The Defense Department is in the market for a secure browser to wall off its employees from the open internet, a solution that will effectively block hackers from nation states such as Russia and China from ever reaching its network.
According to a new request for information published on Tuesday, the Pentagon asked the private sector to pitch a “cloud based” product that would isolate more than 3 million Defense Department officials’ internet traffic.
Typically, if a user clicks on a link in a phishing email, that malicious code is able to spread throughout the network unimpeded, stealing secrets or shutting down key functions of the device-like opening a door to a home.
But with the cloud browser, the user will only see a video representation of their internet session taking place on a remote server, as if the traffic lived in an empty room far away. If that session gets hacked, it will be sandboxed and never reach the Pentagon.
Once acquired, this type of technology would be a “game changer,” Steve Wallace, the technical director at the Defense Information Systems Agency, said in a statement to CNN. “We are locked in a race against our adversaries, and we know attacks and threats are generally executed via desktop browser.”
Unlike Amazon’s current contracts, which provide the intelligence community and parts of the Defense Department with cloud-based storage and the ability to organize data, this product would take advantage of the cloud’s remoteness for security purposes.
The browser would “provide defense against a variety of attacks that exploit Department of Defense networks and compromise end clients,” according to the request.
The solution is desperately needed.
According to estimates from the Defense Information Systems Agency, the agency seeking the new solution, the Pentagon faces tens of millions of email-hacking attempts every single day.
The Director of National Intelligence’s most recent annual assessment of threats facing the United States from 2018 pointed directly to sophisticated digital attacks by China, Russia, Iran and North Korea, all of which make use of the “low-cost tool of statecraft” to gather information on US policy, US citizens and national security data.
In the future, according to the DNI, these attacks will likely only get more aggressive and may threaten critical infrastructure.
“The operators of the most targeted network in the world have come to the conclusion that they’d be more secure and efficient if they kept all public web code off their network,” said Scott Petry, the CEO and Co-Founder of Authentic8, a private company that developed Silo, a secure virtual browser.
“Cloud browsers are now something any organization concerned with online security must consider,” he said.
“Attacks that come in from nation states or any other bad actor typically exploit interfaces in the local system-a bit of code or a cookie will find its way into a browser and crawl its way across the network from there,” he said.
The solution is to “never let it into the network,” he said.
This story has been updated.