cloud computing

A government-wide task force led by NIST is out with the latest catalog of security and privacy controls for federal information systems, including some new thinking when it comes to addressing insider threats that go beyond technology.

Future conflicts likely will be fought in degraded information technology environments, which will require the U.S. Navy to develop and exploit new capabilities to continue to operate in contested cyberspace. Technologies such as a flexible information grid, assured timing services and directed energy weapons must be part of the naval information system arsenal if the sea service is to maintain information dominance through the year 2028.

These were just a few of the findings presented in the Navy’s Information Dominance Roadmap 2013-2028, which was released in late March. Presented by Rear Adm. William E. Leigher, USN, the Navy’s director of warfighter integration, the report outlines the growing challenges facing the fleet and how the Navy must meet them.

The report divides information dominance challenges into three areas: assured command and control (C²), battlespace awareness and integrated fires. While the United States will continue to maintain supremacy in those areas, that supremacy is shrinking as more nations are closing the gap between U.S. capabilities and the ability to disrupt them.

Among the advanced capabilities the Navy will require toward the end of the next decade is assured electromagnetic spectrum access. Achieving this will entail fielding greater numbers of advanced line-of-sight communication systems; being able to monitor combat system operational status and adjust it using automated services; having a real-time spectrum operations capability that enables dynamic monitoring and control of spectrum emissions; and generating a common operational picture of the spectrum that is linked to electronic navigation charts and displays operational restrictions.

As they put the necessary pieces in place, Marines are mindful of tight resources and are seeking help from industry.

For the past year, U.S. Marine Corps technical personnel have been implementing a strategy to develop a private cloud. The initiative supports the vision of the commandant while seeking to offer better services to troops in disadvantaged areas of the battlefield.

As part of this effort, members of the Headquarters Marine Corps (HQMC) Command, Control, Communications and Computers (C⁴) Department are working on enterprise licensing agreements with multiple vendors to achieve economies of scale. They also are examining thinning the environment as an element of infrastructure as a service, and they are exploring how an enterprise services support desk would support a cloud environment during the transition from a continuity of services contract to a government-owned, government-operated scenario. In place is a 600-day transition plan to help move from the former to the latter. Robert Anderson, chief, Vision and Strategy Division, HQMC C⁴, explains that the May 2012 “Marine Corps Private Cloud Computing Environment Strategy” serves as the driving document for the transition, and now Marines are trying to reach the point where they execute the requirements outlined in the paper. “There are multiple pieces that have to occur for this to happen,” he states. Personnel are working on follow-up documents now, including a mobility strategy and a five-year transition plan scheduled for release in June. The latter lays out the next steps for the cloud environment.

One of the U.S. Defense Department’s top information technology officials says work is beginning on a multiaward contract for commercial cloud computing services, but the official says he has no timeline or total value for the business.

Homeland Security Conference 2013 Show Daily, Day 3

Although many in government are moving as quickly as possible to adopt new technologies, such as cloud computing and mobile devices, individual agencies still face cultural challenges that sometimes prevent them from moving forward, according to officials speaking as part of the Chief Information Officer Council at the AFCEA Homeland Security conference in Washington, D.C.

Richard Spires, chief information officer for the Homeland Security Department (DHS), reminded the audience that DHS was created by joining a lot of disparate agencies, all of whom owned individual networks. While the department is working to integrate the information technology infrastructure and consolidate data centers, officials still meet some resistance at the individual agency level. “There’s still have lot of duplication and in some ways duplication is holding us back. I’d like to say we’re making progress, but I’ll let others grade us on that,” Spires said.

Other officials agreed that they meet resistance as well. Robert Carey, deputy chief information officer for the Defense Department cited a culture of change and said a constrained budget environment can be a power catalyst for action in moving toward a more centralized environment.

Cybersecurity itself can present challenges, according to Luke McCormack, chief information officer for the Justice Department. “Cyber’s hard. The individual pieces of that can be very difficult,” he said. He also cited the need to bring people together on emerging technologies, such as cloud-as-a-service, as a challenging issue.

A cloud project takes advantage of emerging concepts to protect energy against disruptive threats.

Researchers at Cornell University and Washington State University have teamed to create GridCloud, a software-based technology designed to reduce the time and difficulty involved with creating prototypes of smart-grid control paradigms. The system will help overcome hurdles of cloud computing in complex settings. The effort combines Cornell’s Isis2 platform, designed for high-assurance cloud computing, with Washington State’s GridStat technology for smart grid monitoring and control. The advent of this technology promises to boost both the security and the reliability of electrical services.

Developers aim to build a scalable software structure that is secure, self-healing and inexpensive to operate. They believe that by combining Isis2 and GridStat, a cloud-based grid can have all those factors as well as guarantee consistency. Infrastructure owners motivated by economies of scale and the desire to deploy the new smart-grid solutions end up with a system that also is more resistant to attack and likely to survive other disruptions.

Dr. Ken Birman, a professor at Cornell and co-principal investigator on the project, explains that several motivations drive the effort. One involves trying to find a solution to control a power grid when multiple organizations own and have access to the infrastructure. “A second challenge that’s emerged is that people have studied the power grid and found that we don’t operate it very efficiently,” Birman says. Power suppliers often are producing extra power, for example, or finding it difficult to take advantage of renewable sources. Sometimes renewable energy—such as the type that comes from solar panels on homes—is blocked from entering the power grid because officials lack the knowledge to access and use it safely.

When it comes to popular smartphones and tablets, security can be a many-layered and necessary endeavor

The growing use of advanced mobile devices, coupled with the increase in wireless broadband speed, is fueling demand by employees to bring their own devices to the job. This situation has opened a new set of security challenges for information technology staff, especially when it comes to the use of apps.

As the popularity and capability of mobile devices expands, standards are necessary to ensure that personal devices can function securely on enterprise networks. To address this need, the Cloud Security Alliance (CSA) organized its Mobile Working Group last year. The group recently released guidance to members on how enterprise administrators can successfully integrate smartphones and tablets into their work environment. The CSA is a not-for-profit organization of industry representatives focused on information assurance in the cloud computing industry.

Officials work to provide a new cloud approach across 
the service as well as the Defense Department.

U.S. Army officials estimate that by the end of the fiscal year, they will go into production on a new cloud computing solution that could potentially be made available across the Defense Department and could eventually be used to expand cloud capabilities on the battlefield. The platform-as-a-service product incorporates enhanced automation, less expensive software licensing and built-in information assurance.

During the past year, officials with the Army’s Communications-Electronics Command (CECOM) Software Engineering Center (SEC), Aberdeen Proving Ground, Maryland, have been working on a cloud computing approach known as Cloud.mil. A four-person team took about four months to deliver the first increment, which is now in the pre-production phase and is being touted to Army leaders, as well as to Defense Department and Defense Information Systems Agency (DISA) officials, as a possible Army-wide and Defense-wide solution.