While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The intelligence community is known, of course, for focusing on data security, and as a group of agencies, it has been spotlighted recently as being more open to sharing data. Over the past few weeks it’s become clear that the IC wants to bring both approaches to bear as it evolves its cloud strategy.
On one hand, the IC is squarely focused on ensuring that its cloud environment is as secure as possible. On the other, IT leaders in the intelligence community want to continue fostering an integrated cloud environment in which data sharing is encouraged.
Those two imperatives might seem at first to be incompatible, but it appears that the IC wants to continue strengthening security so that it can maintain the kind of collaborative data sharing environment it has created with the Intelligence Community Information Technology Enterprise program, or ICITE, whose progress FedTech recently explored.
Security will always be paramount in the IC. So it’s no surprise, as FCW reported, that the Intelligence Advanced Research Projects Activity, the IC’s research arm, plans to explore how to boost data protection in the community’s private cloud.
The project, called Virtuous User Environment (VirtUE), is expected to be announced in September. Speaking at FCW’s Cloud Summit on Aug. 10, IARPA Program Manager Kerry Long said that the project will seek to overcome what he sees as some of the security vulnerabilities of virtualization; specifically, protocols that are designed to segregate information on virtual machines.
FCW reports: “IARPA is seeking a computing environment that can run on a cloud or other virtualized infrastructure without interfering with internal operations, collect log data on users and act as a sensor for threat detection. A ‘virtue’ could also surround individual applications or computing roles to, for example, segregate email from the wider internet with the goal of making phishing attacks less threatening or to govern the activities of a router or peripheral device.”
IARPA is going to seek advice and recommendations from researchers and academics in an effort to cut down the amount of log data the IC generates. For example, sensors might collect log information only on suspicious activity rather than continuously, FCW reports, which could potentially enhance the use of analytics to detect insider threats.
Meanwhile, the IC still wants to focus on integration when it comes to the cloud, especially as a means for information sharing through ICITE, which was established in 2012. ICITE provides a common set of standards and platforms, as well as security protocols, and allows analysts from one intelligence agency to analyze data collected by another.
“This is really a revolutionary idea for the IC, where the data doesn’t belong to the organization that collected it,” said deputy CIO Jennifer Kron during an Aug. 24 webinar, according to Federal News Radio. “It belongs to everyone in the IC who has a need to know and the appropriate clearances.”
ICITE is bringing together two different IC-based cloud systems, as Federal News Radio notes: the National Security Agency’s government-provided cloud, or GovCloud, and the CIA’s C2S, a cloud running on the Amazon Web Services platform.
Federal News Radio reports: “The two systems play different roles to create one comprehensive system. C2S is a utility and compute cloud, providing infrastructure as a service. Meanwhile, GovCloud is a warehouse for big data storage and analytics. Both systems are strictly classified at the top secret/sensitive compartmented information [level], although the IC understands that it will have to work with other classification levels eventually.”
Kron told Federal News Radio that the IC does not see the cloud as an impediment to maintaining security. “Cloud can be an enabler to security,” she said. “We’ve long said the cloud environment can be seen as secure as or more secure than the traditional environment if it’s properly managed and designed.”
ICITE uses common security protocols and languages, which helps build trust among agencies, she said Additionally, each intelligence agency is appointing a chief data officer, all of whom will report to an overall CDO for the IC, Federal News Radio notes. The steady establishment of trust is leading to a wider adoption of cloud services within the community, Kron said.
“We recognize that a risk to one in this system is a risk to all,” she said. “Therefore we’ve established community governance forms that specifically address technical security aspects of ICITE, as well as the overall security risks.”
Intelligence agencies still need to focus on security responsibilities and accountability, performing effective audits, dealing with insider threats and managing privileged users, Kron said, according to Federal News Radio.
“Security as an enabler of adoption is a powerful tool and allows us to see security in a different light,” she said. “Cloud security requires a multifaceted approach. … The IC is committed to bringing all weapons to bear on this challenge.”