CIA Testing AWS Cloud for Security Holes
The CIA's chief information officer provided an update on the spy agency's plans to roll out private cloud services – one would guess extremely private – during an industry symposium sponsored by its cloud vendor, Amazon Web Services (AWS).
Spy agency CIO Douglas Wolfe said the CIA expects to begin deploying initial cloud services this summer. The CIA awarded a $600 million contract to AWS last October after a procurement protest by IBM was dismissed. The contract is expected to include 17 government intelligence units.
Wolfe said the agency is in the midst of testing the AWS cloud offering against the CIA's internal security standards. “I think that we’re going to end up with a very good and quality product and a very secure product to handle all kinds of different workloads at the classified level in the intelligence community,” Wolfe was quoted as telling the AWS symposium.
Among the first customers will be the U.S. National Reconnaissance Office, which collects and analyzes imagery and other data collected by U.S. spy satellites. “We’re looking at the bigger pictures, such as information integration and intelligence integration across the intelligence community,” Donna Hansen, NRO’s chief information officer, said in an April interview with the publication Federal Times.
The CIA is leading efforts to shift intelligence workloads and applications to the cloud under a program called the Intelligence Community Information Technology Enterprise initiative. The goal of the strategy is to develop a common IT environment among U.S. intelligence agencies.
Those agencies have reportedly been working for two years to implement the initiative and launched internal pilot programs earlier this year designed to test individual components. Mission-critical intelligence applications would continue to be built and operated separately, but basic functions like desktop software and enterprise IT applications would run on the AWS cloud platform.
For now, Wolfe said the CIA is testing the AWS cloud offering against the agency's cybersecurity requirements in advance of a planned deployment later this summer. “We’ve had some interesting conversations and debates on security,” Wolfe told the AWS symposium. “We’re working through that. And I think that we’re going to end up in a very good quality product, and a very secure product.”
Wolfe reportedly hinted that the spy agency was looking beyond basic cloud servers to Amazon software applications as a way to improve efficiency. According to an account of his speech published by the Financial Times, Wolfe cited AWS's Kinesis and Redshift applications as examples of commercial products that could be used to process and analyze raw intelligence.
Redshift is Amazon's managed data warehouse cloud service that scales to at least a petabyte of storage. Amazon Kinesis processes large streams of data in real time. Amazon claims the managed service can process "hundreds of terabytes of data per hour from hundreds and thousands of sources."