[LINK] Australian intelligence community seeking to build a top-secret cloud

jwhit at internode.on.net jwhit at internode.on.net
Fri Dec 11 22:19:51 AEDT 2020 

 
 Not exactly very secret, is it?We are led by morons.

----- Original Message -----
From: "Stephen Loosley" 
To:"link" 
Cc:
Sent:Fri, 11 Dec 2020 10:25:22 +0000
Subject:[LINK] Australian intelligence community seeking to build a
top-secret cloud

 Australian intelligence community seeking to build a top-secret cloud

 The Office of National Intelligence has called for expressions of
interest from vendors to build a highly-secure private community cloud
service for the national intelligence community.

 By Stilgherrian for The Full Tilt | December 11, 2020 | Topic:
Security

 https://www.zdnet.com/article/australian-intelligence-community-seeking-to-build-a-top-secret-cloud/

 Australia's national intelligence community (NIC) hopes to build a
highly-secure private community cloud service capable of protecting
data that is classified all the way to the level of top secret.

 The Office of National Intelligence (ONI), Australia's peak
intelligence agency, is leading the project, and issued a call for
expressions of interest on Friday.

 "The NIC is seeking to accelerate its ability to transpose and
extract relevant data from complex data sources. It sees common
toolsets for data filtering and manipulation to extract relevant
useful information as a force multiplier," ONI wrote.

 "The NIC seeks greater interoperability through shared common
services, common infrastructure, and standards, centralisation of
services, and the ability to create collaborative environments."

 All 10 NIC agencies will eventually use the cloud: ONI, Australian
Signals Directorate (ASD), Australian Geospatial-Intelligence
Organisation, Australian Secret Intelligence Service, Australian
Security Intelligence Organisation (ASIO), Defence Intelligence
Organisation, Australian Criminal Intelligence Commission, and the
intelligence functions of the Australian Federal Police, Australian
Transaction Reports and Analysis Centre (Austrac), and the Department
of Home Affairs.

 The platform would also allow "trusted third-parties" to operate
software-as-a-service (SaaS) services in the private community cloud.

 ONI's leadership of the project, and indeed the project itself, stem
from recommendations of the 2017 Independent Intelligence Review.

 "We recommend that data analytics and ICT connectivity, including the
establishment of an intelligence community computing environment in
which technical barriers to collaboration are minimised, be one of the
highest priorities of a more structured approach to technological
change and the funding of joint capabilities," the review said.

 The project does not involve agencies collecting any new data. Nor
does it expand their remit. All existing regulatory arrangements still
apply.

 Rather, the NIC hopes that a community cloud will improve its ability
to analyse data and detect threats, as well as improve collaboration
and data sharing.

 "Top Secret" is the highest level in Australia's Protective Security
Policy Framework. It represents material which, if released, would
have "catastrophic business impact" or cause "exceptionally grave
damage to the national interest, organisations or individuals".

 Until very recently the only major cloud vendor to handle top secret
data, at least to the equivalent standards of the US government, was
Amazon Web Services (AWS). AWS in 2017 went live with an AWS Secret
Region targeted towards the US intelligence community, including the
CIA, and other government agencies working with secret-level datasets.

 In Australia, AWS was certified to the protected level, two
classification levels down from top secret. The "protected"
certification came via the ASD's Certified Cloud Services List (CCSL),
which was in June shuttered, leaving certifications gained through the
CCSL process void.

 Under the ISM framework, AWS had 92 services assessed as protected.
It also negotiated an Australia-wide government cloud deal in 2019.

 While the CCSL is no longer, it is expected the Information Security
Registered Assessors Program (IRAP) will support government in
maintaining their assurance and risk management activities.

 This week, Microsoft launched Azure Government Top Secret cloud to
handle classified data at all levels, including top secret, for US
government customers. However, Microsoft is still working with the
government to achieve accreditation.

 Under the CCSL, Microsoft was also able to store government
information up to a protected level. Unlike all previous such
certifications, Microsoft's certifications were provisional, and came
with what the ASD called "consumer guides".

 ASIO issued expressions of interest in 2019 to use Microsoft Azure
internally for protected, secret, and top secret data.

 In the UK, private company UKCloud launched its potentially top
secret UKCloudX service in 2018. UKCloud is already a provider of
cloud services to the UK government's G-Cloud via a contract with the
government's purchasing agency Crown Commercial Services.

 ONI is seeking to explore the market, however, and vendors with
experience in delivering secure cloud environments can apply, even if
they do not yet have top secret certification.

 However, the cloud must be hosted on infrastructure physically
located in Australia and geographically dispersed.

 "[This is] the first stage in a multiphase procurement process by
which ONI will determine which, if any, respondents will be invited to
participate in the next stage of the procurement process," ONI wrote.

 Expressions of interest close February 8, 2021.

 _______________________________________________
 Link mailing list
 Link at mailman.anu.edu.au
 http://mailman.anu.edu.au/mailman/listinfo/link

More information about the Link mailing list