The Complex

DOD's Huge Plan to Stop the Next Snowden Is Going to Take A While

The U.S. military is betting they can stop the next Edward Snowden by putting nearly all of their data onto a massive -- and more easily secured -- cloud computing network. There's just one small hitch: the Pentagon has no idea how long it will take to do this, what it will cost, or even what this so-called "Joint Information Environment" will look like when it's done.

The Pentagon started the push long before Snowden began spilling secrets about the NSA. But the massive leak has reinforced the need to consolidate its tens of thousands of networks down to about 3,000 -- and its hundreds of data centers to 14 to 17 sites around the globe. These new networks will be easier to operate, upgrade and monitor for data theft, Pentagon officials promise.

However, "we don't really know what the up-front cost is yet, because we're still getting the plans in place," DOD Chief Information Officer Teri Takai told Killer Apps. "We'll need to shift some monies up front but, over the course of the [next five years] -- and we're still trying to figure out how long it's going to take -- we believe that we're going to recover that up front cost and then have significant savings."

These data centers and mini networks "will be connected on a [cloud] network that is secure," Takai added. U.S. Cyber Command -- the National Security Agency's military twin -- "will be able to see into that network," said Takai.

(One of Cyber Command's central missions is to defend DOD networks from cyber attack. To do this, it must be able to monitor the these networks for malicious activity in real time, Cyber Command and NSA chief Gen. Keith Alexander has repeatedly said.)

DOD's current collection of networks were built up over last few decades on an ad hoc basis. However, many of these separate networks connect to each other, meaning that poor security on one of these small networks can allow a hacker to access the rest with relative ease. Making matters worse it that it's very hard to quickly monitor them for cyber attacks due to the sheer volume of networks, many of which have their own individual configurations.

This chaotic digital infrastructure also makes it way too easy for someone on the inside to steal information. Case in point: Edward Snowden, the NSA contract systems administrator who lifted highly classified files from agency servers using nothing but a thumb drive. When Snowden took the files, NSA systems administrators had special authorization to pull data off of agency servers using thumb drives in order to transfer information to another network or backup data. The problem is, no one was monitoring to see what data the systems administrators were pulling.

In the wake of the Snowden affair, the military is restricting the use of thumb drives and is trimming the number of systems administrators, and requiring them to operate in pairs when accessing server rooms. These short-term solutions are too cumbersome, say military officials. What's needed is a system that allows people to easily share information while making sure it is protected at the same time.

"It is the main reason we need to jump to the Joint Information Environment," said NSA chief, Army Gen. Keith Alexander while discussing post-Snowden security needs during the Aspen Security Forum last month. Under JIE, the military will encrypt individual pieces of data instead of just putting it behind firewalls where it is vulnerable to theft by insiders.

When asked by Killer Apps if the move to a massive cloud will simply make a bigger, easier target for outside hackers, Takai replied, "if people think JIE is going be vulnerable, they actually don't understand how vulnerable their networks are today."

In theory, people who are supposed to have access to certain data on the JIE will be given an online ID confirming they are who they claim to be and that they are allowed to view specific pieces of information. Those pieces of data are also tagged to prove they aren't malware and they will generate a list of everyone who has ever touched them. This means that it will be tougher for outsiders and insiders alike to illegally access DOD's digital information.

"You may get into the [network] but you won't get into the information unless your identity is actually certified to the data that is being protected," said Takai.

Furthermore, going to a smaller number of standardized networks and data centers will mean the military needs "fewer people that actually have the keys to get in" like systems administrators. These people can be monitored more easily than the large numbers of system administrators operating thousands of disparate networks can.

While moving to fewer networks and data centers won't be perfect, it will be "far better than a heterogeneous environment if you want to protect your systems," because it makes it much easier to monitor them "and thereby do much better protection," Allen Paller, founder of the SANS Institute, told Killer Apps in an email.

Without this focus on protecting individual sets of data, the move to the JIE would mean little in terms of security, according to Richard Bejtlich, chief security officer of the cybersecurity firm, Mandiant.

"Cloud is good if it raises the security level of those who aren't equipped to defend themselves but cloud is bad if the security applied to the data still isn't sufficient to counter the adversary," said Bejtlich in an email to Killer Apps. "I'm not familiar with JIE so I don't know how it might turn out. Right now the adversary can get to the data he needs, despite it being ‘distributed' [on many DOD networks]. I'm not sure centralization is going to be any worse off!"

To Paller, the real story of the JIE and Edward Snowden is that his actions are already leading to a large reduction in the power and number of IT systems administrators like him.

"The big story [from the Snowden affair] is that every organization with information worth protecting has a group of people called ‘system administrators' who have unlimited power to read, change, and disclose data," Paller told Killer Apps in an email. "Their power is extensive -- it can even be used to close down the operations of an enterprise as an IT admin closed down San Francisco's computers."

We have been here before, points out Paller. In the late 1960s when most business computers came from IBM, there were people called "systems programmers" with similar powers as today's systems administrators.

"One CEO told me, speaking of his system programmer back in 1971, ‘he doesn't work for me; he owns me'," said Paller. "Between 1968 and 1985 IBM made enormous changes in its systems to give managers control of their computers even if a system programmer ‘went rogue.'  Then UNIX and Windows happened and we are back to 1968."

"The cloud has many definitions," added Paller. "In this case it is being used to centralize and control the system administration function."

Despite the fact that DOD has been working on consolidating its networks and data centers for several years, IT officials have no idea how much this massive shift will cost or how long it will take.  "Whether we can get this done over [the next five years] or not" remains to be seen, said Takai.

In fact, the Pentagon's own definition for the JIE is incredibly ambiguous; as this Pentagon press release from May says, "the term ‘Joint Information Environment' simply describes the ability to deliver data to the Defense Department's military and civilian personnel wherever and whenever they need it."

"We're not looking for a perfect solution," said Maj. Gen. Mark Bowman, director of command, control, communications and computers for the Pentagon's Joint Staff last year when describing the JIE last year. "We're looking for 60, 70, 80 percent solutions. Provide us capability we don't have today, and we'll move on."

"The enemy's using [commercial tech], and we can't have them ahead of us," said Bowman, who also said the JIE is far more complex than the military's problem-plagued F-35 Joint Strike Fighter program. "We need to adapt as we go.

That means that the Pentagon is making the JIE up as it goes along, using the latest commercial technology as it pops up. All it seems to know is that it wants a secure, cloud-based system that everyone in DOD can connect to via computers and smartphones.

This nebulous project going to be pretty darn expensive, judging by the fact that in April Lockheed Martin was given a five-year, $215 million JIE-related contract for "IT equipment, software development tools, and other services necessary to support the DoD CIO in all matters related to information technology, information assurance, and information management." Then, in late June, Pentagon gave Digital Management Inc., a three-year, $16 million contract to build a secure, 4G network for DOD's new smartphones and tablets by 2014 as part of the JIE effort.

In addition to shrinking the number of networks and data centers, DOD will be switching its phones to Voice over Internet Protocol (VoIP); consolidating the department's many email systems to one; putting digital applications ranging from health records tracking tools to intelligence-sharing systems on the new data centers; and coming up with a way of tagging data so that Cyber Command can see where it is inside the JIE and ensure only the right people are looking at it.

"There's this impression that there's this JIE in a box and that you just pull it out and implement it, and that's not really the case," said Takai. "What we're trying to do is set the, architecture, the standards, the policies" and then leave it to each of the armed services figure out how they will get their information onto this cloud.

This massive yet ambiguous project has left some in charge of the individual service's networks a bit confused as to how they are supposed to integrate their networks into the overall JIE.

"I think the debate is how do you get there, what are the priorities, and on what timeline can we get to the end-state of truly being in a joint information environment where all the data can be shared seamlessly?" asked the Navy's CIO, Terry Halvorsen earlier this month.

One of the world's largest organizations is trying to consolidate all of its digital information with hundreds of thousands of users, all with sometimes different needs and competing priorities. What could possibly go wrong?


National Security

Air Force's New Idea for Spying on China: Swarms of Tiny Bug Drones


Forget the slow, noisy drones that go after today's terrorists. Instead, picture swarms of tiny drones infiltrating heavily defended skies at will.


That's how the United States Air Force's drone shop sees it. The air service wants drone-makers to invent tiny aircraft -- nano-drones -- that can fly vast distances to spy on an enemy. These bug-like surveillance bots will be particularly useful in the Pacific, an Air Force official told a Washington conference on Tuesday. Because that represents the toughest challenge for American spyplanes: snooping on say, a China equipped with increasingly advanced air defenses.

Remember, from China to Iran, the nations that the U.S.'s famous Air Sea Battle concept appears tailor made to fight, are equipping themselves with advanced Russian-designed radars and surface to air missiles that threaten to shoot down all but the most advanced stealth aircraft. These countries are also investing in anti ship and ballistic missiles that are designed to keep an adversaries ships and especially aircraft carriers far from their shores. One of the traditional responses to overcoming such weapons is to build fast, long-range, high-flying, stealthy aircraft capable of evading these threats. Today, at the massive drone conference going on in Washington, we heard a new, wilder idea.

"As the Air Force is challenged by long ranges [in the Pacific] a nano that is re-chargeable, all the way along the route, is not challenged by distance," said Col. Bill Tart (his callsign is Sweet), the man in charge of figuring out what capabilities the Air Force's drones need. "How in the world are you going to defend against a nano?"

Just watch the video of a swarm of small drones playing the James Bond theme song to get a sense of what these little craft can already do.

"Those are all things we need you guys to think through," said Tart to a room full of drone industry representatives the Association of Unmanned Vehicle Systems International's annual conference.

The beauty of long-range drones is that they could come in from any point on an adversary's border, Tart told Killer Apps after his speech.

"You would have to defend everywhere because I have such long range capability," said Tart.  

The key to this is making the tiny drones hyper-fuel efficient.

"I've had a lot of people come to me and talk about really interesting [things with] propulsion like fuel cell capabilities, that gives you a lot of range, people are talking about batteries that you can drop off of airplanes" after they run out of juice, thereby lightening the aircraft's load.

But the wildest concept is basically that of a flying iPhone charging dock. The technology allowing drones to refuel other drones in midair is already being tested. Imagine replacing with the hoses and drogues used by gas guzzling planes with cables and plugs.

"I've even had people come talk about, ‘hey, why don't we recharge in the air,'" Tart said. "Currently, for air refueling you either have a boom or a drogue that goes out, you connect and off you go."

Tart was talking about the way manned military aircraft meet a tanker plane in midair and refuel by either attaching themselves to a long boom extending from the back of the tanker or by extending a probe and plugging it into a hose that is trailing behind the tanker.

"Clearly that would be a mindset way to do recharging in the air."

Still, such super long distance nano-tech isn't exactly around the corner. In addition to building tiny drones capable of flying very, very far, you'd have to develop tiny sensors and secure communications gear to make them effective.

That means that the Air Force is looking at how to build larger spyplanes able to take photos and gather electronic intelligence over heavily defended nations. Not long ago, U.S. Strategic Command commander Gen. Robert Kehler made waves in military circles by saying he needs a new, high-end spyplane that can zip through advanced air defenses -- like China's -- to back-up America's network of surveillance satellites.

"We absolutely are looking at different ways on the high-end to provide penetrating ISR," Tart added, using the acronym for Intelligence, Surveillance, and Reconnaissance. "Whether that is via stealth, that'll be something that's decided as we move forward in the future."

The service may decide to simply build better sensors and cameras that can stare into enemy territory while mounted on a less-stealthy plane flying beyond the range of the enemy's air defenses.

"There's two ways to look into your enemy, either from really far distance because your sensors are really great or . . .  overflight" similar to what the Air Force's legendary Mach 3 spyplane, the SR-71 Blackbird, did over the Soviet Union during the Cold War. Advanced air defenses make the overflight option very risky.

(Still, he pointed out that almost all future Air Force combat jets are being designed with stealth in mind.)

He then offered a cryptic hint about how such a high-end spyplane might work with the new stealth bomber being developed when asked by yours truly.

While, "it's not the same" as the Air Force's new stealth bomber (that may or may not be unmanned), also under development, "we've said that everything needs to be modular," said Tart.

This means the service wants its next generation of combat aircraft to be stealthy trucks capable of swapping out mission payloads as if they were fancy USB sticks.

"Plug and play means cameras or fuel, or weapons or" electronic warfare gear, said Tart. "So, the next-generation will be unmanned, long-range, penetrating, modular."

Service officials have long said the fleet of 80 to 100 new stealth bombers will operate in cooperation with a "family" of stealthy spy aircraft and cruise missiles to overcome advanced enemy air defenses. The first of these new stealth bombers are slated to enter service sometime in the 2020s, with later versions being built to carry nuclear weapons.

All this paints a picture of a stealthy, potentially unmanned, long-range plane that can have its payload swapped out depending on mission needs. Judging by reports suggesting the Air Force already has a secret bomber being built in the deserts of the Western U.S., it likely has a jump start on its next spy plane too.