Cloud computing has burst recently into technology and business scene promising great technical and economic advantages, like offering On-demand provisioning of computer services, improved flexibility and scalability as well as reducing costs. Another attractive point of the cloud is its ability to enable a mobile workforce, which brings enhanced flexibility and efficiency. But cloud computing systems also provide attackers with new opportunities and can amplify the ability of the attacker to compromise the computing infrastructure.
The National Institute of Standards and Technology (NIST) has devised the following definition: “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage,applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.”
The US Department of Defense (DoD) has unveiled a new Cloud Initiative to improve computing power and digital security by transferring many of its computing and storage functions onto the cloud. According to DoD chief information officer Dana Deasy, using the cloud will help to accelerate computing power, which in turn shortens the time taken for novel capabilities to reach deployed US warfighters.
Defense Department senior leaders have directed DoD to adopt cloud computing to support the warfighter, a direction that will become a pillar of the department’s strength and security, officials said. Officials of the Washington Headquarters Service in Alexandria, Va., announced a potential $10 billion ten-year contract to Microsoft in Oct2019 for the Joint Enterprise Defense Infrastructure (JEDI) Cloud project to for the company to provide modern, enterprise-level cloud services to DOD, based on an existing, large, globally available public offering.
The Defense Department is seeking an enterprise wide cloud infrastructure to ensure warfighters have access to real-time, mission-critical data, DoD officials said March 7 2018 at an industry day for the Joint Enterprise Defense Infrastructure Cloud acquisition. “This program is truly about increasing the lethality of our department and providing the best resources to our men and women in uniform,” DoD Chief Management Officer John H. Gibson II said. “JEDI Cloud is just one contract and part of a much larger strategy for overall [information technology] efforts.”
Before the JEDI cloud contract, the DOD’s lack of a coordinated enterprise-level approach to cloud infrastructure has made it virtually impossible for U.S. warfighters and leaders to make critical data-driven decisions at mission-speed, DOD experts explain. A fragmented and largely on-premise computing and storage solution forces the warfighter into tedious data and application management processes, compromising their ability to rapidly access, manipulate, and analyze data at the home front and tactical edge.
Most importantly, current environments have not been optimized to support large, cross-domain analysis using advanced capabilities such as machine learning and artificial intelligence to meet warfighting needs and requirements.
Navy Rear Adm. Nancy A. Norton, DISA’s vice director, said the cloud will simplify and provide flexibility to the way DoD works with information that’s secure, rather than having many servers scattered around the globe for every command. You build a lake of information that you can pull from, and that’s a big benefit that helps with warfighting,” DISA’s director, Army Lt. Gen. Alan R. Lynn said. “If we need [a certain amount] of logistics to go here, and an amount of ammunition to go there, we’re now able to correlate all those different pieces at one time, which is very powerful for the warfighter.” The cloud has a second benefit in fiscal savings by using virtual equipment and hiring contractors to do the computing at a cheaper, at-scale rate, he said.
A third benefit is in virtual space, information can be moved around the network, Lynn said. “If you move them around the network, it’s hard to attack it,” he said “That’s when defense really starts kicking in.” Security of information on the cloud is No. 1, the general said. “We have the best security apparatus that tears through an attack that’s happening before it gets down to the user level,” he explained.
DOD Cloud Strategy
Information is a fundamental enabler for advantage on a 21st century battlefield and will enable a more lethal, resilient, and innovative Joint Force. Today, the DoD information environment is made up of multiple disjointed and stove-piped systems distributed across modern and legacy infrastructure around the globe. The data that flows through these systems is growing at an exponential rate. This has caused a litany of problems that impact warfighters’, decision makers’, and DoD staffs ability to capitalize on critical information to make timely, data-driven
decisions.
To address these challenges, DoD has implemented a number of cloud solutions; however, they have been built in a disjointed manner. Furthermore, DoD is starting to leverage emerging technologies, such as AI, to help manage the understanding of all the Department’s data. However, the critical infrastructure that AI is being built on top ofis disparate and disjointed. The DoD Cloud Initiative will help the US Government to optimise the process of building next-generation digital apps, using AI for example, to help warfighters in real-life defence scenarios.
“Cloud computing will increase capabilities and responsiveness of the operating force and unified action partner (UAPs) globally during all joint operational phases (Shape, Deter, Seize Initiative, Dominate, Stabilize, Enable Civil Authority), whether they are preparing to deploy in the installation IT environment, en route or engaged as part of a Joint force in a theater of operations,” says Army’s cloud computing strategy. Cloud infrastructure, people and processes will be central to enabling the JIE.
DOD released its cloud strategy in Dec 2018. It stated that to adapt to the continuously growing data environment, DoD requires an extensible and secure cloud environment that spans the homeland to the global tactical edge, as well as the ability to rapidly access computing and storage capacity to address warfighting challenges at the speed of relevance. This is the realization of cloud computing: the ability to organize, analyze, secure, scale, and ultimately, capitalize on critical information and fight in the digital age. These capabilities must be ubiquitous and available to all Department decision makers, warfighters, and staff.
By implementing a scalable solution, mission owners will gain significant efficiencies in the execution of mission capabilities and cyber operations by fully embracing the dynamic elasticity of commercial cloud architecture.
DoD must enable decision makers to use modern data analytics, such as Al and machine learning (ML), at the speed of relevance to make time-critical decisions rapidly in the field to support lethality and enhanced operational efficiency.
“Moving infrastructure from DoD-managed, on-premises facilities to the cloud will take advantage of the rapid roll-out of software and hardware updates. Cloud Service Providers are able to shift workloads within their data centers such that updates are seamless to customers. Hardware with defects or vulnerabilities is constantly swapped out and software patches are applied with vigor in a secure and fault tolerant manner.”
DoD must embrace modern security mechanisms built into modern commercial cloud providers’ platforms to ensure the security of these large amounts of data and to safeguard the information. This requires shifting the focus ofsecurity from the perimeter edge of the network to actively controlling use of the data itself. In addition to modern encryption algorithms and key management built into commercial cloud services, proper tagging of data will allow for it to be tracked and protected at the necessary levels. DoD will develop a Data Management Strategy that
provides the focused discussion with respect to data.
Cloud providers also offer an additional level of resiliency, having large numbers of data centers spread out across wide geographic regions, with automatic failover systems in place – a military requirement based on realities most enterprises do not have to face. “This will be vital in the case of human-made or natural destruction of a large geographic area,” the report states.
The majority of DoD workloads will be run on a single commercial general purpose cloud solution, as per the Joint Enterprise Defense Infrastructure (JEDI) contract, which is yet to be awarded. The JEDI programme will include both a general-purpose cloud for employees that need large computational power at certain times and fit-for-purpose clouds to meet bespoke needs for when the general-purpose cloud is insufficient.
The Microsoft Azure cloud computing subsidiary will provide enterprise-level, commercial cloud services as infrastructure as a service (IaaS) and platform as a service (PaaS) to the DOD and related mission partners, from homefront to the tactical edge. Microsoft Azure reportedly prevailed in the JEDI Cloud project over Amazon.com Inc. in Seattle to become the federal government’s primary cloud-computing vendor.
This contract enables Microsoft Azure to provide cloud computing, cyber security, and trusted-computing services to the U.S. Army, Navy, Marine Corps, Air Force; the defense intelligence community; and the U.S. Coast Guard.
Microsoft Azure has introduced a military-rugged version of the company’s Azure Data Box family for forward-deployed operating units, ground patrols, or similar mission needs at the tactical edge. The Azure Data Box Edge appliance is for transferring data to and from the Microsoft Azure cloud computing network.
Intelligence agencies
Amazon’s cloud storage unit announced that it is releasing a new service called the Amazon Web Services Secret Region, a cloud storage service designed to handle classified information for U.S. spy agencies. “The U.S. Intelligence Community can now execute their missions with a common set of tools, a constant flow of the latest technology and the flexibility to rapidly scale with the mission,” Amazon Web Services vice president Teresa Carlson said. (Amazon chief executive Jeffrey Bezos owns The Washington Post.) With this service, Amazon says, it is the “only commercial cloud provider to offer regions to serve government workloads across the full range of data classifications, including unclassified, sensitive, secret and top secret.”
The National Security Agency has significantly enhanced its capabilities for detecting cyber-threats in the two-plus years since former NSA contractor Edward Snowden pilfered and disclosed classified information.The multi-layered capabilities, which include user behavior analytics, now protect a private cloud that provides storage, computing and operational analytics to the intelligence community, CIO Greg Smithberger tells CIO.com.
Due to the nature of the mission, the cloud components reside across a distributed architecture in multiple geographic areas. Smithberger says the NSA is using automated capabilities “to up our game” for detecting and responding to anomalies, including anything from external attacks to suspicious internal activity. The NSA is conducting real-time forensic analysis of cybersecurity software and appliances, including firewalls, VPNs and audit logs on every network device “so that we can observe things that humans cannot put together on their own,” Smithberger says.
Greg Smithberger, the NSA chief information officer, said the agency is bringing the Intelligence Community IT Enterprise (ICITE) program to reality by taking some of the concepts of the commercial cloud and applying special cybersecurity technologies on top. “NSA and CIA are actually building several different types of cloud offerings to provide common services for the entire U.S. intelligence community, but in a high security environment,” he said.
“Together we are providing shared utility computing cloud. This is very similar to the sort of commercial cloud offering that everyone is familiar with, but in this case we are offering it inside our very secure environment. We’re also providing a shared data storage cloud for the intelligence community that allows us to integrate data from across the community while still maintaining that very fine grained access control and enforcing that need to know. That’s based on a lot of that unique technology developed at NSA. We also are providing shared resources for the community that allows people from across the community to run shared data analytics on that shared data repository while still ensuring users only see the data they personally authorized to see.”
The agency faces a challenge in balancing the need for maximum security while addressing the privacy concerns of individual users, NSA Director Adm. Mike Rogers said last month, during a keynote address at the 2016 Billington Cybersecurity Summit
Air force
The U.S. Air Force will spend up to $1 billion over the next five years to migrate more than 750,000 of its users to cloud-based email, communications and other services. Three companies – Dell EMC, General Dynamics and Microsoft – partnered to win the Air Force’s new Cloud Hosted Enterprise Services contract, which is a follow-on to a previous Air Force pilot effort called Collaboration Pathfinder aimed at deploying Microsoft 365 across portions of the military branch.
The same three companies owned that previous business, migrating some 140,000 users to cloud-based email, records management, office productivity and other services since 2015, and they’ll expand the scope of their work under the CHES contract to several hundred thousand more users in the Air Force, Defense Logistics Agency and U.S. Army Corps of Engineers.
Defense Technology and IT firm Lockheed Martin, has developed a hybrid cloud platform for the US Air Force under the Global Combat Support System Air Force (GCSS-AF) program. The Air Force said the platform, which serves 800,000 users worldwide, will provide new capabilities that make it easier for global staff to use these services through a single point of entry, lower operational costs, increase availability and provide operational redundancy.
The U.S. Air Force Research Laboratory has awarded a $2 million grant to the Assured Cloud Computing University Center of Excellence (ACC-UCoE) at the University of Illinois at Urbana-Champaign. ACCC develops technology for assured, mission-critical cloud computing across “blue” and “gray” networks that ensures the confidentiality and integrity of data and communications, job completion in the presence of cyber attacks and failures, and timely completion of jobs to meet mission requirements. A computational cloud used in military applications may utilize both blue and gray networks because of cost, where “blue” networks are secure U.S. military networks, and “gray” networks are insecure Networks of private companies or other nations.
Octo Consulting has secured a prime contract to provide Agile software engineering services to the US Air Force’s (USAF) Kessel Run Experimentation Lab. The USAF awarded the contract in April 2019 to continue transforming legacy applications using Cloud-native, 12-factor development techniques. Additionally, the service is looking to take advantage of the enhanced security and rapid prototyping capability provided by platform-as-a-service (PaaS) technology. Octo is required to provide Agile software engineering expertise to allow the Kessel Run Lab to rapidly refactor legacy applications using microservices, application programme interfaces (APIs) and modern user interfaces.
The USAF wants to combine this model with the Pivotal PaaS to ensure rapid delivery of value to end users and move away from legacy development models. Octo CEO Mehul Sanghani said: “We believe our proven experience with PaaS-enabled software engineering and Cloud-native development on mission systems provides reduced risk and immediate impact for the airforce.”
In November, the company won a multi-year contract to provide software sustainment and Cloud integration services to USAF financial management.
US Army
The Army’s vision is that by 2025, the Army will continue to maintain a strategic and tactical advantage over its adversaries through information dominance by fully leveraging an optimal mix of approved government and commercial cloud service providers that globally support Total Force requirements for quality of service. Cloud computing, when coupled with the appropriate applications and a common data structure, will enable authorized users to harness the power of Big Data analytics through a COE that enables low-latency access to required data elements, regardless of location or device. Moreover, these data elements will be customizable to the desired format of mission commanders, senior leaders, decision makers and other authorized mission partners.
The US Army has been transitioning to cloud technology. Calibre Systems has signed on an army cloud computing enterprise transformation (ACCENT) basic ordering agreement (BOA), which is valued at around $250m. The program will support the US Army’s transition to a commercial cloud environment or an Army Enterprise Hosting Facility (AHEF).
The Army Cloud Computing Enterprise Transformation contract, with its 50 primes and a ceiling of just $248.7 million, is technically a basic ordering agreement, but it lays the groundwork for growth. The contract is focused on migrating applications to the cloud and the Army will buy services such as cloud computing, transition support and modernization. ACCENT is part pilot, part cyber warrior and part tool for transformation, according to the Army and two of the primes. The US Army’s cloud requirements may also include mobile computer solutions that provide cloud access through smartphones and tablets.
Navy
The Department of the Navy’s top acquisition official laid out an aggressive IT modernization goal for the Navy and Marine Corps in 2018: the services should move just about all of the all of the applications they currently host in traditional government data centers to the cloud in three years or less. “We want to take advantage of all of the big data analytics and the tools and the capability that commercial cloud will offer, buying it as a service,” Victor Gavin, the deputy assistant secretary of the Navy for command, control, communications, computers, intelligence, and space said. “If we’re going to get to the next level of using our data for operational effects that we can’t achieve today, we need to be able to leverage those kind of tools in a capacity that we can’t match within DoD, nor should we try to.
Industry develops cloud services to host classified-level applications for the US government.
Microsoft’s Azure cloud has been approved to host classified-level applications for the US government.The service, creatively dubbed Azure Government Secret, will be offered across the US Azure Government Cloud network; an isolated set of six interconnected cloud data centers spread across America from Virginia to Arizona. “We’re taking our public cloud Azure and sending our FedRamp moderate coverage to cover 50 of those services,” said Julia White, corporate vice president of Microsoft Azure, referring to cybersecurity framework for cloud hosting for government. “By the end of the calendar year, those 50 services will have FedRamp high certification.”
Microsoft offers a variety of services for Azure customers allowing them to use their cloud data from machine learning to artificial intelligence and analytics, in addition to media tools and integration with Internet of Things devices.
“IOT is maturing, evolving. [Devices] are getting far more sophisticated, they’re able to run real applications on these little devices,” said Julia White, corporate vice president of Microsoft Azure. The developments are giving rise to highly-complex “hybrid” environments with lots of data sitting on old computers and in data centers, lots of additional data going to the public cloud, and lots of smart devices holding and broadcasting data. The challenge is to provide the same level of service, the same cool apps and programs, to customers that are keeping more of their data in so many different places, says White. “We’ve built toward this hybrid approach,” she says, with services that can run on premises machines as well as in the cloud. They even sell enormous databoxes, like digital treasure chests, that can transport data from one place to another.
“Azure Government Secret will deliver multi-tenant cloud infrastructure and cloud capabilities to US Federal Civilian, Department of Defense, Intelligence Community, and US Government partners working within Secret enclaves,” said Azure head of global infrastructure Tom Keane. “Customers with Secret requirements can expect to gain access to new technologies at scale, including services such as cognitive capabilities, artificial intelligence, and predictive analytics.”
Microsoft also said it is updating its government service to add support for blockchain applications (via Azure blockchain apps), and include support for the Azure Security Center service on the Government cloud. Other planned upgrades include adding support for the high-performance H-series instances in the government cloud and adding support for Citrix VDI server instances running Windows 10 boxes (which is out today). Microsoft hopes the expanded government services will allow it get a leg up on rival cloud giant AWS for the lucrative crop of US government cloud computing jobs.
Like Azure, Amazon’s cloud runs a dedicated government cloud staffed by screened administrators and physically isolated from its public cloud. The clouds are specially earmarked for use only by the government and its authorized contractors in order to kill off any chance the general public can snoop on classified instances.