While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The Intelligence Community is in the adoption phase of an ambitious strategy to consolidate common IT services across its member agencies and remove technology barriers to information sharing.
Under the Intelligence Community Information Technology Enterprise (ICITE) strategy, shared services include a common desktop, cloud services and an application mall, managed by the National Security Agency, that will function like Google Play and Apple’s app store.
“We still have this timeline of trying to get as much of the community onto this new infrastructure by 2018 [as possible],” IC CIO Al Tarasiuk said at the Intelligence and National Security Summit in Washington, D.C., last week. “That is still the driver and the target, so agencies are aligning to that.”
Tarasiuk and his CIO counterparts at the IC’s largest agencies agree that 2015 is when adoption of the ICITE services will gain steam. For now, the focus has been on the big five of the intelligence community: the CIA, NSA, Defense Intelligence Agency, National Geospatial-Intelligence Agency and National Reconnaissance Office. They have the budget and infrastructure to support the strategy. IC agencies were designated as either service providers or service consumers, and funds have been reallocated to develop shared services.
The ICITE strategy is not a program of record; rather, funding comes from IT program budgets across the IC, Tarasiuk explained. For example, agencies were instructed not to do desktop engineering. The director of national intelligence asked to have those funds reallocated to pay for the desktop environment services being provided by NGA and DIA. ICITE is funded through programs within the big five agencies so smaller agencies can benefit from those investments.
Tarasiuk couldn’t give specifics on the cost of ICITE but said it was pegged at 25 percent of the National Intelligence Program budget, which totaled $52.6 billion last year, according to news reports. That means the cost of ICITE could top $13 billion.
“ICITE is not just a technology endeavor,” said David White, CIO at NGA. “It really is a major change management endeavor. This collaboration is really moving us to better integration across all aspects of our intelligence enterprise.”
NGA is partnering with DIA to expand common desktop services across the IC. So far, 6,000 users at NGA and 4,000 at DIA are using the service, White said. The goal is to reach 50,000 users by the end of 2015 and extend the services beyond DIA and NGA employees.
The FBI is working through legal and procurement policy issues to test about two dozen workstations for three months, said Jerry Pender, the FBI’s CIO. As a consumer of ICITE services, Pender noted that the IT strategy is one of six priority initiatives for the bureau in 2015. The Army also plans to use ICITE services and will serve as a model for how the IC agencies partner with the other military services.
The NSA plans to adopt the shared desktop environment at its operations center in Denver, also known as Mountainview. “Denver is the IC’s first chance to turn an entire location into an ICITE location,” explained Lonny Anderson, director of the NSA’s Technology Directorate.
The desktops for that location are coming from NGA and DIA, not NSA. That’s a “huge cultural leap for our organization, but we’re confident that will work,” Anderson noted. Thousands of people are expected to be using the shared desktop services by 2016.
Cloud services at the Mountainview location will be a combination of NSA’s GovCloud and the CIA’s commercial cloud built by Amazon. Anderson said the two cloud environments are nearly identical and offer similar services. The cloud systems are also interoperable, meaning data can be moved seamlessly between them. IC users go to a joint storefront to find out which cloud service better meets their needs, based on requirements.
Over the next year, a decision will be made on whether to consolidate cloud capabilities such as utility or storage services. The agencies will consider costs and other metrics, Anderson said.
NGA’s Map of the World was one of the first agency applications and workloads to migrate to the CIA’s cloud, which was deployed this summer. White said his bill for the first month cost less than a cup of coffee at Starbucks. Under ICITE, the costs of using the cloud are covered for the first year, Tarasiuk noted.
To keep tabs on data in the cloud, all data ingested into NSA’s GovCloud is tagged. “You’ll know what happens to a piece of data from the time you ingest it until the time it leaves the cloud,” Anderson said.
The agency also tracks where and when data is collected, how long it can be held and who is authorized to see it, he added. The NSA also uses public key infrastructure to authenticate users and ensure they only access authorized information. In the aftermath of the Boston Marathon bombings, analysts were allowed to be notified that data they query exists, even if they don’t have access to it.
As ICITE matures, Tarasiuk is noting the challenges ahead.
“I think the biggest challenge is going to be the transition,” he said. “The foundation is in, so now the challenge really is for the agencies to lay out their road maps and to start adopting [and] converting applications to cloud.”