Risk
8/29/2012
12:25 PM
50%
50%

U.S. Intelligence Agencies Seek A Private Cloud OS

CIA's investment arm has partnered with Adaptive Computing to develop a cloud OS for agencies' use. OpenStack platform may be used.

Defense Tech: 20 War-Fighting Innovations
Military Transformers: 20 Innovative Defense Technologies
(click image for larger view and for slideshow)
In-Q-Tel, the investment arm of the CIA, has partnered with cloud management specialist Adaptive Computing to develop a "cloud operating system" for use by U.S. intelligence agencies.

Adaptive will integrate its Moab cloud management suite with an unspecified open source cloud platform--potentially OpenStack, CloudStack, or another alternative--to create the cloud OS.

Adaptive's Moab Cloud Suite provides service provisioning, service catalogs, and policy management in cloud environments. The company holds patents in areas such as multi-tier applications, time-based policy enforcement, and hybrid and multi-tenant clouds.

In a written announcement on the partnership, Robert Ames, senior VP of In-Q-Tel's information and communication technologies practice, cited Adaptive's experience in cloud management software and its development capabilities in deciding to work with the company. The company's customers include the National Security Agency, national laboratories, the National Oceanic and Atmospheric Administration, and the U.S. military.

[ The feds are embracing new technologies to prepare for the digital age. Read DARPA Seeks 'Plan X' Cyber Warfare Tools. ]

U.S. director of national intelligence James Clapper said at an industry conference last year that the Intelligence Community (comprised of 17 federal agencies and departments) would be moving to the cloud model as a way of meeting budget reductions. Given the security requirements of intelligence agencies, private clouds may be the preferred way of doing that.

CIA CTO Gus Hunt, speaking at InformationWeek's GovCloud conference last year, said cloud computing, because if its virtual, dynamic nature, could potentially be more secure than traditional IT approaches. "I've created a world in which my workloads are constantly fresh and clean, and I have created a shell game by turning myself into a polymorphic attack service," he said. (InformationWeek Government's GovCloud 2012 conference will be held Oct. 17 in Washington, D.C)

The non-profit Intelligence and National Security Alliance earlier this year released a white paper that identified issues around cloud adoption, including security and the suitability of various cloud environments (public, private, or hybrid). At the same time, the INSA concluded that agencies stand to benefit from an increased ability to share and analyze large quantities of data.

Adaptive Computing, previously known as Cluster Resources, has a background in managing high-performance computing clusters, which it is applying to the supervision of x86 servers in private clouds. The company's Moab technology employs a multi-dimensional "intelligence engine" to the management and allocation of IT resources.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7437
Published: 2015-03-29
Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.

CVE-2013-7438
Published: 2015-03-29
Multiple buffer overflows in pbm212030 allow remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted PBM image, related to (1) stream line data, which triggers a heap-based buffer overflow, or (2) vectors related to an "internal intermediate heap-based ...

CVE-2014-5427
Published: 2015-03-29
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read pa...

CVE-2014-5428
Published: 2015-03-29
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integratio...

CVE-2014-9205
Published: 2015-03-29
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.