This year, hackers seem to be having a field day accessing our personal data. Google exposed hundreds of thousands of users data on its Google+ social network. Facebook was attacked and hackers gained access to the personal data of some 30 million users. Yet, these strikes pale in comparison to what is perhaps the most serious concern: Chinese manufacturers has been installing micro spy chips inside servers. This recent discovery raises many red flags as to China’s ability to hack into our secret government computers and related military secrets and operations.
Computer experts usually assume that hardware — the physical parts of a computer or network — is pretty safe. It is usually the installed software that cause experts concern, as software can be hacked with spyware or through phishing attacks. Yet, according to recent reports, even the hardware may be at risk.
Bloomberg Businessweek magazine recently reported about an “attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.” Resulting from an inspection of a prospective acquisition by Amazon, inspectors became suspicious about the company’s products and launched an internal investigation. “Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community,” the magazine wrote. Those “servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships.” During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.”
This hardware espionage is especially concerning because Amazon Web Services (AWS) is about to win exclusive control of the Pentagon’s information. As many private entities, our federal agencies—namely our DOD, Pentagon, and CIA, want to move to the cloud, and are offering a winner-take-all contract that could run as long as a decade. The CIA contract has already been in place, but the Defense Department contract is still out for bid even though AWS is the front-runner for the deal. In fact, some observers think the agreement was written with Amazon in mind. But the latest security breach by Chinese operatives should illicit not only concern but a change in the contractual process and potential agreement with AWS.
For one reason, AWS seems particularly vulnerable to Chinese hackers.
Businessweek reports that a few years ago, “Amazon’s security team conducted its’ own investigation into AWS’s Beijing facilities and found altered motherboards there as well, including more sophisticated designs than they’d previously encountered.” Chips smaller than the point of a pencil were built into server boards. In 2016, Amazon sold its Chinese cloud business to Sinnet. One insider says the decision was because AWS needed to “hack off the diseased limb.”
Secondly, it is easier to protect data that’s divided up and stored in several secure places. For example: if a bank stores cash in a single vault and a bank robber accesses that vault, the robber has access to all of the bank’s cash. But, If the money is divided amongst several bank branches, and the bank robber accesses just one vault, he will have limited access to the entire sum.
The same theory is true for data. If everything the Pentagon produces is stored on one company’s cloud service, then a foreign power could access all the data by getting access to a portion of it. By hacking in to steal something as simple as office phone numbers, this enemy could also have access to top-secret battle plans. If, however, the Pentagon’s data was divided and stored on several different cloud providers, the data would be more secure.
There are plenty of cloud providers that are equipped to bid for the Pentagon’s contract. In the private sector, it is commonplace to use multiple providers. In fact, some 80 percent of the private sector use more than one cloud provider and the average is 5 different cloud providers to handle different types of data.
As long as America has enemies, we will always be on the front lines of this security battle. By having multiple cloud providers instead of a sole provider like Amazon Web Services, will ensure that our military, and related agencies, have not only selected the best team to protect our data, but has also designed the best battle plan to defend our national security.