Amid all the drama surrounding government funding, omnibus spending bills and continuing resolutions and, of course, the holidays last week, you might have missed the cybersecurity provisions that rounded out the lame duck session of Congress.
Nextgov reports one of the measures included in the Defense Authorization Act was a cloud-computing provision for the Defense Department. The bill directs the Pentagon to assess the capabilities of both the federal government and commercial providers to offer “secure cloud computing environments.”
While cloud computing is the technology du jour for federal innovators heading into 2011, some have questioned the security aspects of a cloud migration, which many argue is inherent in cloud technology.
For example, cloud-computing platforms replace traditional networked storage systems with virtualized data centers hosted off-site – or, in the “cloud,” as popular parlance dictates.
And, for an agency such as DoD, the idea of off-site, online-based data storage has raised the hackles of security advocates.
With that in mind, the bill also directs the Pentagon to develop processes for “threat sensing,” as well as measures to determine the “security of cloud computing architecture.”
The bill’s cloud stipulations come just a few weeks after the Office of Management and Budget announced major reforms to federal IT acquisition, including a “cloud-first” policy for federal agencies to begin shifting services to cloud platforms.
However, Nextgov reports the final version of the act left out a measure establishing a National Office of Cyberspace in the White House.
Instead, the bill directs DoD to set up cybersecurity pilot programs, which will partner with the private sector to protect military networks and private critical infrastructure, such as defense contractors.