Defense Overhaul's Emphasis on the Cloud Carries Supply Chain Risks
January 6, 2012
The shift of military operations to the cloud -- part of a Defense Department downsizing -- will require protecting electronics manufactured in Asia from supply chain tampering, say some private security auditors. But that won't necessarily mean inspecting every network component made in China.
As the military ends campaigns in Iraq and Afghanistan and institutes mandated cost cuts, funding for cyber operations will dodge the chopping block, Defense Secretary Leon Panetta said Thursday. To defend the military's information assets, Pentagon leaders say defense computers must be tied to the cloud -- meaning an online environment that can be centrally locked down. Yet it's difficult to police parts of that environment manufactured or even housed in countries that stand accused of cyberespionage, experts say.
"Our clouds are running off of hardware that's built in China," said Tom McAndrew, an executive at IT compliance firm Coalfire who also is a Navy Reserve surface warfare officer specializing in weapons systems. He was not speaking on behalf of the Pentagon. "The challenge is -- can you create a secure cloud running on top of nonstandardized, noncertified hardware?"