The Australian Signals Directorate (ASD) is partnering with Amazon Web Services to set up a cloud system to streamline classified information sharing between defence and security agencies.
The project, expected to be operational by 2027, will cost $2 billion (US$1.3 billion) during its establishment, including ongoing maintenance, and usage costs.
Exactly what data will be uploaded to the cloud is still to be determined, and some top-secret information will still be stored at existing ASD sites.
The ASD is responsible for foreign signals intelligence, cyber warfare, and information security—the Australian equivalent of the U.S. National Security Agency.
Everyone involved with the building and operation of the project will need to meet security clearance requirements.
According to Defence Minister Richard Marles, who announced the initiative on July 4, it will create up to 2,000 jobs in Australia.
The technology was needed to address the complex strategic circumstances facing the nation, he said.
What Is An ‘Air Gap’ And Is It Secure?
The cloud will be air-gapped, which Mr. Marles defined as meaning it will not be connected to the internet.Currently, the ASD has released limited details of the project, so the term “air gap” is not defined.
Historically, an air-gapped network has no online connection to any other network—no USB connections, network connections, wireless nor fibre.
The only way to get information onto or off of an air-gapped system was by physically carrying the data on cell phones, USB drives, DVDs, or CDs.
For example, it was by carrying in blank rewritable CDs in a personal CD player that U.S. Army intelligence analyst Chelsea Manning was able to steal the classified documents that were passed to Wikileaks.
The players were allowed through security to “boost morale,” the U.S. Defense Department later explained.
Because Australian defence and security agencies operate at different locations around the country, the system won’t be air gapped in the historical sense, leaving open the question of precisely how secure it will be to the kind of advanced techniques already being deployed by malicious foreign actors.
The 500 kilobytes piece of malware, believed to have taken hackers five years to develop, made its way into 14 industrial sites by targeting Microsoft Windows machines and spreading through USB drives plugged into the air-gapped machines on the network.
Other Examples
In 2016, researchers discovered the Project Sauron malware, which was described as being so advanced in its design and execution that it could only have been developed with the active support of a nation-state.By the time it was found, it had been active on 30 networks for five years, including many that were air-gapped.
Many of those systems belonged to organisations in the government, scientific, military, telecom, and financial sectors. It found its way onto computers via an infected USB installer.
Then, in 2019, global digital security company ESET uncovered the Ramsay framework. This was a cyber-espionage toolkit specifically tailored to target air-gapped networks.
It used several infection techniques, from exploiting remote code executions in software like MS Word, to trojan installers of popular software like 7zip.
But it also introduced a new technique, making it harder for researchers to detect—two separate pieces of malware, one to collect and store targeted data in special archives containing a marker for “control” software.
Amazon’s Previous Breaches
Then there’s the decision to rely on Amazon Web Services (AWS) as a partner rather than keeping the project in-house, even though the data in this instance won’t—according to currently available information—be kept on an AWS server.Like every cloud service provider, Amazon has fallen victim to major data breaches.
A year earlier, a hacker group identified as “Uawrongteam” broke into FlexBooker, an online booking platform hosted on an AWS server, and stole data on roughly three million users. They then posted it for sale on various hacker forums.
