The Complex

Is Amazon providing CIA up to $600 million in cloud computing?

Web commerce giant Amazon is apparently building a cloud-computing network for the CIA. Trade publication Federal Computer Week has reported that the agency will pay the online retail pioneer up to $600 million to develop its own private cloud over the next decade.

This would make plenty of sense. Amazon is well-known for providing cloud-computing services to the private sector, and government agencies dealing with classified information are pushing to adopt cloud services as a way of consolidating thousands of network "enclaves" that are hard to defend. The Pentagon, for example, is building what it says will be a defendable, upgradable network, known as the Joint Information Environment.

While the CIA declined to comment to FCW about the project, an agency official revealed in a public forum that Langley is adopting commercial software in order to keep up with the pace of innovation in the private sector.

Speaking to the Northern Virginia Technology Council Board of Directors on March 12, Central Intelligence Agency Chief Information Officer Jeanne Tisinger told an audience of several dozen people how the CIA is leveraging the commercial sector's innovation cycle, looking for cost efficiencies in commodity IT, and using software-as-a-service for common solutions.

Two audience members who asked not to be named told FCW that Tisinger said the CIA was working "with companies like Amazon."

The piece goes on to cite CIA Chief Technology Officer Gus Hunt's February comments saying that Amazon had a software-as-a-service model that "really works." Remember, software-as-a-service (SaaS) means that businesses buy web/cloud-hosted software accounts rather than making a onetime purchase of software that is installed on their computers. Think of all the features your Google account gives you -- email, document creation and sharing, Web site analytics, etc. That's a very basic example of a mix of free and premium software-as-a-service.

"Think Amazon - that model really works," regarding the purchasing of software services on a "metered" basis for which Amazon is well-known for. Hunt has also spoken publicly in the past about the potential for leveraging public cloud infrastructure for non-classified information.

Historically, the CIA's cloud computing strategy centered on a number of smaller, highly specific private clouds. While the full scope of its current contract with Amazon is not yet clear, it is likely this contract essentially brings a public cloud computing environment inside the secure firewalls of the intelligence community, thereby negating concerns of classified data being hosted in any public environment.

Expect this trend to continue as the government moves to purchase technology -- especially in cloud and mobile tech -- that can keep up the extremely rapid pace of innovation at a time of declining military budgets. NSA and the Defense Information Systems Agency (DISA) -- the Pentagon's Internet service provider -- are working to field commercially-available smart phones and tablets that use secure cloud software to allow them to handle classified information. 

Keep in mind that all this commercially available tech will need to be tweaked to be extra secure against cyber attack

"We've got to be able to do this securely. We cannot give up the security, the confidentiality, the pedigree of our data at the unclassified level, because of [the need to protect personal information about users]. But at the classified levels, consistent themes are going to be not only security but identification and access management," said DISA's Chief Technology Officer, Dave Mihelcic, said while discussing the DOD's efforts to adopt such technology at an industry luncheon in February.

Click here and here to learn more about how DOD officials want to defend against intruders in their cloud networks and mobile devices.


Wikimedia Commons

National Security

Ex-Canadian Army chief warns of increased gov't control in cyberspace

In case you haven't been following it, the Twitter traffic from today's Cyber Dialogue 2013 at the University of Toronto's Munk School of Global Affairs featured a great quote from a recently retired Canadian general.

Lt. Gen. Andrew Leslie (chief of the Canadian Army from 2006 to 2010, shown above in 2009) apparently made a comment that yours truly has heard plenty of times in Washington: a major, destructive cyber attack would likely prompt a knee-jerk reaction from governments that greatly expanded their control of the Internet. Killer Apps wasn't at the event to hear the quote directly, but here's what people who were at the event tweeted about it.

Taylor Owen, research director at Columbia University's Tow Center for Digital Journalism, tweeted that the general's comments sent "a chill over" the conference:

 "@taylor_owen wow, Andy Leslie sends a chill over cyberdialogue "You are all running out of time before 'people like me' try to govern cyberspace #cd13"

Scott Carpenter of Google Ideas called the Canadian general's comment "a weird threat":

 "@JSCarpenter11 Weird threat from a former general: "you're running out if time" b/c once "something bad" happens in cyber gov't will assert control #cd13"

Finally, Richard Bejtlich, chief security officer at cyber firm Mandiant, tweeted:

 "@taosecurity At #CD13 retired Canadian general warns "you're running out if time" because once "something bad" happens in cyber, gov will assert control."

It's interesting to see cyber professionals from some of the foremost institutions in tech, business, and journalism express surprise over Leslie's comments. U.S. lawmakers have made similar comments throughout the last year in trying to pass cyber security legislation.

Reps. Mike Rogers and Dutch Ruppersburger -- co-sponsors of CISPA, the cyber security bill currently being worked on in the House -- have used this argument several times in an attempt to push lawmakers to adopt their bill, which civil liberties advocates say is harmful to individual privacy rights.

Last summer, James Lewis of the Center for Strategic and International Studies warned that a destructive cyber attack will likely result in Congress passing legislation that runs roughshod over privacy rights.

Bruce MacRae, Flickr