Originally published at: https://boingboing.net/2018/06/01/hellfire-skynet.html
…
No. Please no. Go ahead with the AI if you must but please don’t put this nation’s defense in the hands of a “cloud” services provider.
Nothing to worry about. See? Wacky robots! And one of them is making I-love-you hands!
Given their track record, I’m not sure naming any defense program after the Jedi is a terribly good idea.
Wont somebody think of the younglings!
Do no evil*
*unless there’s profit in it, then rub hands together and cackle on the way to the bank.
Uh oh.
DOD has their own totally isolated “instance” of AWS, it’s not the public version.
Is the long game Iron Man?
Do no evil.
And that’s better because…?
It’s not… on the internet?
So what medium of data transfer between government entities is going to be used then? Are they building a big private WAN not connected to the internet?
There are what are called “high-side” networks that, correct – do not connect to the internet, and do not have client systems that also connect to the internet, so they are not bridged to the public or “low-side” networks at all.
If you are referring to SIPRNET, you may be interested to know that Chelsea Manning used her access it to send documents to wikileaks. SIPRNET connections can be found in private residences and small businesses. The security of SIPRNET is a bit dubious.
Raytheon and Radiant Mercury both produce what are known as guards or cross-domain solutions which interconnect “high side” with “low side” public networks (such as the public internet). These devices are deployed extensively.
But that’s not even the most concerning thing to me. We are talking about storing our nation’s defense information on privately owned systems- systems owned by the likes of Amazon and Alphabet.
Uhm… a lot of DOD stuff has been stored on systems of contractors before this, as far as I’m aware… What really makes this different, other than the specifics of the technologies at play? Are you arguing that “cloud architecture” is somehow inherently less secure?
And a lot has been leaked.
Cloud architecture is a marketing term so let’s talk about real things. I’m arguing that placing this nations defense data in the hands of a non-governmental publicly traded company is inherently less secure than keeping it in the hands of the DoD
Well, any human with access to classified systems is capable of leaking data to the public, which is what has happened, so I’m not sure how this relates.
I agree. But I guess my question is, if you believe this, why are you reacting specifically to the likes of AWS setting up privately-owned servers for the DOD? Lots of private companies/contractors have done this over the years. You seemed to be picking on Amazon particularly for a reason that is, in your words (which I tend to agree with), a marketing term.
It relates in that if we are looking to change the way our governmental networks operate to make them more secure, I think perhaps we should look at solving the existing problems rather than pretending a move to the popular marketing termed “cloud” would make things better.
It’s not AWS specifically, it’s all private business selling similar products. And let’s be very clear about what private firms have so far provided. They have provided hardware, software, planning, implementation, and support. AFAIK they do not house and own the systems which our government uses which is how moving to a cloud provider would differ from the current situation. If they do, then we are already there and the entire discussion of moving to cloud service providers becomes moot and we have already made a mistake.
This was more my point, so at last, you have come over to my view.
I would be really surprised if it wasn’t already happening “pre-cloud provider.” But, I’m also less sure that it really is markedly a “big deal” security wise. A similar argument might be, we shouldn’t have government contractors at all, because they are more of a security risk than a GOV employee. Which is a case one can make, sure, but I just don’t know I see the specific argument as to why.