The Convergence of Cloud Computing and Cyber Security

At the Defense Information Systems Agency’s recent Forecast to Industry event, Mark Orndorff, the head of Program Executive Office Mission Assurance and Network Operations, described DISA’s effort to develop an analytics cloud that will provide the DoD with enterprise cyber security capabilities.  Based on a similar cloud-based approach to security used by the National Security Agency, DISA’s analytics cloud will be called ‘Acropolis,’ after the temple to Athena, the Greek goddess of wisdom and war.  Once it is complete, Acropolis will provide continuous monitoring, cyber-attack analysis, insider threat analysis, and operations situational awareness for the entire Department of Defense, including the Military Departments and Combatant Commands (COCOMs).  Mr. Orndorff’s public statement comes at roughly the same time as the Department of Homeland Security and General Services Administration’s announcement that awards have been made for a $6 billion Continuous Diagnostics and Mitigation, Tools, and Continuous Monitoring-as-a-Service contract that will enable all federal agencies to procure the latest in cyber security technology.

The fact that cyber security and cloud computing are being mentioned in the same breath more and more these days is no coincidence.  Federal agencies are finding that they can easily leverage cloud-based solutions to address many of their cyber security requirements; from continuous monitoring and identity verification to digital certificate security.  This is a trend that has been developing over the last few years, with the total contract value of awards in this area recently rising to more than $6 billion, thanks to the latest announcement from DHS/GSA.

To get a sense of what kinds of projects have been underway, the following table illustrates as best I’ve been able to determine when and to whom cloud contracts have been awarded for cyber security related requirements.

CY	Agency	Requirement	Contract #	Vendor	Awd. Value
2010	DoD	CyberSense	HR001110C0103	Total Immersion SW	$883K
2011	USAF	Advanced Trusted Computing Technologies	FA875011C0075	DMI	$10M
2011	DoD	Mission Oriented Resilient Clouds	FA865011C7192	MIT	$4.4M
2011	DHS	Homeland Security Information Network (HSIN) SaaS	HSHQDC07J00515	HP Enterprise Services	$3M
2011	DHS/SSA	Identity Proofing as a Service	2	Experian	$838K
2011	NASA	Application Whitelisting	NNJ11HD25P	Naknan Inc.	$25K
2012	DoD	Cloud-Based Web Security System	HE125412F0008	Arrow Electronics	$81K
2012	DOE	Digital Certificate Security Services (Public Key Infrastructure)	No Data	No Data	No Data
2012	HHS	Symantec Protection Engine for Cloud Services	HHSN27600011	Red River	$8K
2012	DOT	Cloud Security Service	DTNH2212F00378	Verizon (Terremark)	$20K
2012	VA	On-Demand Alerting and Response	VA25512F1080	Send Word Now	$15K
2013	DoD	Symantec NetBackup Services	No Data	Technica	$9M
2013	DHS	Continuous Diagnostics and Mitigation, Tools, and Continuous Monitoring as a Service	No Data	Multiple Vendors	$6B
2013	VA	On-Demand Alerting and Response	VA25513F0878	Send Word Now	$29K
No Data	DoD	Community Data Center and Sensor Operations	No Data	No Data	No Data
No Data	DOE	HSPD-12 Processing	No Data	No Data	No Data
No Data	EPA	Internet Security Services	No Data	No Data	No Data
No Data	GSA	Physical Access Control Systems	No Data	No Data	No Data
No Data	DHS	Authentication-as-a-Service	No Data	No Data	No Data
No Data	SSA	E-Authentication	No Data	No Data	No Data

This data reflects the fact that 2011 was the breakout year for cloud computing in the federal and government.  Not only did the total value of awarded contracts begin climbing that year, the variety of uses for cloud-based solutions also began to diversify.  For example, the use of cloud solutions for cyber security requirements was one of those areas where that growth began to appear.  This trend continued to gather speed in 2012 and 2013.  As a result, I expect to see a lot more contract awards for cloud-based cyber security solutions in the years to come.