Biden admin’s cloud security problem: ‘It could take down the internet like a stack of dominos’

/in


The cloud has “become essential to our daily lives,” Kemba Walden, the acting national cyber director, said in an interview. “If it’s disrupted, it could create large potentially catastrophic disruptions to our economy and to our government.”

In essence, she said, the cloud is now “too big to fail.”

The fear: For all their security expertise, the cloud giants offer concentrated targets that hackers could use to compromise or disable a wide range of victims all at once. The collapse of a major cloud provider could cut hospitals off from accessing medical records; paralyze ports and railroads; corrupt the software that help financial markets hum; and wipe out databases across small businesses, public utilities and government agencies.

“A single cloud provider going down could take down the internet like a stack of dominos,” said Marc Rogers, chief security officer at hardware security firm Q-Net Security and former head of information security at the content delivery provider Cloudflare.

And cloud servers haven’t proved to be as secure as government officials had hoped. Hackers from nations such as Russia have used cloud servers from companies like Amazon and Microsoft as a springboard to launch attacks on other targets. Cybercriminal groups also regularly rent infrastructure from U.S. cloud providers to steal data or extort companies.

Among other steps, the Biden administration recently said it will require cloud providers to verify the identity of their users to prevent foreign hackers from renting space on U.S. cloud servers (implementing an idea first introduced in a Trump administration executive order). And last week the administration warned in its national cybersecurity strategy that more cloud regulations are coming — saying it plans to identify and close regulatory gaps over the industry.

In a series of interviews about this new, tougher approach, administration officials stressed that they aren’t giving up on the cloud. Instead, they’re trying to ensure that rapid growth doesn’t translate to new security risks.

Cloud services can “take a lot of the security burden off of end users” by relieving them of difficult and time-consuming…

Source…