07 January 2021

The clouds above the intelligence services

Liviu Ioniţă

One of the reasons why the cloud became so popular is the easiness the data can be accessed with. Instead of using its own hard disk, an organization can use cloud services to archive date from other hard disks, held by companies like Kamatara, Softchoice, Google, Amazon, IBM, SAP, Verizon or Oracle. But it is not just that. There are intelligence services that chose to use clouds as a way to exchange information and allow analyses tools to work with data collected by all intelligence agencies.

Image source: Profimedia

The US intelligence community has launched, since 2012, an initiative to use the cloud computing getting from companies providing such services software interfaces to help them keep, modify and delete the archived data.

The community has two cloud computing platforms, an official cloud strategy and, at the end of 2020, the Central Intelligence Agency has given five companies – Amazon, Web Services, Microsoft, Google, Oracle and IBM – a contract for multi-cloud services called Commercial Cloud Enterprise (C2E).

Will the cloud computing change the policies and processes of an intelligence agency? It is a question asked, in 2012, by the Intelligence and National Security Alliance.

Indeed, things will change in an intelligence community which, as during time it chose to use the internet, then the mobile phones, then the smartphone, now it will decide to integrate and analyze the data to another level, the clouds one.

What does cloud computing mean

Since August 24th 2005, when Amazon activated a new capacity, called Elastic Compute Cloud (E2C), offering cheap IT power, on demand, what was then called a “Jeff Bezos’s risky bet” turned out to be a change for the entire industry, affecting not only the businesses, but also the national security field.

Cloud computing means nothing else by incorporating in the IT field an old concept: the services provision – electricity, water and others – through a remote location. The cloud computing services are delivered through a network, usually through the Internet.

The organization that chooses the cloud computing chooses not to spend money on IT systems, but to access the cloud resources of another company, a conglomerate of servers and software systems and pay only for what it wants.

The IT infrastructure is archived outside the location, in a data centre maintained by the cloud computing services, like Microsoft, HP, IBM, Amazon or Google.

In simple terms, cloud computing allows you to rent instead of buy your IT. Rather than investing heavily in databases, software, and equipment, companies are opting to access their compute power via the internet and pay for it as they use it.

There are public clouds (the whole computing infrastructure is located on the premises of the cloud provider, who delivers these services to the customer over the internet), a private clouds (A private cloud is used exclusively by one organization and it could be hosted at the organization’s location or at the cloud provider’s data center), a hybrid clouds (a combination of both public and private clouds, where the customer will host their business-critical applications on their own servers for more security and control, while their secondary applications will be stored at the cloud provider’s location).

Depending on the used devices, the cloud services can be Software as a Service (SaaS) -  the provider hosts the customer’s applications at their location. The customer accesses their applications over the internet and takes advantage of subscription to the services on a pay-as-you-go basis – Platform as a Service (PaaS) - The provider hosts the infrastructure and middleware (a computerized software which offers services to software applications outside the available ones in the operation system) components and the customer accesses those services via a web browser -, and Infrastructure as a Service -  the provider hosts the infrastructure components that provide compute, storage, and network capacity so that their subscribers can run their workloads in the cloud.

Why cloud computing?

Because it offers flexibility, which mainly refers to the power to adapt of the clouds systems (scalability), and because the cloud technologies allow one to adjust the allotted resources, automatically, depending on necessities, which generates an increase of effectiveness and costs control.

Also, once there is a functional system in the cloud, it can be rapidly copied. The cloud is reliable, it works through the distribution of the information on various servers, yet with no fixed technical dependency between them.

Synching the date of the user who uses many devices connected to the cloud is simplified. The online cloud documents can be synched through web apps. The speed and storage capacity are increasing, but there are not investments in its own configuration.

There are, however, some disadvantages: it is necessary to have a quick and stable internet connection and the data’s security from the cloud can also raise some concerns and produce distrust for the users who are sometimes in a complex legal situation, not knowing in what country or countries the servers storing their data are.

As for the secrete services, the cloud computing is helping the entire intelligence community to “stay agile and adaptive”, given that the intelligence community is facing “discouraging challenges in its missions”, generated by the technological changes and the huge amount of available data, and in order to face them, it needs a “bigger analytical agility” and “sophisticated abilities”, like the artificial intelligence (AI), machine learning (ML) and big data analysis.

This is what the Strategic Plan to Advance Cloud Computing in the Intelligence Community says.

According to the US strategic document, published in July 2019, the intelligence community is already going to the operationalisation phase of the cloud services, analyzing the “learned lessons” and the “successes” of the previous phase, the Intelligence Community Information Technology Enterprise (IC ITE), for “interoperability, security and mobility of the cloud technologies and services in a federal environment”.

The option for cloud computing in the US intelligence community is part of a series of steps the federal government has decided to take since 2010, when it first created a strategy - Cloud First - aimed at introducing cloud services to government agencies.

Cloud First was released at a time when cloud computing was still a relatively early technology. Under the new policy, federal agencies have been tasked with evaluating cloud computing options and subsequently investing in cutting-edge technologies.

Given that the term "cloud" was widely used for any technology solution offered by an external provider, the National Institute of Standards and Technology (NIST) defined cloud implementation models: Infrastructure as a Service (IaaS) where infrastructure and hardware are provided, Platform as a Service (PaaS), where a managed environment is provided for a client's application, and Software as a Service (SaaS), where a provider-managed application is provided , customers providing their data.

At the same time, the term cloud computing received an official definition: "is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”.

However, the migration of US government structures to the cloud was difficult, especially given that they had an old infrastructure, but also because the offers of providers were many and made the option difficult.

The 2017 Federal IT Modernization Report to the President decided to update the federal government's cloud computing policy (Cloud First), followed by a decision of  Trump’s administration to develop a new strategy to accelerate the adoption of cloud-based solutions by government agencies: Cloud Smart.

Launched in October 2018 by the Office of Management and Budget, almost a decade after its predecessor, Cloud Smart "provides practical guidance for implementing government missions to fully update the promise and potential of cloud-based technologies".

Cloud Smart "focuses on equipping agencies with the tools to make technology decisions in line with their mission needs and uses private sector solutions to provide the best services to the American people".

The new strategy is based on what the Administration has considered to be the three key pillars of successful cloud adoption: security, procurement and training of the labor force the field.

While Cloud First was just a "prudent approach to cloud adoption," Cloud Smart considers concrete issues, such as "certain government policies have become an impediment to cloud adoption and must be revised”. This is the case of Trusted Internet Connections (ICT) systems in federal networks. Agencies will need to place greater emphasis on government-wide intrusion detection and prevention systems, such as the EINSTEIN program, or on tools such as Cloud Access Security Brokers (CASB), which are based on virtual access on virtual, rather than physical, control of data.

Cloud computing seems to have been brought into the vocabulary of intelligence chiefs in 2011, when National Intelligence Director James R. Clapper referred, in the US Geospatial Intelligence Foundation's (USGIF) opening speech, at the annual GEOINT symposium, to the collaboration within the community and to "the integration of a common IT architecture, to allow flexibility for unique requirements".

At the time, according to James R. Clapper, there was pressure on the NSA and the CIA to work together to find solutions to the challenges posed by the cloud, requiring "all horses to be brought together in one direction".

One year later, the US intelligence community launched a bold initiative to use cloud services as a way to facilitate the exchange of information between agencies and allow analytics tools to work with information collected by all intelligence agencies.

Since 2012, the director of National Intelligence has appointed the CIA and NSA as cloud service providers for the entire community, with the two agencies managing two platforms: Commercial Cloud Services (C2S) and IC-GovCloud.

The C2S platform, commercial cloud services through Amazon Web Services, was managed by the CIA, and IC-GovCloud, the big data analytics environment of the information community, returned to the NSA. Both were two options for cloud computing under the Intelligence Community Information Technology Enterprise (IC ITE) initiative, with stored data accessible to all agencies within the community, for all information structures and missions.

The 2019 cloud computing strategy calls IC-GovCloud "the most powerful and high-performance data analytics platform" in the information community.

The strategic plan starts from the premise of the large-scale technological changes that the information community is facing and which challenges its capacity to provide the information necessary for actions quickly, given that "opponents" are developing rapidly in the cyber field.

The strategy states that intelligence agencies need "an integrated, interoperable cloud ecosystem", with cloud capabilities supporting "a diverse set of users" and determining the effective functioning of the community, which will manage the power of data as a community good, thus providing advantage to the decision-makers of the nation”.

Moving further, in the same year with the issuance of the intelligence community strategy, the CIA announced plans for billions of dollars in investments in Cloud 2 Enterprise (C2E), representing a multicloud environment (distribution of cloud assets, software, applications, etc. in several cloud environments),  able to manage data at all levels of security and provide global options.

In November 2020, the Commercial Cloud Enterprise (C2E) contract was awarded by the Central Intelligence Agency to Amazon Web Services, Microsoft, Google, Oracle and IBM.

The contract and the procurement documents were not made public.

According to intelligence director John Sherman, C2E is a multi-cloud, multi-provider of commercial C2S cloud services, so far only delivered by Amazon Web Services.

The National Security Agency also plans to modernize the capabilities that make up GovCloud, the next step in developing cloud services at the community level being the launch, in March 2021, of the so-called "hybrid cloud initiative" (HCI), which Sherman described - as a "high performance analytical environment", a "large scale operation", the agencies will correlate their data with "significant NSA data".

C2E and HCI are "complementary" and "not at all competitive", together achieving "a turning point for the use of modern digital technologies by the information community". (John Sherman)

As with all magical technological advances, there are advantages and disadvantages

What do security services get from the capabilities of a cloud infrastructure compared to traditional IT?

They get high computing power on demand, high processing speed, satisfying with operativity a certain need and then relocating elsewhere when the need disappears. Also, more complex processes, including big data analysis, can be performed quickly and without significant investment in supercomputers.

In 2012, when the issue of the transition of US intelligence services to the cloud came to everyone’s attention, the Intelligence and National Security Alliance, a non-profit professional organization, convened a working group to study the impact of cloud computing on the intelligence community, of how organizations were to take responsibility, reviewing their policies and processes according to new technology.

Those conclusions are certainly available today as well for any other intelligence community that will have to take into account technological development.

Cloud computing meets the critical needs of defense and intelligence, providing timely data needed for missions, increasing efficiency and reducing costs.

Cloud computing is not just a new technology, but a significant change in the consumption of IT resources and the allocation of IT funding.

The adopted cloud model will be determined by the sensitivity of the stored data, and the decision to adopt a cloud model in the intelligence community must be taken differently, on a case-by-case basis.

Data security can be improved through a cloud computing approach, but if security is not considered in the design, cloud computing architectures dramatically increase the risk of insecurity.

Those who want to go to the clouds must consider that these are also a change of the business method, which will transform the organization’s policies and processes.

Therefore, it is necessary to consider the impact on the organizational culture, its fundamental change, from the strict control of the data to encouraging the inter-agencies exchange of information.

Finding ways for the effective cooperation between the government, the academia and the industry, sharing the learned lessons is crucial to reduce the risks and for the successful transition of the intelligence community to the cloud.

Translated by Andreea Soare