Spy Agency Adding Capabilities to its AWS Cloud
The CIA is preparing to rollout a classified version of an Amazon Web Services (AWS) marketplace to support the U.S. intelligence apparatus as it puts the finishing touches on a Commercial Cloud Services region completed by AWS in less than 18 months.
Doug Wolfe, the CIA's chief information officer, said during an industry event on Wednesday (Feb. 25) that the AWS cloud has achieved "final operational capability." Earlier this month, the CIA cloud vendor released details of its AWS GovCloud described as "an isolated AWS Region designed to allow U.S. government agencies and customers to move sensitive workloads into the cloud…."
Declaring himself satisfied with its "unique" relationship with AWS, Wolfe said the CIA cloud would be "offset" on a private security network. "It's a big bet," Wolfe added. "My hope is that we'll get a lot of efficiency and optimization of [CIA] missions."
Despite the crash program in which AWS exceeded the spy agency's expectations by completing a government cloud region in about 18 months, Wolfe acknowledged that the CIA is behind the curve in terms of embracing the cloud platform. Adoption and usage of cloud computing "are behind where we hoped to be," he said.
One reason appears to be lingering concerns about cloud security as the spy agency struggles with the transition from what one observer called "information hoarding to information sharing."
As the AWS cloud is rolled out over 17 U.S. intelligence agencies, Wolfe pledged, "We are not going to compromise on security," adding that the new cloud platform would help "improve and enhance our existing infrastructure."
Another issue for intelligence analysts, and possibly an opportunity for cloud and analytics providers, is their desire for feedback about the intelligence they are producing. In a ballroom full of cloud and analytics tool vendors, a National Security Agency analyst raised the issue of whether commercial vendors could "give us methodologies" that could use to gauge the value of a piece of intelligence.
Put another way, are business intelligence and other analytics tools integrated into private and hybrid clouds transferable to the spy world? The NSA analysts said he desires a "feedback" mechanism to determine the value of his analyses from the consumers of intelligence and decision makers.
Meanwhile, Wolfe also acknowledged lingering industry criticism of its 2013 decision to award the $600 million cloud computing contract to AWS, essentially putting all the agency's eggs in one basket. IBM unsuccessfully protested the cloud contract award to AWS. The CIA official defended the contract award this week, saying it provided AWS with nothing more than concrete pads and power to build the CIA cloud datacenters. AWS delivered all other cloud infrastructure and was up and running in less than 18 months, he added.
AWS "has made a big investment," he stressed.
While Wolfe downplayed industry concerns about cloud "vendor lock-in," he sent a mixed message about specific cloud tools. Among the spy agencies cloud requirements is interoperability. That means no "cul-de-sac," or proprietary, solutions, the CIA official said. "What happens after Hadoop and Spark?" Wolfe continued, explaining that the agency wants to keep its options open as "pervasive analytics" becomes a key feature of government cloud platforms.
Despite those concerns, Wolfe announced a partnership with data hub specialist Cloudera during the company's event this week. The CIA official said Cloudera's enterprise data hub that includes a secure distribution of Hadoop and other big data capabilities would be up and running on its AWS cloud service in the next month or so.
