What Are We Even Doing?

Ruth Clegg and Manveen Rana at the BBC: Is U.S. Military Cloud Safe from Russia? Fears over Sensitive Data.
A technology company bidding for a Pentagon contract to store sensitive data has close partnerships with a firm linked to a sanctioned Russian oligarch, the BBC has learned.

The Jedi project, a huge cyber-cloud which could ultimately store nuclear codes, has already sparked security fears.

Viktor Vekselberg, who is close to the Kremlin, has links to C5, a group of cyber-investment companies which has worked closely with the leading bidder, Amazon Web Services (AWS).

Both C5 and AWS say C5 is not involved in the Jedi bid in any way.

All bids for the cloud are sealed. The Pentagon refused to comment, stating that information about companies involved could not be disclosed.

...Mr Pienaar, the man behind the C5 group, is a well-connected South African with business ties to a wealth of illustrious names.

The board of one of his flagship companies, C5 Capital, features a roll call of some of the most influential and trusted figures in military and security circles on both sides of the Atlantic.

He also has links to Viktor Vekselberg, who is on the U.S. sanctions list for his close ties to Vladimir Putin.
As I noted on Twitter: This entire project seems like a full-tilt trash idea (nuclear codes in the cloud?! JFC), and that's BEFORE we get to the part where they're subcontracting out the tech, and BEFORE Kremlin-tied oligarchs were allowed to bid on the contract!

Setting aside for the moment that a company with ties to a sanctioned oligarch who's pally with Putin was even allowed to bid on the contract, what in god's teeth is the Pentagon doing proposing to keep military secrets on a cloud?!

John Weiler, director of the Washington-based IT procurement group IT-AAC, is quoted in the article, saying: "I would not store my most personal data, nor would my fellow colleagues, in a commercial cloud, period, the end."
He says there are huge risks to storing such classified information on a public, commercially-held cloud run by just one company.

"We have our nuclear codes; where our troops are going to be from one day to the next. If the cloud's security is breached, then our enemies could use our information against us. They could be waiting for us."
This is so aggressively stupid that it seems designed to have a ready-made excuse for a transfer of sensitive military information to our enemies meant to look precisely like that entirely predictable failure.

I realize that sounds paranoid, but the notion that the sitting president could be colluding with Vladimir Putin to undermine democracy globally sounded paranoid once upon a time, too, so.

Anyway.

As David Lee Sloth (!!!) observed on Twitter: "AYFKM? Russia goes back to using typewriters for sensitive data & our dipshits want to put our security data in the cloud?? SMH." Yeah. That's about the shape of it.

And as incredible as it seems, it might not even matter — because there's a good possibility Russia already has access to our nuclear codes.

As I mentioned in October, a Government Accountability Office report found that U.S. weapons systems are stunningly vulnerable to hackers, many of whom can hack our systems without alerting the military teams who manage them.

And, once again, I am reminded of that December 2016 article at the New Yorker by Eric Schlosser: "World War Three, by Mistake." This paragraph, in particular:
Strict precautions have been taken to thwart a cyberattack on the U.S. nuclear command-and-control system. Every line of nuclear code has been scrutinized for errors and bugs. The system is "air-gapped," meaning that its networks are closed: someone can't just go onto the Internet and tap into a computer at a Minuteman III control center. At least, that's the theory. Russia, China, and North Korea have sophisticated cyber-warfare programs and techniques. General James Cartwright — the former head of the U.S. Strategic Command who recently pleaded guilty to leaking information about Stuxnet — thinks that it's reasonable to believe the system has already been penetrated. "You've either been hacked, and you're not admitting it, or you're being hacked and don't know it," Cartwright said last year.
Everything is not fine. Not at all.

Shakesville is run as a safe space. First-time commenters: Please read Shakesville's Commenting Policy and Feminism 101 Section before commenting. We also do lots of in-thread moderation, so we ask that everyone read the entirety of any thread before commenting, to ensure compliance with any in-thread moderation. Thank you.

blog comments powered by Disqus