Amid the unparalleled classified leaks, global acts of cyberwarfare, and colossal data breaches dominating the daily news cycle, Amazon Web Services (AWS) has debuted an entirely new cloud region designed specifically to host classified US government secrets.
The newly dubbed “AWS Secret Region” was launched by Amazon on Monday. In a blog post, the company said the cloud service is equipped to host the full range of classified government projects, including and up to those requiring Top Secret security clearance.
To play host to the nation’s top secret data, Amazon must comply with rigorous security standards outlined by the Office of the Director of National Intelligence and the National Institute of Standards and Technology (NIST). Amazon’s new “Secret Region” is not to be confused with GovCloud, the unimaginatively named “gated community” for controlled (but unclassified) data launched by Amazon in 2011.
Amazon is by no means new to the spy game. Since 2014, the company has operated a massive classified data storage project spearheaded by the Central Intelligence Agency (CIA). Top US intelligence officials have gushed about the previous “AWS Top Secret Region” project—colloquially known as the “spook cloud”—lauding Amazon for pulling several covert agencies out of the stone age.
“The U.S. Intelligence Community can now execute their missions with a common set of tools, a constant flow of the latest technology and the flexibility to rapidly scale with the mission,” Amazon VP Teresa Carlson said in a statement on Monday. “The AWS Top Secret Region was launched three years ago as the first air-gapped commercial cloud and customers across the U.S. Intelligence Community have made it a resounding success. Ultimately, this capability allows more agency collaboration, helps get critical information to decision makers faster, and enables an increase in our Nation’s Security.”
Gizmodo has reported out multiple data-breach stories this year involving Amazon and the intelligence community: In May, for example, an engineer at defense contractor Booz Allen Hamilton left roughly 60,000 files tied to a Pentagon program on a publicly accessible Amazon server. The National Geospatial-Intelligence Agency was forced to revoke the engineer’s credentials, which had been discovered in the cache, unprotected by even a password.
Last week, CNN reported that 1.8 billion internet posts—mostly scraped from social media, news sites and forums—had been discovered on an insecure Amazon server. The files were also linked to the Pentagon.
In both cases, the Pentagon’s data was found not to be hosted on any specially designated government cloud, but on publicly-accessible and commercially-available cloud servers.
Ultimately, the government can jump through as many hoops as it likes to keep its data secured—and it should. But for a leak to succeed, all it really takes is someone willing to risk it all; someone willing to shove classified material down their pantyhose; or someone stupid enough to carry classified material home on a thumb drive and open it on their malware-infested laptop.