12 Jun 13. Researchers work on a proactive system for handling cyber attacks on cloud services and infrastructures. As DOD begins sending its most sensitive information into the cloud, the Defense Advanced Research Projects Agency (DARPA) is developing a new generation of resilient cloud services that are designed to maintain and support military objectives during a cyber attack. According to DARPA, a traditional perimeter defense focus can’t sufficiently secure existing network enclaves. The approach is even less likely to provide reliable security in cloud environments, where a massive concentration of homogeneous hosts on high-speed networks lack internal checks and rely on implicit trust among hosts within limited perimeter defenses. DARPA’s Mission-oriented Resilient Clouds (MRC) program aims to bolster cloud security by developing technologies that would detect, diagnose and respond to attacks on cloud services and infrastructures, effectively building a “community health system.” DARPA researchers are also working on technologies that would enable cloud applications and infrastructures to continue functioning while under attack. In effect, the idea is to enable a cloud-based architecture that provides fault tolerance and mission assurance for widely distributed multi-host systems similar to business-critical online transaction processing systems that tie together a fabric of varied network nodes into a host architecture that can survive any individual component failure or predicted class of attack. The MRC program’s most important aspect is its focus on preserving access to mission critical resources, said Geoff Webb, director of solution strategy at NetIQ, a Houston-based user access and security systems vendor. “While cloud computing generally offers a much higher degree of availability due to the inherently distributed nature of clouds, there is a very real threat that monoculture in the cloud might result in a targeted attack against a specific type of host infecting all of the connected systems in a cloud, which could put a mission at risk,” he said. Webb noted that the MRC initiative addresses this issue by “introducing manageable diversity and dynamic trust models that could potentially identify and stop an attack or failure before it affects the entire cloud.” Until MRC is ready for deployment, DOD will have to rely on existing government and commercial security technologies and practices, despite the fact that they too are undergoing an evolution and have not yet been fully tested within a military cloud environment. The major guidance for cloud computing from research and application are the
NIST Cloud Computing Initiative and guidance on the 800 series publications; the GSA FedRAMP (Federal Risk and Authorization Management Program); the DISA RACE (Rapid Access Computing Environment) and STAX (Secure Technology Application eXecution) programs. (Source: Defense Systems)
09 Jun 13. President Barack Obama confronted Chinese President Xi Jinping over allegations of cyber theft on Saturday but they agreed at a shirtsleeves summit in the California desert on reining in North Korea. The two leaders debated how to handle China’s growth as a world power more than 40 years after President Richard Nixon’s groundbreaking visit to Mao Zedong’s Communist China in 1972 ended decades of estrangement between Washington and Beijing. While Obama publicly emphasized the U.S. desire for a “peaceful rise” by China, privately he laid out some specific examples to Xi of what the United States says is Chinese cyber thievery. American officials have voiced increasing alarm at cyber spying from China that has hit U.S. businesses and Obama is under pressure to take steps to stop it amid controversy in America about the extent of his own government’s counterterrorism surveillance. The Washington Post reported recently that China had accessed data from nearly 40 Pentagon weapons programs. Obama’s message to Xi carried a warning, “tha