While the discussion of how to best tear down the outdated constructs that isolate crucial information and hinder agencies from acting on the best intelligence has continued since the minute the 9/11 Commission Report was released, few practical solutions have been identified.
Nearly three years ago, the Office of the Director of National Intelligence issued a plan to deal with the removal of the barriers that stand in the way of an optimally functional IC.
“Improving information sharing will bring about true all-source analysis and deliver timely, objective and actionable intelligence to our senior decision makers, warfighters and defenders of the homeland,” then-Director of National Intelligence Mike McConnell said of the 20-page document.
With the rise of cloud computing in the federal government, the answer for the IC could at last be within reach.
Rather than have each agency store and access its own data, the IC could exchange data over the cloud.
Hillen pointed out the advantages of cloud computing to the IC, saying it can be very scalable and offer virtualized resources to its users.
“[The current system] has cost, data sharing, scalability, redundancy and even some performance advantages,” he added. “In theory, a cloud architecture offers the smaller and mid-sized agencies of the IC the potential computing power of the entire IC as whole.”
Hillen warns, however, that the cloud should not been seen as any type of magical elixir for the IC, pointing out the amount of policy and security ground to cover before that sort of theoretical model could or would be put into place.
“Cloud computing really should be seen as just an architecture,” he said, “one that has its advantages and disadvantages like any technological architecture. It has been sold a little too often as an inevitable future for all network architecture, or as a solution to all network architecture problems, but it is just an architecture.”
One potential drawback of the cloud is the generally accepted idea that an IC cloud would be difficult, or perhaps even impossible, to secure.
Not so, according to Hillen. Some observers, he noted, have said the shared architecture model of the cloud makes it automatically less secure. However, various security measures exist that can make a cloud architecture as secure as closed, physically secured, and locally owned architectures.
Virtual or cloud environments do not necessarily provide any user more levels of access than closed and owned architectures, Hillen said.
“Context aware access controls and policies, access control lists and auditing, varieties of encryption, and good information rights management policies and technologies can make a cloud architecture as or more secure than a completely user-owned architecture,” he explained.
Dispelling other misconceptions of cloud security, Hillen noted the internal threat — that is, the potential ease an internal subvert could have in stealing information from a cloud database.
Hillen said the technology is ultimately a nonissue, and the internal threat is essentially reduced to a policy problem. Specifically, the question is raised: Why were certain individuals granted such broad access in the first place?
In the WikiLeaks case, the State Department seemingly lost control of who had access to its data when shared within the SIPRnet — in this case, sensitive diplomatic reporting cables, Hillen said.
“The data was on the SIPRnet in the first place because the State Department was broadly and properly implementing a communitywide policy priority to share data across agencies,” he said.
“But satisfying that broad policy directive certainly shouldn’t mean that a low-ranking Army analyst should automatically have access to very sensitive reporting cables of all kinds, as was reported in the WikiLeaks case,” he added.
However, ultimately, the issue comes down to people.
“Any architecture — cloud or not — will be as secure as the policies and people are within it,” Hillen said. “Technology exists now to make all these architectures secure.”
With a fair picture of the issues posed by cloud computing in the IC coming into focus, it is also important to note the positives the technology brings to the table.
“Cloud computing changes the status quo for the Intelligence Community and offers disruptive opportunities to modernize Intelligence Community systems,” he said. “This will allow agencies to share information as needed. It could also result in faster deployment of common services and software, reusable architecture and better data access.”
Reagan’s colleague at Deloitte, principal Tim Chase, honed in on the “very real” opportunities for the IC to improve efficiency while cutting costs. He also pointed to the business opportunities awaiting government contractors.
“The impact on industry stands to be significant also, not just in terms of the opportunities created to help the government set up and transition to the cloud,” he said, “but also in terms of how future intelligence solutions can be architected and implemented.”
“The key value of cloud computing to the IC is in speed and range of access to information technology resources,” he said. “Cloud computing provides resource agility which, in turn, will result in responsive mission accomplishment. I personally believe this agility would also result in lives saved.”