AJ Clark is the President of Thermopylae Sciences & Technology (TST), a leading provider of Web-based geospatial capabilities, mobile software framework and applications, situational awareness, and cloud computing solutions for the U.S. military. To learn more about TST, click here.
Challenges with the Intelligence Community's (IC) move to the Cloud – security, technology, expense – were declared to have been met last summer when James Clapper, Director of National Intelligence, finalized a $600-million, 10-year agreement with Amazon Web Services to build an IC cloud that would be managed by the Central Intelligence Agency (CIA).
It's a step in the right direction on a trip mandated by the 9-11 report of cooperation shortcomings among the IC's 17 agencies, but will the rest of the community come along? Clapper said it will, so it will happen, but not necessarily with the speed, enthusiasm and completeness that the agencies' CEOs and Chief Information Officers would like.
The primary reason is that risk avoidance is built into the cultural foundation of some of the agencies' personnel as careers are built on steady successes. That concern about the cloud stems from limited ubiquitous information on exactly what the IC cloud is; from a lingering desire to retain ownership of an agency's work; from policy issues; from security concerns.
Frequently the concerns are summed in doubt about security, though most now understand that security can be managed with technology and that the Amazon cloud is being built to IC security standards.
Knowledge, ownership and policy are more emotional and physical, characteristics that can be more difficult to channel. They are signs of a generation gap that continues between digital natives and digital immigrants, and while that gap isn't necessarily owned by the IC – industry fights the same fight – it's something that the community's agencies have to bridge.
They are two ends of a revolution – natives, who have dealt with data seemingly from the womb, and who have stored it in the cloud as a matter of course; immigrants, who may well feel comfortable with an iPhone and its cloud component, but who trust data only when it's stored in servers they can see in the basement of the agency.
The immigrants made the data migration from paper in file cabinets to computers on desks to servers in the building, but the cloud is ephemeral – and it's somewhere else. They don't control it. Amazon engineers do. How can it be different from the businesses whose data is hacked every day, costing customers – some of them working in the IC – angst and inconvenience?
Coping with the immigrants' fear is part of the cultural upheaval that the IC is going through in its move to cloud computing.
Some of that fear can be handled through education. A study for the Intelligence and National Security Alliance report: "Cloud Computing: Risks, Benefits, and Mission Enhancement for the Intelligence Community" indicated that 47 percent of IC personnel not involved in cybersecurity have only a vague idea of how a cloud works. They do not, for example, differentiate between an Amazon or Google cloud, designed to store data but also to use it to sell products, and the C2S Cloud being built by Amazon for the CIA behind the IC firewall.
We need this education to get past the individual concerns about the transition to the cloud so we can concentrate on more concrete issues, such as the physics involved. The cloud isn't where you are, so there's a real challenge in networks and connectivity.
With the fear mindset, there's likely to be a preoccupation with data forensics, at least in the initial stages of the migration to the cloud. What data you send to the cloud in the future can depend on what happened to your sent data when it was mashed up with data from other agencies in the cloud.
Then there is policy. Much of the concern for this is housed in a military that is taught to embrace responsibility and expect accountability. Soldiers, sailors, airmen, Marines all want the ball at the crucial moment in the game, if you're into sports metaphors.
They have designed their systems and infrastructure to meet their mission requirements. They like to have their 150 engineers on call to service their systems. The colonel or captain tasked with the mission likes to be in charge, and the notion that a "colonel" or "captain" from some other agency with 150 different engineers is going to be tasked with that mission is uncomfortable.
"Stovepiping" has been the popular term for this for a generation, but "stovepiping" is really a product of "protecting turf," a concept that goes much further back. It's still turf, it's still being protected and the Defense Department and IC are still dealing with it.
In December, a year after the Defense Information Services Agency (DISA) circulated a memo that effectively limited cloud use, Defense Department CIO Terry Halvorsen sent another declaring that the military and other department agencies no longer had to run cloud procurement through DISA.
It's a step toward mitigating fear, but people still want job security. They want to control their work, and when they see that control eroding, they fear for the future for both their organization and themselves. This is not always done out of "rice bowlism." Much of it is built into individual and organizational ethos. They really want to contribute to the mission. They want to control that contribution.
In its move to the cloud, the military and other members of the IC have to learn to depend on the work of members of other agencies, some of whom have been rivals at budget time or when it's time to gather intelligence. They have to move from an operation that includes avoiding risk by owning data to managing risk by sharing it, and for some, that isn't easy.
The transition can be spurred in austere times by understanding that the cloud leverages limited, even diminishing resources of individual agencies into something closer to infinity. It's a selling point in a scenario that still needs selling.
So, too, is an understanding that options are more limited than they think.
In remarks in September¸ DNI Clapper said that for the past four years he has seen the role of his office become much more about integration. How do you integrate and find commonality among IC agencies in order to be more efficient? To have fewer gaps?
The cloud plays well with that.
He's using the cloud because it makes good business sense. It also makes good sense from the standpoint of unifying and integrating different organizations' computer architecture and infrastructure. That's a reason organizations are going to have to cope with their fears, develop a detailed understanding of the cloud, and work to leverage it for the value that it brings.
"Those who figure out how to capitalize on the cloud's capabilities have the best chance to succeed, and agencies who continue to use legacy models will face irrelevancy," according to "CLOUD COMPUTING: Risks, Benefits, and Mission Enhancement for the Intelligence Community."
DNI Clapper has been more succinct, frequently paraphrasing a new-generation proverb: "We're running out of money, so we have to think."
He could add "and not to fear."
