“1 cloud > 1,000 silos” reads the ad for Amazon Web Services in the Pentagon metro stop. The font selected suggests nothing so much as a marker on whiteboard, and its surrounded by other doodles on the virtues of cloud computer. Another ad elsewhere in the station, part of the same campaign for the same product, reads “Time to launch: months minutes.”
In the vocabulary companies, these are ads about efficient data storage, and about quickly bringing a product to market. As a visitor to the offices that manage how the United States fights wars, I couldn’t help but read both ads in a nuclear context, both perhaps extolling the virtues of a rapid fire nuclear response.
The requirements for the contract stipulates a company able to obtain “Q” and “L” clearances from the Department of Energy, which means handling nuclear secrets.
Q clearances date back to 1946, as part of the Atomic Energy Act. (What does the “Q”? stand for? Nothing more than “Questionnaire.” As atomic historian Alex Wellerstein notes, the Act originally specified clearance levels of P, S and Q, drawn from the title of the Personnel Security Questionnaire, before ultimately dropping both P and S levels.)
As for JEDI? That’s the Joint Enterprise Defense Infrastructure, an ambitious plan to bring the flexibility of the cloud to the Pentagon.
Cloud computing, the industry standard term for “storing files one a computer different than the computer the user is currently using,” has a lot of advantage. While Amazon may not have gotten the tone just right arguing for a cloud instead of silos, it is generally accepted that it’s easier for everyone working on a project to have access to the same files in the same place, rather than stored in multiple locations separately (or “silos”). Yet there are limits to the values of efficiency, and inherent dangers in storing classified information in the same place.
While leaks of information downloaded onto physical media are a persistent threat (Chelsea Manning used CDs to leak classified files, Edward Snowden used a thumb drive), clouds built to be accessed remotely. There are unique ways to secure a cloud against threats, such as software-defined perimeters, but the best way to keep something sensitive information from getting out is simply not putting it online in any way.
The nuclear enterprise is used to trading some inefficiency in day-to-day work for ultimate security; it’s one of the reasons that floppy drives for the command-and-control system persist to this day. Whatever utility is gained from making a Pentagon-specific cloud that can house nuclear secrets, the risks inherent are real, and can be measured in kilotons.