Risk
8/29/2012
12:25 PM
Connect Directly
RSS
E-Mail
50%
50%

U.S. Intelligence Agencies Seek A Private Cloud OS

CIA's investment arm has partnered with Adaptive Computing to develop a cloud OS for agencies' use. OpenStack platform may be used.

Defense Tech: 20 War-Fighting Innovations
Military Transformers: 20 Innovative Defense Technologies
(click image for larger view and for slideshow)
In-Q-Tel, the investment arm of the CIA, has partnered with cloud management specialist Adaptive Computing to develop a "cloud operating system" for use by U.S. intelligence agencies.

Adaptive will integrate its Moab cloud management suite with an unspecified open source cloud platform--potentially OpenStack, CloudStack, or another alternative--to create the cloud OS.

Adaptive's Moab Cloud Suite provides service provisioning, service catalogs, and policy management in cloud environments. The company holds patents in areas such as multi-tier applications, time-based policy enforcement, and hybrid and multi-tenant clouds.

In a written announcement on the partnership, Robert Ames, senior VP of In-Q-Tel's information and communication technologies practice, cited Adaptive's experience in cloud management software and its development capabilities in deciding to work with the company. The company's customers include the National Security Agency, national laboratories, the National Oceanic and Atmospheric Administration, and the U.S. military.

[ The feds are embracing new technologies to prepare for the digital age. Read DARPA Seeks 'Plan X' Cyber Warfare Tools. ]

U.S. director of national intelligence James Clapper said at an industry conference last year that the Intelligence Community (comprised of 17 federal agencies and departments) would be moving to the cloud model as a way of meeting budget reductions. Given the security requirements of intelligence agencies, private clouds may be the preferred way of doing that.

CIA CTO Gus Hunt, speaking at InformationWeek's GovCloud conference last year, said cloud computing, because if its virtual, dynamic nature, could potentially be more secure than traditional IT approaches. "I've created a world in which my workloads are constantly fresh and clean, and I have created a shell game by turning myself into a polymorphic attack service," he said. (InformationWeek Government's GovCloud 2012 conference will be held Oct. 17 in Washington, D.C)

The non-profit Intelligence and National Security Alliance earlier this year released a white paper that identified issues around cloud adoption, including security and the suitability of various cloud environments (public, private, or hybrid). At the same time, the INSA concluded that agencies stand to benefit from an increased ability to share and analyze large quantities of data.

Adaptive Computing, previously known as Cluster Resources, has a background in managing high-performance computing clusters, which it is applying to the supervision of x86 servers in private clouds. The company's Moab technology employs a multi-dimensional "intelligence engine" to the management and allocation of IT resources.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3541
Published: 2014-07-29
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.

CVE-2014-3542
Published: 2014-07-29
mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) is...

CVE-2014-3543
Published: 2014-07-29
mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity referenc...

CVE-2014-3544
Published: 2014-07-29
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.

CVE-2014-3545
Published: 2014-07-29
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.