I assume this is the genesis of a Five Eyes cloud platform.

Questions for me are which commercial partners are in the mix, and how will they ensure TS-level security?

I guess we’ll never truly know, but it’s hard not to worry about the implications of this.

  • zik
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    Not so “Top Secret” any more, now that it’s been in the news…

    • HyperMegaNet@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Although I might be telling you something you already know (and at risk of sounding really boring); it sounds like what they’re really doing here is standing up a system that is certified to handle data up to “top secret” classification. The fact that such a system exists, in and of itself, is clearly not a secret.

      There are a huge number of requirements for systems handling data like that, everything from specific requirements for how physical cables are labelled, to which cryptographic algorithms are used for encryption, all the way through to corporate governance and management plans within the organisations that are involved. It is essentially a giant exercise in bureaucratic box ticking (although I can understand why governments want to be thorough about this stuff).

      After completing that entire process, what you’re left with is usually a fairly standard computer system, plus a whole bunch of assurances that this specific system is okay to use for “top secret” information. The actual capabilities of the system (and certainly the data within it) may well be top secret, but the existence of the system isn’t.

      It’s broadly similar to the GovTeams PROTECTED system. The existence of the system itself is public information, complete with a relatively slick website, but the actual access to the system is controlled. A quick glance at that website makes it clear that GovTeams is essentially just MS Teams / MS365 but certified for “PROTECTED” information. In the same way, I would bet money on it that this "top secret " cloud system ends up just being a fairly standard commercial offering from a major cloud provider (Azure, AWS, etc.) which is approved for storing top secret information after the parties involved complete the required box ticking.

    • tuff_wizard
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      No need to be top secret when no one can stop you and you’ve made it almost impossible to live outside the system.