Cloud breaks and a chance of cyber attacks
Those of you who follow tech or have a cloud-connected Apple device may have noticed that Apple’s iCloud was down for a couple hours this afternoon. While this certainly isn’t cause for panic – the consumer cloud doesn’t exactly hold the secretes of the universe – I’d like to posit a different situation: What if the private cloud fell?
For those of you who don’t follow the tech world more closely than one ant follows another on its way to a picnic the cloud is the common term for a technology that allows an user to send information, via an internet or data connection, to a sever. The information is then stored in a server and can be accessed remotely at any time from a connected device. The benefit of storing your files in the cloud is circumventing storage restrictions on your device. Sorted.
The cloud has many dimensions – public, private, and consumer – and has actually been in use far longer than most of us know. Envisioned in the 1960’s, the first tangible iteration of the cloud came in the form of salesforce.com in 1999 which which pioneered the concept of delivering enterprise applications via a simple website. In 2002 Amazon started rolling out enterprise cloud solutions including remote storage and abracadabra, ten years later we have iCloud, SkyDrive, Dropbox, etc.
Now, the interesting thing about the private cloud – a breed of cloud computing where the customer purchases a server suite to be hosted on-site at their own private location so they can administer it themselves through customized virtualization software – is that the private cloud DOES hold the secrets of the universe…or at least this country.
The US government has begun to purchase private cloud solutions to store secure data. Briefly, how it works is a government department purchases a private cloud solution, the vendor builds and installs a server farm at the department’s location of choice, the vendor syncs the servers to the department’s chosen (often customized) software solution, and there you have it – one private cloud. The benefits of a private cloud for governments is it allows them to house massive amounts of secure data on a safe platform – the data lives on the serves, employees access it through the cloud but they don’t download it to their individual machines. This means that the government can have all of the secure data on lock down – it’s more secure. The servers are privately hosted so no one else has access to them – virtually or physically – and synced devices can be remotely wiped using the administrative software.
The problem is that even private cloud isn’t perfect. In a world full of bureaucratic posturing innovation often comes most quickly from malevolent sources. Hackers can more quickly find access points to systems than “the good guys” can develop patches. Returning to the private cloud; the bulk of servers currently on the market are based on Intel’s Atom processors. The US Computer Emergency Readiness Team (US-CERT) recently revealed a flaw in these Intel processors that allows hackers to exploit a set of kernel instructions on 64-bit (just go with it) operating systems. The hacker can then essentially subvert the security permissions of a virtual (read: cloud) system to access the supposedly protected data. Uh-oh.
While Microsoft has already issued a patch to correct for the vulnerability those using customized virtualization softwares or those running non-Windows operating systems may still be vulnerable. Including the government.
So what if someone far more malicious than you or I got it their heads to wipe all of Social Security Administration‘s data? What if a terrorist with mad computing skills decides to hack the Federal Aviation Administration‘s information for their own nefarious use? What if, some day for some reason, the private cloud goes dark like Apple’s consumer cloud did today? What then? I’d bet on anything from panic and a lot of administrative mistakes to full on war. The implications are simple: If the data stored on those private cloud servers were to fall into the wrong hands this entire country would fall into chaos – after all, information is power.
Realize this: Everyday the US government is vulnerable to cyber attacks, may undertake its own cyber attacks (see Flame Malware), and YOUR government-held data is at risk of being lost forever. So I suggest you back up what you can – make your own private cloud so-to-speak – and prepare for the possibility of a cloud-free future.