In the wake of reports that US bank websites were repeatedly hacked via cloud computing platforms, a key Department of Defense agency is interesting itself in cloud security.
DARPA (Defence Advanced Research Projects Agency) has taken on an impressive portfolio of tasks related to Internet security. It worked on the construction of a functioning simulacrum of the Internet, to serve as a cyber-range for military exercises. It also took partial ownership of the trusted identity problem, trying to develop behavioral footprinting as an alternative to passwords.
The agency has now bitten off a big new piece of the cyber-security puzzle with its new MRC program: Mission-oriented Resilient Clouds. The program is designed to dovetail with the Federal Cloud Computing Strategy put together by former government CIO Vivek Kundra.
As part of this strategy, we already have a cloud risk management program known as FedRAMP. Essentially, FedRAMP sets out a standardized security assessment program for cloud platforms and cloud service vendors. Whereas FedRAMP examines compliance with currently known best-practices, MRC seeks to extend and strengthen cloud defenses.
Rejecting the concept of perimeter defense, MRC focuses on what it calls a "community health system" for clouds. In other words:
...Turning the cloud's connectivity from a vulnerability to a source of strength. The idea is that information about potential attacks is shared throughout the cloud, diverting resources around compromised nodes where possible, while mobilizing defensive systems to contain the damage.
The fear, of course, is that a weak link among multiple clients of a cloud can put all the cloud's users at risk. The challenge is that the implementation of what DARPA calls "shared situational awareness and dynamic trust models" runs against the intuitions of traditional cyber-security.
Instead of constructing a secure wall around the datacenter, the "neighborhood watch" approach asks clients to monitor the behavior of each others' applications, and to share defensive resources to respond to deviant situations. Responsive capabilities would be distributed throughout the cloud, not unlike an immune system, enabling parts of the system to continue working -- and conducting a defense -- despite other parts being contaminated.
Although these are early days for MRC, I think it's fair to see the program as a specific application of the distributed security model promulgated last year by the Department of Homeland Security.
If it makes sense to treat cyberspace generally as a unitary domain requiring automated collective action to maintain security, it's a no-brainer to see clouds as smaller ecosystems demanding similar treatment.
MRC will need to contend not only with the interoperability issue -- ensuring that neighboring nodes in a cloud platform actually can communicate and take collective action -- but also with the prevailing security ethos of maintaining firewalls against everyone, neighborly watchdogs and predatory wolves alike.
— Kim Davis , Community Editor, Internet Evolution