Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Cloud United States

Amazon Awarded Secret $10 Billion NSA Cloud Computing Contract (thehill.com) 65

The National Security Agency has awarded a cloud computing contract worth up to $10 billion to Amazon, Nextgov reported Tuesday. The Hill reports: The contract, named "WildandStormy" according to protest filings obtained by the outlet, appears to be part of the NSA's attempts to modernize its repository for classified data. The award is being challenged by Microsoft, according to Government Accountability Office records. A Microsoft spokesperson confirmed that it is filing the protest "based on the decision." "We are exercising our legal rights and will do so carefully and responsibly," they added.
This discussion has been archived. No new comments can be posted.

Amazon Awarded Secret $10 Billion NSA Cloud Computing Contract

Comments Filter:
  • Put it where it belongs, "up there."

    • AWS needs to partner with SpaceX and fire up a Low-Earth-Orbit region.

      • And don't forget to kick Microsoft in the ass first?
  • No telling what Jeff will find to sell in there...
    • by cusco ( 717999 )

      I know you're being facetious, but the AWS data store is very carefully designed so that no matter what permissions any Amazonian has they cannot access customer data without being granted permission by the customer's admins. All anyone at AWS can see is a block of encrypted data X-many bytes long. If they need to move that block from one virtual location to another they can, but only as a solid block. I used to work at AWS and one of the data techs attempted to explain it to me while we were working on

      • > no matter what permissions any Amazonian has they cannot access customer data

        Can a vm not be started without customer intervention?

        • by cusco ( 717999 )

          Sure, but if you're not the owner you can't access it so it's just a pile of electrons floating around.

      • you're assuming no one subverts the Xen virutalization, we already know processors have more holes than swiss cheese for that. it'll happen, someone will do ransomware on the whole big wad.

        • by cusco ( 717999 )

          There are multiple layers of protections, a large group of scary-smart people worked on it for a long time. It's good enough to convince the CIA and IRS, and both test it regularly. Now apparently they've convinced the NSA as well.

          • My concern has always been at the storage layer. I have seen too many times how a bug in storage controllers takes out an entire SAN. Without the storage layer, youve no VM to run. Its always looked like an achilles heel to me. Its not a compromise of data, but if the services are mission critical, they just went offline.
            • by cusco ( 717999 )

              A decade ago I saw what was supposed to be a video controller firmware update do something weird and hose the firmware on a RAID controller. Shit happens, that's what backups, failovers, and shadow copies are for. AWS sells services for almost-instant failover capabilities if your VM is mission critical, we use it every month to run updates on our systems and most times end users aren't even aware anything has happened.

          • bullshit, you're spewing the same feel-good Microsoft did before the ransomware storm. There are multiple layers with known exploits, there fixed that for you.

            • by cusco ( 717999 )

              Really? Well, you'd best inform AWS of their vulnerabilities, if they're real they'll probably offer you a high paying job doing interesting and cutting edge work fixing the largest cloud implementation on the planet. Who wouldn't want that on their resume?

              What, you don't actually know of any? What a surprise!

              • You're hilarious and whistling dixie in ignorance. In my job I've been seeing the destruction in last four month of systems of ignorant people like you (and having to clean up the mess while they whine like bitches). The big ransomware engines have been ported to Linux and several virtualization platforms, only a matter of time.

                • by cusco ( 717999 )

                  Ah, so you don't actually have any "known vulnerabilities" that you can point at, you just have a feeling in your gut that some exist. I'm sure that's a valuable talent, somewhere. There may not be a job waiting for you at AWS after all.

                  • Too lazy to google? The list of vulnerabilities of hardware and virtualization and services that AWS uses is long. You suck, amazon is in danger with your type employed. You're going to get owned.

                    • Re:internet sales (Score:4, Interesting)

                      by cusco ( 717999 ) <[brian.bixby] [at] [gmail.com]> on Wednesday August 11, 2021 @11:05AM (#61680347)

                      I work in physical security, key cards, alarm systems, cameras, that stuff. I'm aware of our vulnerabilities, we have mitigations in place for most of them (and are moving away from iClass cards as soon as possible). I seriously doubt that the storage team is sitting on their hands waiting for someone else to send them a fix, people like that don't last long at AWS.

                  • by GoTeam ( 5042081 )
                    It's software, there are vulnerabilities. It's connected to the internet, there are many vulnerabilities. All admins should have that perspective.
        • by Cyberax ( 705495 )

          you're assuming no one subverts the Xen virutalization

          You can get dedicated hardware instances or bare metal instances on AWS to guard against breakouts.

          Oh, and if you DO break out of Xen and try to do something interesting, you're in for a lot of surprises. Let's just say that AWS takes the control plane security very seriously (I worked at AWS).

          • Is AWS actually Xen? I figured they would be doing something a bit different maybe using it as their base. Given how large the cloud is, pushing the boundaries usually required custom code to deal with issues of scale.
            • by Cyberax ( 705495 )

              Is AWS actually Xen?

              The legacy instance types are on Xen, all the new instance types are on KVM + qemu. Amazon now has its own userspace for the hypervisor (Firecracker) that is used for Lambda and some other stuff. But there are surprisingly few modifications that Amazon makes to Xen or qemu, all the interesting stuff runs as services.

          • pffft, yeah that's what Microsoft said about Windows security before the last four months of ransomware ownage.

            Again, more holes than swiss cheese and yes even exploitable on your bare metal if it has web services or is on same vnet as machine that does.

            Prepare for assimilation. Tick tock tick tock, only a matter of time

    • by ksw_92 ( 5249207 )

      You mean like Star Wars (3 parts, each with 3 episodes)? We just saw the end of the JEDI (with Bezos holding the red lightsaber) so now Microsoft is starting in with the "Empire Strikes Back"?

      • Ok Im usually good with leaps of logic, but help me out here. How did watching peoples cameras without their permission segway to star wars? And then leap back to amazon/microsoft?
        • by ksw_92 ( 5249207 )

          Star Wars was envisioned to look loosely like Wagner's Ring Cycle.

          The DoD put out an RFP for their "JEDI" cloud computing contract. Microsoft won, Amazon (and Oracle, playing Gov. Tarkin) raised enough legal hell to get the DoD to cancel the JEDI award and later the whole contract. (I think that last is still pending?)

          Now we have the NSA awarding a large contract to Amazon. Of course Microsoft is going to strike back.

          The only winners in this whole thing are the lawyers.

          • by e3m4n ( 947977 )
            ahh gotcha. I missed the connection with the jedi contract thing. I remember the deal, but missed it being named JEDI. Damn millennials and their naming conventions, lol. The latest rules for verifying the callerID on the PSTN is now called SHAKEN/STIR. As if callerid has a damn thing to do with Ian Fleming. I think your analogy definitely works since Microsoft was always considered 'the evil empire' back in the early 2000s. So I guess next we have to worry about Arthur Conan Doyle fans, Frank Herbert fan
          • by cusco ( 717999 )

            You have to admit, the awarding of the JEDI contract was pretty blatantly because the orangutan in the Oval Office was less jealous of Nadella than he was of Bezos.

            In this case the NSA has awarded based on the several years of services AWS has been providing to the CIA and IRS without issues, and their own analysis of the capabilities of the two companies.

            One of my coworker's previous gig was network support for Azure, when I told him about the JEDI award his first words were, "They're going to regret that.

  • I visited an NSA facility in the 80's. If you brought a tape with software on it into the facility, you did not bring it out. And they would not load it even if you brought it in. Now they outsource it all. Crazy. NSA can get a pretty nice datacenter that they completely control for 10B. And they should.
    • Itâ(TM)s not crazy because they cannot actually procure and retain the subject matter expertise needed to deliver solutions when it requires full-stack deployments. Simply having the availability of components or source code does not mean the build and integration work is trivial. They want the cloud because they want to build solutions, not the underlying build, assembly, and integration work.

      • by rtb61 ( 674572 )

        Who is kidding who, corruption created that contract and corruption signed off on it. They don't care how well it works, as long as they spend a whole lot less on it than they charged and they will make it as bad as they can get away with and charge extra, any time they can.

        The NSA as supplied by Amazon, who is in charge, the US government or Amazon. Should have been done all in house, trained up staff. So many leaks, all because, Amazon will absolutely do the cheapest worst possible job it can get away wi

    • In the 90s, at the FBI headquarters, VA; most everything was connected with fiber so that you could not sniff ethernet packets using a device that read the EM fields caused by current traveling through a conductive material. Imagine what levels of appropriate paranoia are in play in 2021.
      • In the 80's buildings where I worked were sometimes tempest rated I believe they called it. No EM left the building. No need for fiber when the entire building is shielded.
  • by Cyberax ( 705495 ) on Tuesday August 10, 2021 @11:18PM (#61678763)
    AWS is not really selling access to their public cloud to the NSA. Instead Amazon will build a data center for the NSA that is completely separated from the public Internet.

    Technicians that need to access it have to work from SCIFs (Secure Compartmentalized Information Facility) that are guarded by people with machine guns. You also need a clearance from the government. The data transfer is one-way only (from the low-security to the high-security) and only very coarse-grained stats for monitoring flow back.

    It's more like AWS selling a classic data center that just happens to have the usual AWS API to manage servers.
    • by Gravis Zero ( 934156 ) on Wednesday August 11, 2021 @06:58AM (#61679405)

      To people joking about cloud

      Oh well there goes mister serious-pants and his facts and figures, ruining our fun! Do you also work as a mall Santa just to tell children that Santa isn't real? ;_;

    • Any big corp situation results in the losers suing. Amazon sued when Trump killed their DoD contract that was practically written for them. Amazon likely is the best provider; we have decades of IBM and MS burning $ with tons of problems costing even more money. I have not heard of Amazon nightmares like I have for decades of the other vendors big enough and "qualified" enough to do these jobs.

      None of the contractors look like a great deal for anything government and given the scale it would probably be b

  • Don't worry, Slashdotters won't tell anyone .

  • With Microsoft already challenging the award to AWS, I predict they'll tie this up in litigation for 9 or 10 years then cancel the project. The only people who will win are the lawyers.
  • I guess it's not a secret now.

Marvelous! The super-user's going to boot me! What a finely tuned response to the situation!

Working...