The CIA adopted cloud services to improve its operations in the field and at headquarters, and along with being able to develop and deploy new capabilities in a matter of days, the cloud provides a strength of security unmatched by legacy systems.
“You do not move to the cloud or buy new hardware so you can host legacy services. That doesn’t make sense,” said Sean Roche, the associate deputy director of digital innovation for the CIA — or, the self-proclaimed agency “deputy director for all things digital.” He spoke at the June 20 Amazon Web Services Public Sector Summit in Washington, D.C.
At last year’s AWS Public Sector Summit, CIA Chief Information Officer John Edwards discussed the performance the agency needs from the cloud and what it could do for its mission. “I’m here a year later to tell you that it's been nothing short of transformational,” Roche said.
“It has transformed our ability to build new capabilities and has transformed our ability to solve seemingly impossible intelligence problems.”
The journey to the cloud was eye-opening for the agency. Roche compared the CIA’s previous IT infrastructure to an iceberg. The bottom half is large, includes customization and implementation, hardware, IT personnel, maintenance and training; but ultimately, it’s indirect to mission. “It’s the part above the water line that we need to focus on, and that’s where the cloud takes you,” he said, which represented software licensing.
Roche also discovered that the data the CIA gathers, which is often times collected at “enormous risk,” should not be locked into proprietary data structures or databases that were optimized for customer service systems through licensing agreements he described would “make time share condos in Florida look good.”
So the new iceberg, so to speak, places more mission above the water line. But the bottom half doesn’t go away, it just needs to be worked on — but this, too, is made more efficient with cloud.
These legacy customer service systems don’t provide clear visibility into connectivity, configuration or compliance that would allow users to patch a vulnerability as fast as needed.
“Security is an absolutely existential need for everything we do at the agency,” Roche said. “The cloud on its weakest day is more secure than client service solutions,” which can be attributed to encryption running seamlessly on every level without hurting user performance.
Waterfall development and the complex acquisition process was also the way of legacy software solutions. “This fundamentally swims against the nature of the technology of the cloud,” Roche said. “So it violates nature. This is wrong, it takes too much time.”
And the acquisition process itself, well, Roche said “it crushes souls.”
But Roche realized the CIA couldn’t get to where it needed to be unless cloud software was truly software-as-a-service, which doesn’t fit with the current acquisition cycle. That’s because the private companies offering SaaA solutions that aren’t working with government yet don’t do business on-prem.
The cloud allows the CIA to do business with those companies, integrate their software and have it up and running in the field supporting operations in less than four months, according to Roche. “You can only do that on the cloud,” he said.
Enhancing the Developer
The cloud also changes the role of the developer, to actually developing. With legacy systems and waterfall development, DevOps wasn’t a unified team — it was typically three teams; developers, operators and integrators — and the process of developing was slow and rarely satisfied requirements.
In the cloud, developers can develop rapidly. The teams are small and are made up a data scientist, programmer and analyst, and the cloud puts them in the right environment to solve the right problem.
And according to Roche, at the CIA, that environment means “going to very, very unfriendly places very quickly to solve very touch problems.” And, it means calling on a worldwide workforce on a Friday night to respond to international attacks or events.
With the cloud, the CIA can leverage its global workforce with no latency dragging down data and information analysis, and have answers by Saturday morning, Roche said.
Those small teams also don’t lag on requirements, because the CIA is able to place them with people in the field who can explain the solutions they need. “Our teams of three of four have gone forward and very quickly learned what must be done, do it quickly, and in less than 30 days, coding in the field, without even optimal bandwidth, have delivered amazing capabilities,” Roche said. This is especially helpful in cases of finding people of interest, knowing who they are, what they’re doing and their intentions.
And not only are developers able to turn around capabilities in a months time to identify and answer those questions, but cloud allows the CIA to scale that across multiple mission sets. “That now has become the job up at headquarters, not that endless acquisition cycle,” Roche said.
Next Stop: AI
So where can these cloud capabilities eventually take the CIA? Artificial intelligence and machine learning are on the horizon. “We’re taking those databases that exist about you, the data that’s already there, the data that is structured and unstructured, and some data that’s being created, and aggregating that data very, very quickly in the cloud environment to build a digital signature,” Roche said.
This is to understand our digital self and our digital fingerprints. And as the CIA moves towards deep learning, the agency will still be in the field. So, the agency will need solutions that help it move forward as it’s moving dynamically through the environment, which “not only has static data that can be aggregated, but data we’re actively creating through the Internet of Things,” Roche explained.
And while deep learning solutions are where the CIA is headed, Roche assured that humans will always be at the forefront of this technology.