DoD's DARPA Plans Resilient Cloud to Withstand Cyber-Attacks

The Department of Defense will be announcing details behind a new resilient cloud infrastructure that can keep operating even while under cyber-attack on May 26.

The research arm of the Department of Defense wants a cloud computing infrastructure that is resilient enough to keep working even while it's getting hit by massive denial-of-service attacks.

The DARPA (Defense Advanced Research Projects Agency) will build a cloud-based network that can continue supporting military missions even while under cyber-attack, DARPA said in an announcement May 17. DARPA will elaborate on the details behind the MRC (Mission-oriented Resilient Clouds) project at a Proposer's Day meeting on May 26.

Considering the mission-critical and sensitive nature of the Defense Department's projects, the department requires a secure cloud infrastructure that can withstand a cyber-attack without interruption. The problem lies with the cloud's inability to withstand an attack, DARPA said.

There is a high degree of trust between hosts within a cloud infrastructure, which allows malware to spread rapidly to other systems within the environment once it manages to get in. Since the hosts are also integrated using high-speed connections, attacks can potentially propagate even more rapidly than in conventional networked systems, according to DARPA.

"Today's hosts, of course, are highly vulnerable, but even if the hosts within a cloud are reasonably secure, any residual vulnerability in the hosts will be amplified dramatically," DARPA said.

The MRC program will run an "ensemble of interconnected hosts acting in concert," DARPA said in the announcement.

"Loss of individual hosts and tasks within the ensemble is allowable as long as mission effectiveness is preserved," DARPA said.

The MRC project will include redundant hosts and will be able to correlate attack information while switching around resources. "The goal is to provide resilient support to the mission through adaptation," according to the agency.

The country's military weapons systems and other critical communications systems are controlled and operated through computers and computer networks, Peter Pace, a former chairman of the Joint Chiefs of Staff, said at a conference on cyberspace in April. It is critical that the United States be able to detect when the network is under attack and to be able to defend it without compromising the systems that rely on the network, according to Pace.

Department of Defense systems are under continuous attack. Over 250,000 probes hit DoD networks every hour, Gen. Keith Alexander, the director the National Security Agency and commander of the U.S. Cyber Command, said at a conference last year.

The research project will support the federal government's "cloud first" policy as announced by Vivek Kundra, United States CIO, back in December. The policy requires every federal agency to identify three existing systems that could move to the cloud, and to consider a cloud system when developing new projects.

"Cloud computing is a rapidly emerging trend within both the commercial sector and the Department of Defense," DARPA said.

The MRC project would help move the DoD toward more cloud computing initiatives, according to Dave Mihelcic, the CTO of the Defense Information Systems Agency, in the announcement.

MRC will be a companion program to the existing Clean-slate design of Resilient, Adaptive, Secure Hosts (CRASH) project that aims to limit vulnerabilities in each host within a cloud infrastructure. MRC will focus on the network's "amplifying" effect and use it to make the network more resilient, instead of helping to propagate the attack.