Air Force, IBM plan to demonstrate secure cloud computing

The Air Force and IBM are collaborating to develop and demonstrate a secure cloud computing infrastructure capable of supporting defense and intelligence networks.

The 10-month project will introduce cybersecurity and analytics technologies developed by IBM Research into a cloud computing architecture.

The Air Force's network manages the operations of nine major commands, nearly 100 bases, and 700,000 active military personnel around the world.

"Our goal is to demonstrate how cloud computing can be a tool to enable our Air Force to manage, monitor and secure the information flowing through our network," said Lt. Gen. William Lord, chief information officer and chief of warfighting integration for the Air Force.

5 lessons from DOD's cloud computing efforts

The spotlight is on cloud computing in the federal government, especially since the Obama administration has called for more extensive adoption of cloud infrastructure to improve information technology efficiency, reduce costs and provide a standard platform for delivering government services.

In a cloud computing environment, IT resources -- services, applications, storage devices and servers – are pooled and managed centrally. These resources can be provisioned and made available on demand via the Internet.

The Air Force and IBM will develop use cases that address the Air Force’s cloud computing concerns and requirements, said David McQueeney vice president of technology and strategy and chief technology officer at IBM Federal.

IBM will then take these uses cases and requirements and design a cutting-edge cloud infrastructure in the company’s laboratory in Bethesda, Md., as proof that cloud computing can be deployed in the Air Force’s mission-critical environments, McQueeney said.

IBM researchers, military personnel, software architects, analytics specialists, cybersecurity experts and other federal agencies will work together to demonstrate a cloud design with a high level of security and network resiliency, he added.

For example, the Air Force would be interested in robust operations, keeping computing services running if networks or systems fail in a cloud infrastructure, McQueeney said.

"They’ll be very interested in security, obviously: what are the access controls to the systems, what roles can people play on the system?” he said.

Additionally, they’ll want to know who is on the system and what they are doing. The Air Force will be interested in how the system monitors itself, so the network knows when it is under attack and operators can be alerted to take countermeasures, McQueeney noted.

To that end, advanced stream computing analytics will be a key design component, McQueeney said. IBM’s InfoSphere Streams technology, coupled with sensors, monitors and other detection devices, would enable the Air Force to analyze massive amounts of data flowing through its network, looking for patterns. It should give operators better insights about possible threats and network, system or application failures, while automatically preventing disruptions.

The cloud design will also include customized, executive-level dashboards that could deliver up-to-the-second information on the health and status of the network and speed up decision-making.

Autonomic computing will be another important feature of the cloud model that will enable virtual cloud services to be managed remotely and provide capability for the cloud infrastructure to constantly retune itself for optimal performance – without human intervention, McQueeney said.

There are several reasons why this is a great project, said Alan Paller, director of research with the SANS Institute, a computer and network security organization that offers training for security professionals.

First, it is being overseen by William Lord, “who has proven to be the federal CIO with the strongest security track record,” Paller said. “He finds ways of fostering secure mission effectiveness rather than allowing runaway security to get in the way of mission effectiveness,” Paller stated.

Another positive aspect of the project is the focus on full-scale instrumentation, what IBM calls streaming, he noted. The cloud cannot be made completely safe just as current in-house federal systems are not being made completely safe.

So, “the future demands complete visibility into the data flows; and this demonstration and architecture project seems to be on exactly the right path,” Paller said.

However, there is a caveat. “If IBM's proprietary technology for its streaming does not fully meet the National Security Agency’s network and system monitoring protocol standards -- such as the Security Content Automation Protocol -- the Air Force will be locked into a technology that will have to be replaced or re-engineered at great cost to the American taxpayer,” Paller said.

Proprietary technology is fine, it just has to talk in a standard language, Paller said.