Bringing Together Signal and Cyber
In his June interview with SIGNAL Magazine, Gen. Keith B. Alexander, USA, commander of the U.S. Cyber Command and director of the National Security Agency/Central Security Service, advocated bringing together the signal community, signals intelligence and the cyber community. In that interview, he said, “We need to think of ourselves not as signals, not as intelligence, not as cyber, but instead as a team that puts us all together.”
Yet, that goal raises several questions. How can these concepts be achieved? How can a combination of more than 15,000 system enclaves from the U.S. Army, Navy, Marine Corps and Air Force become interoperable? What technologies are needed in the next five years while insufficient budgets make consolidations difficult?
The approaches that must be taken to establish the Joint Information Environment (JIE) offer a glimpse of the path that must be taken for Gen. Alexander’s goal. Many of the issues affecting his proposed changes are present in the JIE implementation.
Installing an all-pervasive JIE will require training the military, civilians and contractors to the same standards. The task for the Defense Department is to eliminate thousands of systems enclaves—each with its own staff, operating systems, custom-coded applications and networks. A much smaller number of network control centers then will protect millions of vulnerable interconnections. A new doctrine will be needed to allow operating-level officers to gain access to shared data so that real-time decision making will be feasible.
Achieving a JIE requires major changes on how information technologies support military services. The JIE will be paced by two critical innovations that will make the sharing of data possible and reduce costs: big data and the platform-as-a-service (PaaS) cloud.
The JIE depends on the availability of big data because information from thousands of diverse Defense Department files must become available. A commander may require an instant display of elements that support a deployment such as transport, air support, logistics, geography, weather and intelligence. Some of these sources of information may be structured, though most, such as administrative messages or visual and sensor data, will be unstructured. The data sources will be in different formats.
A big data construct is able to collect information from hundreds of separate data files that include months or even years of prior entries. Such huge data sets, especially when available in real time, cannot be processed by means of existing database tools.
What currently is in place for the storage of data must be modified or even replaced. The Defense Department must break away from the rigidly structured data warehouses of the past. To meet the new demands, new ways must apply. Access to widely distributed files should allow the processing and analysis of multiple types of diverse files. And, all of this needs to be done using high security requirements, because big data will become the primary target for every cyber attack.
Big data must be captured, stored and kept securely available for search, sharing, transfer, analysis and visualization on millions of desktops, laptops and mobile devices. When responding to an inquiry, big data should present terse results extracted from an accumulation of petabytes worth of related data elements so that trends can be spotted. The technology of big data calls for completely new programming frameworks, which enables the collection from large data sets, such as MapReduce, using new data storage techniques such as Hadoop.
The Defense Department should view the scope of big data as comparable to collections already operating in Google, Amazon and Facebook. The required processing power for driving big data will have to grow thousand-fold, as sensor images and the tracking of objects impose huge demands for added capacity.
For the platform-as-a-service cloud, the JIE PaaS model should deliver a standard and shared information infrastructure plus security that currently absorbs more than a half of Defense Department resources. The PaaS would also provide an open source application development platform that generates applications that are interoperable for all of the JIE.
Operating systems, databases, middleware and up-to-date tools would be included within the PaaS; so the time-consuming tasks such as configuring, optimizing and continuously updating the software could be handled economically. Defense Department components then could focus only on the development of application codes, which is only a fraction of the $36 billion of annual spending. It is the low-cost applications that deliver user value, not the expensive infrastructure that should be seen as a fixed systems overhead expense. Full automation to deploy, test and integrate applications for rapid deployment then would become the cost reduction consequence of the PaaS deployment.
The PaaS codes would feature security installed as a unified feature. Additional features then could be added for ships, submarines, special teams or drones. The JIE will require fewer system administrators because the existing Defense Department enclaves cannot be monitored adequately. The current information technology environment operates with too many technologies to guarantee assured security. Presently, the department has hundreds of thousands of interconnections, each vulnerable for malware breaches. The existing multiplicity of malware detection systems can produce tens of thousands of false positives that require disproportionate amounts of human examination. This is why the required number of systems administrators cannot be adequately funded, and the costs of virus protection plus firewalls are rising as the effectiveness of technical countermeasures is decreasing.
A much simpler cloud, the infrastructure-as-a-service (IaaS), currently is the preferred solution. An IaaS model provides only the supporting infrastructure, including the network, storage, computing resources and virtualization of services. In such a model, Defense Department developers still will have large amounts of work, such as delivering the required security features as well as the delivery of customer services. The department could obtain from the IaaS an infrastructure that might displace about a third of total costs, but it still will have to manually configure, manage and update numerous components and functions that serve customers. For this reason, the PaaS should be seen as an incremental capability that will ensure that a much-improved interoperability across the JIE always will prevail.
With the PaaS, it is not necessary to keep development and maintenance software tools up to date for every application. Installing new patches, writing custom scripts and adding to functionality will ensure that the entire JIE network can function together. Nevertheless, with the PaaS, Defense Department executives will continue to maintain control over the entire network.
Migration to the JIE should be seen primarily as a transformation of the ways information technology is managed. This shift can be characterized by changing the focus of information technology from distributed computing to making data the centerpiece of systems management. Scaling up the scope and the complexity of affordable systems can be seen as a radical change in how systems are developed and maintained. The adoption of big data and platform-as-a-service requires an overhaul, which includes the large-scale centralization of the core software services that can unify systems management practices. Such unification does have far-reaching security consequences.
The adoption of big data and the PaaS raises the question of affordability. Adding these capabilities as an overlay atop existing information technology spending will not be acceptable. What is expected is a merger of tens of thousands of underutilized database servers. Lower budgets will call for cutting contractor labor and for consolidation of thousands of applications. Proceeding with the JIE can deliver savings from cost reductions that then can be used for funding this long-overdue improvement.
Paul A. Strassmann, a retired vice president of Xerox, is the former director of defense information, Office of the Secretary of Defense.