Intelligence community builds cloud infrastructure

The intelligence community has put its own cloud computing infrastructure into place, one that is fully functional and can scale to meet additional demands.  

The IC's capabilities will grow even further when the Central Intelligence Agency selects a vendor – either Amazon Web Services or IBM – to build a full-scale on-premise cloud for the IC.

The cloud infrastructure was one of several milestones announced Sept. 9 by IC Chief Information Officer Al Tarasiuk regarding the IC Information Technology Enterprise (IC ITE) strategy. Among the others:  creation of an app store for all 17 intelligence agencies and the deployment of a shared desktop environment between Defense Intelligence Agency and National Geospatial-Intelligence Agency personnel that will eventually expand to include the entire IC.

The IC's privately hosted cloud, based on the National Security Agency's cloud model, will provide data hosting and storage, utility storage and analytics for the IC, and will be available to all new and legacy users within the IC. In addition, the cloud will undoubtedly play an important role in how the intelligence community answers its big data question, ingesting, and properly tagging, storing and accessing growing quantities of intelligence data from a wide variety of sources.

"This is a changing of the business model," Tarasiuk said, explaining the IC's strategy of using shared services to one day attain a single strategic IT platform.

The IC ITE strategy was announced in October 2011 by Director of National Intelligence James Clapper in response to increased demand for intelligence data, information and services in a time of flat or shrinking budgets.

Cloud technologies and others provide better price points than legacy technology, Tarasiuk explained, and the shared services aspect allows intelligence agencies to make better use of their IT budgets, reducing duplicative projects and applications.

In addition, IC ITE makes use of agencies that excel in given technical areas and puts the onus on them to lead overall efforts for the IC.

The CIA and NSA, federal leaders in cloud computing technology, teamed up to lead the effort. The NSA's internal cloud provided the model for the recently stood-up IC cloud, and the CIA has led the procurement effort to select a vendor to build a privately housed cloud for the IC. FCW first reported in March that the CIA selected AWS for a contract worth up to $600 million, but that contract came under a bid protest by IBM that was partially upheld by the Government Accountability Office in June. In response, AWS filed a lawsuit in the U.S. Court of Federal Claims seeking to overturn GAO's ruling.

Both companies have since submitted new bids to the CIA, but the agency is not likely to make a vendor selection until at least Oct. 7, when oral arguments in the case are set to begin.

Tarasiuk acknowledged the delay and said he is "not saying when" the full capabilities of the IC's cloud might be realized, but suggested fiscal 2018 as a desired date to have the IC incorporated within the framework and standardization outlined by the IC ITE strategy.

"It's an incremental evolution to get to this platform," Tarasiuk said.

He said the IC's recent shift toward a single strategic platform has been full of challenges and "lessons learned," and not just in dealing with rapidly evolving technologies. While stopping short of saying some in the IC were resistant to change, Tarasiuk said it took some doing to ensure that everyone saw the benefits of "such a broad-scale" change.

One of the chief concerns throughout the process has been information security, and the recent intelligence leaks by former NSA contractor Edward Snowden emphasize the importance placed on security protocols within a massive cloud infrastructure.

Could a cloud that connects the entire IT allow a system administrator – the position that once allowed Snowden to allegedly roam around the NSA's internal networks – or another privileged user in one intelligence agency to access sensitive data from another?

Tarasiuk, while not delving into specifics, said privileged users would be given "segmented access," or in other words, those users would have access only to the information required to do their jobs. He added that planned security measures also include "some level of encryption" of data, noting that security architecture will be implemented end-to-end, "from the desktop to the cloud."