DARPA’s Resilient Cloud Will Withstand Cyber-Attacks

US Department of Defense plans a resilient cloud infrastructure that keeps running while under cyber-attack

The research arm of the US Department of Defense (DoD) wants a cloud-computing infrastructure that is resilient enough to keep working even while it is getting hit my massive denial-of-service attacks.

The DARPA (Defence Advanced Research Projects Agency) will build a cloud-based network that can continue supporting military missions even while under cyber-attack, DARPA said. The agency will elaborate the details behind the Mission-oriented Resilient Clouds project at a meeting on May 26.

Cloud Vulnerable To Attack

Considering the mission-critical and sensitive nature of the defence department’s projects, the DoD requires a secure cloud infrastructure that can tolerate a cyber-attack without interruption. The problem lies with the cloud’s inability to withstand an attack, DARPA said.

There is a high degree of trust between hosts within a cloud infrastructure, which allows malware to spread rapidly to other systems within the environment once it manages to get in. Since the hosts are also integrated using high-speed connections, attacks can potentially propagate even more rapidly than conventional networked systems, according to DARPA.

“Today’s hosts, of course are highly vulnerable, but even if the hosts within a cloud are reasonably secure, any residual vulnerability in the hosts will be amplified dramatically,” DARPA said.

The MRC (Mission-oriented Resilient Clouds) programme will run an “ensemble of interconnected hosts acting in concert”, DARPA said in the announcement.

“Loss of individual hosts and tasks within the ensemble is allowable as long as mission effectiveness is preserved,” DARPA said.

The MRC project will include redundant hosts and be able to correlate attack information while switching around resources. “The goal is to provide resilient support to the mission through adaptation,” according to the agency.

The country’s military weapons systems and other critical communications systems are controlled and operated through computers and computer networks, Peter Pace, a former chairman of the Joint Chiefs of Staff, said at a conference on cyberspace in April. It was critical that the United States be able to detect when the network was under attack and to be able to defend it without compromising the systems that rely on the network, according to Pace.

Continuous Probing Of DARPA

Department of Defense systems are under continuous attack with over 250,000 probes hitting its networks every hour, General Keith Alexander, the director the National Security Agency and commander of the US Cyber Command, said at a conference last year.

The research project will support the federal government’s “cloud first” policy as announced by Vivek Kundra, the United States CIO, back in December. The policy requires every federal agency to identify three existing systems that could move to the cloud, and to consider a cloud system when developing new projects.

“Cloud computing is a rapidly emerging trend within both the commercial sector and the Department of Defense,” DARPA said.

The MRC project would help move the DoD toward more cloud computing initiatives, according to Dave Mihelcic, the CTO of the Defense Information Systems Agency, in the announcement.

MRC will be a companion programme to the existing Clean-slate design of Resilient, Adaptive, Secure Hosts (CRASH) project that aims to limit vulnerabilities in each host within a cloud infrastructure. MRC will focus on the network’s “amplifying” effect and use it to make the network more resilient, instead of helping to propagate the attack.