Risk
8/29/2012
12:25 PM
50%
50%

U.S. Intelligence Agencies Seek A Private Cloud OS

CIA's investment arm has partnered with Adaptive Computing to develop a cloud OS for agencies' use. OpenStack platform may be used.

Defense Tech: 20 War-Fighting Innovations
Military Transformers: 20 Innovative Defense Technologies
(click image for larger view and for slideshow)
In-Q-Tel, the investment arm of the CIA, has partnered with cloud management specialist Adaptive Computing to develop a "cloud operating system" for use by U.S. intelligence agencies.

Adaptive will integrate its Moab cloud management suite with an unspecified open source cloud platform--potentially OpenStack, CloudStack, or another alternative--to create the cloud OS.

Adaptive's Moab Cloud Suite provides service provisioning, service catalogs, and policy management in cloud environments. The company holds patents in areas such as multi-tier applications, time-based policy enforcement, and hybrid and multi-tenant clouds.

In a written announcement on the partnership, Robert Ames, senior VP of In-Q-Tel's information and communication technologies practice, cited Adaptive's experience in cloud management software and its development capabilities in deciding to work with the company. The company's customers include the National Security Agency, national laboratories, the National Oceanic and Atmospheric Administration, and the U.S. military.

[ The feds are embracing new technologies to prepare for the digital age. Read DARPA Seeks 'Plan X' Cyber Warfare Tools. ]

U.S. director of national intelligence James Clapper said at an industry conference last year that the Intelligence Community (comprised of 17 federal agencies and departments) would be moving to the cloud model as a way of meeting budget reductions. Given the security requirements of intelligence agencies, private clouds may be the preferred way of doing that.

CIA CTO Gus Hunt, speaking at InformationWeek's GovCloud conference last year, said cloud computing, because if its virtual, dynamic nature, could potentially be more secure than traditional IT approaches. "I've created a world in which my workloads are constantly fresh and clean, and I have created a shell game by turning myself into a polymorphic attack service," he said. (InformationWeek Government's GovCloud 2012 conference will be held Oct. 17 in Washington, D.C)

The non-profit Intelligence and National Security Alliance earlier this year released a white paper that identified issues around cloud adoption, including security and the suitability of various cloud environments (public, private, or hybrid). At the same time, the INSA concluded that agencies stand to benefit from an increased ability to share and analyze large quantities of data.

Adaptive Computing, previously known as Cluster Resources, has a background in managing high-performance computing clusters, which it is applying to the supervision of x86 servers in private clouds. The company's Moab technology employs a multi-dimensional "intelligence engine" to the management and allocation of IT resources.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3216
Published: 2015-07-07
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establi...

CVE-2014-3653
Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

CVE-2014-5406
Published: 2015-07-06
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, ...

CVE-2014-9737
Published: 2015-07-06
Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a block.

CVE-2014-9738
Published: 2015-07-06
Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, or a (3) team entity title.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report