12 December 2018

DoD and the Cloud: Moving Out Bureaucracy to Focus on National Security

By Keith B. Alexander & Jamil N. Jaffer

Recent months have seen much controversy over the Defense Department’s move to a cloud-based infrastructure. In the last year alone, multiple contract protests have been filed, and the award has been delayed numerous times. While there may be much to argue about on process, what has gotten lost in this debate is the fact that Defense Secretary Mattis’s move to the cloud is the right move for our national security. Little, if any of the debate, has focused on the concrete benefits that DoD’s shift to the cloud offers our warfighters, much less its critical cybersecurity benefits. The fact is that continued delays in implementing the Secretary’s plan impose a significant cost on military effectiveness. 

What is most surprising about these delays is that the White House itself—within five months of entering office—correctly identified some of the key cybersecurity challenges facing the government and moved to fix them. Bureaucratic process has successfully stymied an otherwise a strong plan coming out of the White House and DoD leadership. This plan recognizes that to truly defend the nation in cyberspace, the government must be able to see all the pieces of the puzzle, and the cloud architectures is a key component. In any national system, some of the key elements that have to be defended include mobile networks, enterprise information technology (IT) and operational technology (OT), cloud architectures, and communications backbones.

In May 2017, the White House issued an executive order focused on two of these elements: cloud architectures and government IT. The order properly castigated federal government agencies for accepting “antiquated and difficult-to-defend IT” for far too long and called for protecting these systems by detecting anomalies and threats early on, including increased information sharing and aggressive risk mitigation. The President’s order prioritized the modernization of government IT, including putting in place a major shift towards shared services and infrastructures—like the cloud—that could be more easily defended. And yet, over 18 months later, DoD remains mired in bureaucratic infighting and contractual disputes despite the valiant efforts of the DoD’s new expert CIO, Dana Deasy, to push the envelope and make it happen.

Imagine soldiers deployed in Afghanistan at a remote firebase. Their ability to evaluate the threat posed by an insurgent force spread over a large area turns, in significant part, on the ability to ingest and evaluate huge streams of data coming in from a wide range of sources, including human and signals intelligence, mobile platforms, enterprise collection, and overhead imagery. Having secure access to a cloud platform allows this soldier to access zettabytes of data at the touch of a button and the ability to spin up a massive supercomputer within minutes, using hundreds of servers around the world, to deliver actionable results they can use in the fight. 

Twenty years ago, even getting time on a supercomputer would have taken weeks, and results even longer. Today, we carry a tremendous amount of computing power into the field, and we can provide our soldier's access to even more power by leveraging securely shared platforms in the cloud. In many ways, the ability of deployed warfighters to leverage huge amounts of data and processing power through cloud computing represents nothing short of a revolution in military affairs. Bureaucratic fighting over contract awards is sapping valuable energy that could be used to deploy these capabilities now.

Of even greater concern is that this all takes place in an increasingly dangerous cyber threat environment. By now, nearly all Americans know that China undermines our economic competitiveness by stealing our core intellectual property through cyber-enabled theft and the extortion of American companies doing business in China. Americans likewise know about Russian efforts to create discord and dissent in our nation. Nearly every American adult has been affected by data breaches, with their personal information now in the hands of hackers. What has gotten far too little notice, however, is the increasing trend of destructive attacks. Nations like Iran and North Korea have already conducted destructive cyberattacks on American soil. And, even more worrisome, we’ve seen the catastrophic effects of collateral damage in cyberspace, where an attack on one entity can turn into huge losses for another. One need only look at last year’s NotPetya attack by Russia on Ukraine, which is estimated to have caused over $10 billion in damage to major American and European companies that weren’t even the intended targets of the attack.

Cloud architectures can help address some of these threat trends. Every major cloud provider has a built-in economic incentive to stay at the cutting edge of security and, as a result, they regularly improve the security of their platforms and upgrade their defensive capabilities. Likewise, cloud platforms facilitate rapid deployment of security patches and defenses across their environments, allowing security professionals to focus on identifying the best technology, rather deployment concerns.

Given all this, it is critical that we get past the bureaucratic hurdles and move out on the effort the President directed well over a year-and-a-half ago and that Secretary Mattis has sought to push forward. Our senior leadership got this one right long ago, and we all need to work together to get this done now for the good of our military and our Nation.

No comments: