How cloud is changing the spy game

For the first time, all 17 agencies in the Intelligence Community will be on a shared platform.

Director of National Intelligence James Clapper

Director of National Intelligence James Clapper has made "intelligence integration" a priority.

The Intelligence Community, whose agencies have earned a reputation for a stovepiped, proprietary approach to information, is moving away from an agency-centric IT model to a shared-services model based on cloud computing. After years of foot-dragging, the IC is finally embracing the benefits of the cloud’s on-demand network access to a pool of configurable computing resources and common services.

IT spending across the 17 agencies that make up the IC is estimated to be as much as 25 percent of the National Intelligence Program funding, not including IT funded as part of other program line items. However, an austere fiscal environment is forcing the IC as a whole to be more efficient and to collectively leverage resources to meet mission demands by breaking down siloes and finding ways to create cost savings based on economies of scale. Toward that end, the Intelligence Community Information Technology Enterprise (IC ITE) initiative is projected to reduce the community’s annual IT spending by 20 percent by 2018.

“We’ve been talking about cloud and its potential for almost five years and we’re actually just now starting to see it being put into action to where people can see the benefits,” said Peder Jungck, chief technology officer of BAE Systems’ Intelligence and Security sector. “Fiscal pressures have forced agencies to finally give up a little bit of control and to collaborate and that’s why we’re starting to turn the corner.”

Case in point: Over the summer, a $600 million commercial cloud services (C2S) contract awarded to Amazon Web Services by the Central Intelligence Agency began servicing other intelligence agencies. The Amazon-built private cloud, through which agencies will be able to order a variety of pay-as-they-go computing services, is part of the IC ITE initiative led by Director of National Intelligence James Clapper, who has made "intelligence integration" a priority across the agencies. At the same time, the National Security Agency’s GovCloud will provide a scalable, accessible and secure cloud computing environment available on demand for the entire IC.

“This is the first time ever we’ll integrate, in a single IT enterprise, the entire IC,” according to Clapper. “This will take integration to the next level. The objective here is put all the intelligence agencies on a common IT network and infrastructure. And apart from the efficiencies we will accrue from this, saving money, reducing our dependence on a large cadre of IT contractors; it will both promote integration and promote sharing and security with the attendant security enhancement we intend to build into this.”

Common ground in the cloud

IC ITE has been compared to DOD’s Joint Information Environment, which attempts to bring together data for all branches of the U.S. military. The JIE is envisioned as a shared and upgraded IT infrastructure, enterprise services and security architecture intended to improve mission effectiveness, increase security and realize efficiencies by—among other things—leveraging integrated cloud services. For its part, the initial IC ITE services will focus on delivery of a common IC desktop, common back office tools, broader and standardized access to analytic tools and applications, and data-centric computing using complementary government-developed and commercial cloud architectures.

“GovCloud and C2S programmatically will function as one IC ITE cloud environment,” said Todd Myers, senior architect at the National Geospatial-Intelligence Agency. “C2S is operational and we are consuming C2S services currently today. Actually, NGA is the first agency member to put an application inside of C2S. And the results thus far are that it is currently meeting operational needs.”

For its part, through the Geospatial Integration Joint Venture Leadership Network (GI JVLN), NGA has aligned its programs to a five-year roadmap to create a geospatial platform-as-a-service for IC ITE. One requirement is that the geospatial platform must be transparent to the infrastructure it resides on.

“The future of the cloud for NGA is to greatly enhance our spatial analytics, driving that immersive functionality or capability through a consistent user experience. The quest to have immersive visualization will be provided through several sets of applications,” Myers said. “What NGA is focusing on within IC ITE is to write applications against published APIs that come from the cloud so that the applications themselves are no longer tightly coupled with the data.”

NGA's Map of the World is a massive effort to provide a single, seamless backbone for all GEOINT and multisource intelligence content to the entire IC. Advances in cloud computing and mobile technology allow for immediate access to geospatial data processed by NGA. In the case of MoW, the cloud-based solution provides a centralized repository where NGA collects information from various sources, tags metadata, and makes the data accessible across multiple security domains and on multiple devices. Map of the World provides a seamless, integrated environment so analysts can immerse themselves within the data.

“Instead of producing static maps, they are putting data into a form that users can manipulate and make it available in the cloud,” Jungck said.

Common desktop

Central to IC ITE is also an effort to create a common desktop environment, or DTE, for the IC, migrating from stovepiped agency networks to an enterprise model. The aim is to deliver a common suite of desktop applications and access to common services including Unified Communications as a Service. The IC DTE is managed by a Joint Program Management Office led by the Defense Intelligence Agency and NGA.

Last year, DIA and NGA deployed the first iteration for common desktop software, which included standard email, collaboration tools and video conferencing capabilities. To date, there are more than 4,000 IC DTE users being supported across the two agencies.

“The partnership between DIA and NGA will provide the DTE functionality to the entire intelligence community for IC ITE,” said Myers. “It’s increasing steadily to meet the direction of the Director of National Intelligence so that the DTE is the one place that the IC uses consumption of IC ITE services. The desktop has a common look and feel regardless of agency.” 

DIA and NGA have deployed the first iteration of the common desktop and have added a number of new capabilities along with updated versions of current software products. The agencies have enhanced the DTE’s unified communications capabilities by offering a common collaboration tool, which provides a single interface for secure voicemail integration with email, peer-to-peer file sharing, a screen capture tool and Outlook calendar integration. As additional users transition into the common operating environment, the tool will serve as a single interface for community-wide collaboration.

The ongoing DIA/NGA rollout operates on a quarterly release cycle for feature enhancements and desktop improvements, with efforts underway to expand computing capacity in order to support thousands more DIA and NGA users by the end of fiscal 2015, completing Phase 1.

The Joint Program Management Office plans to select a contractor to implement the second phase of the IC DTE. Phase 2 will include supporting the migration of the common desktop to the rest of the intelligence community and is expected to be completed by the end of fiscal 2018.

“We will have the opportunity to do more and more in common with what we commonly do—to have enterprise services for security, storage, enterprise management and help desk, among others,” Myers said. “IC ITE is an enabler of enhanced mission functions by which the mission business functions need to have a new business model.”

According to Myers, one of the obstacles to efficiently leverage the cloud is the continued use of legacy non-cloud business principles, including licensing models for CPUs and licensing models based on named users. “As we go to the cloud environment providing ubiquitous access to consumption models, that one-to-one licensing relationship is extremely unwieldy and can get out of control,” he said. “One of the supporting elements that needs to occur is to get to a total consumption model of defined managed services. This is going to take some time to mature.”