I assume this is the genesis of a Five Eyes cloud platform.
Questions for me are which commercial partners are in the mix, and how will they ensure TS-level security?
I guess we’ll never truly know, but it’s hard not to worry about the implications of this.
Mmm poorly justified omnisurvellience methods during a period of unprecedented peace.
Defs 5 eyes stuff, so all your data are going to be slurped up into some no such agency algorithm that’ll spit back to the AFP “a investigate this chump, no we can’t tell you why but your harassment is legal now”.
Ahh the future, minority report except instead of clarvoiant bath people we get racist algorithms glued together with PHP.
Delightful. It will compliment our institutional lack of knowledge, poor adherence to IT good practices and tendency to data breaches wonderfully.
You know the frustrating thing? The ASD is actually good. They have extremely reasonable standards, a good education for departments and training of auditing companies for their standards, great published stuff.
But security costs money and we can blame breeches on those devilish h4ck3r5 so yeah nah
Big Brother is already here lol.
Not so “Top Secret” any more, now that it’s been in the news…
Although I might be telling you something you already know (and at risk of sounding really boring); it sounds like what they’re really doing here is standing up a system that is certified to handle data up to “top secret” classification. The fact that such a system exists, in and of itself, is clearly not a secret.
There are a huge number of requirements for systems handling data like that, everything from specific requirements for how physical cables are labelled, to which cryptographic algorithms are used for encryption, all the way through to corporate governance and management plans within the organisations that are involved. It is essentially a giant exercise in bureaucratic box ticking (although I can understand why governments want to be thorough about this stuff).
After completing that entire process, what you’re left with is usually a fairly standard computer system, plus a whole bunch of assurances that this specific system is okay to use for “top secret” information. The actual capabilities of the system (and certainly the data within it) may well be top secret, but the existence of the system isn’t.
It’s broadly similar to the GovTeams PROTECTED system. The existence of the system itself is public information, complete with a relatively slick website, but the actual access to the system is controlled. A quick glance at that website makes it clear that GovTeams is essentially just MS Teams / MS365 but certified for “PROTECTED” information. In the same way, I would bet money on it that this "top secret " cloud system ends up just being a fairly standard commercial offering from a major cloud provider (Azure, AWS, etc.) which is approved for storing top secret information after the parties involved complete the required box ticking.