside -- is apparently no different. Some industry watchers now warn that the IT industry’s own Deepwater Horizon event is just around the corner.
An Ars Technica writer recently spoke to various industry sages who talked about how, at some point, there will be a major breach of security or act of terrorism involving the cloud that will cause everyone in industry and government to engage in a massive rethink of the worth of the cloud.
Of course, whether the oil spill disaster in the Gulf ends up causing anything more than a momentary blip in offshore drilling is an open question, given all the money and political capital invested in the issue. Cloud computing isn’t exactly in the same league, but it’s arguable that the tipping point about the move to the cloud has already been reached, so how badly such IT-based disasters would affect that is questionable.
However, there’s no doubt that security and privacy are among the strongest of the potential show stoppers for the cloud. A recent Pew Internet survey (http://pewinternet.org/Reports/2010/The-future-of-cloud-computing.aspx) said as much, as did an IDC survey. Those worries tend to outweigh the perceived benefits of the cloud, at least for now.
Then again, you could take the attitude that the current frenzy over cloud computing is just the result of clever marketing. According to a story in Internet Evolution, at least, cloud computing is really nothing more than a fancy term for the good old client/server link. At the end of the day, according to the author Gideon Lenkey, “you’re using a software client to access data on a server, a machine in a rack, across a network.”
Instead of worrying about the security of the cloud, he says, just focus on worrying about security, period. No matter what name you give to today’s favored IT flavor, that problem never seems to go away.
Posted on Jun 24, 2010 at 1:29 PM4 comments
It looks like the Defense Advanced Research Projects Agency (DARPA) may be getting squeezed out of the competition to build a test range for potential cyber security solutions, with pushback from both military and intelligence agencies who want to see more speed and action.
The main complaint about DARPA over the years has been the difficulty it has had in turning lab technology into operational systems, according to a story in Aviation Week, so the potential customers of the cyber testing range have apparently been pressing for a bigger say in the actual testing and deployment of cyber systems.
“The services didn’t want to wait around for DARPA,” the story quotes a senior program official saying. “The Navy’s 10th Fleet Cyber Command wants to expand a small range at Network Warfare Command in Little Creek, Va. The National Security Agency wants a range at Fort Meade, Md. And the 24th Air Force wants its own capabilities.”
DARPA’s goal with the cyber range is to revolutionize the state of cyber testing, according to Michael VanPutte, the DARPA program manager of the National Cyber Range. That entails a fully automatic range that can be rapidly configured to “get the results back out to the community.”
The cyber range is a part of the Bush era Comprehensive National Cybersecurity Initiative, which is a governmentwide rather than strictly a military undertaking. It was supposed to be a focal point for industry and government to test their cyber tools.
However, it’s not happening fast enough for the various intelligence agencies. The seven-year program envisioned by DARPA is considered way too slow—which means DARPA may now be involved only up to the prototyping stage and not in the actual building of the range.
Posted on Jun 21, 2010 at 10:46 AM0 comments
A recent investigation by the Center for Public Integrity and ABC News turned up the fact that microchips and antennas intended for U.S. e-Passports were being manufactured in Thailand—a country currently plagued by political and social unrest which, in turn, creates all kinds of security risks for terrorism and others tampering with the main identification used for crossing U.S. borders.
Sen. Charles Schumer, the New York Democrat who heads the Senate Committee on Rules and Administration, is pressuring the Government Printing Office (GPO), which is in charge of e-Passport production, to bring that chip manufacturing back to the U.S.
GPO complained that no U.S. vendor is up to snuff when it comes to testing these chips for international-standards compliance, but Schumer dismissed that pretty handily. “There are more than 25 companies in the United States — and at least five companies in New York — who possess the capability and knowledge to manufacture the chips,” he told GPO.
This points up what’s likely to be an increasing headache for U.S. government users of technology, given that just about all of the electronics they manipulate now to do their jobs is made overseas, including the chips.
It used to be that Intel, AMD and other chip companies did most of their manufacturing in the United States, but that’s not true anymore. A lot of the design still happens here, but manufacturing and testing is increasingly going abroad, primarily to contract Asian foundries, although Germany could soon be another major source of these chips.
One immediate example of what this could mean for the United States is the momentum that’s gathering to give U.S. soldiers smart phones that they could use in the field. The assumption is that the farther away the chip manufacturing for these phones moves from the United States, the less secure the whole system could be.
That’s even more relevant to the weapons the U.S. military uses, which are increasingly computer- and communications-centric. And that’s led to programs such as DARPA’s Trust in Integrated Circuits, which is looking to develop ways to certify that chips that go into these systems haven’t been messed with by bad people with malicious intent.
Given the cutthroat competition in the electronics markets these days, chip companies are unlikely to pull back from these cheaper foreign manufacturers. But, for the really essential stuff, perhaps Schumer has a point?
Posted on Jun 16, 2010 at 12:30 PM1 comments