recommended reading

NSA chief endorses the cloud for classified military cyber program

Jeff Chiu/AP

The cloud will be a logical place for sharing classified intelligence on cyber threats with critical industries as the Defense Department presses ahead on an attack-prevention program it recently opened to all defense contractors, former military officials say, and Wednesday, a spokeswoman for Gen. Keith Alexander, the military’s top intelligence official, said he endorsed the idea.

When the Pentagon started the defense industrial base cybersecurity pilot program last summer with select suppliers, many defense and some nondefense companies vital to Americans, such as banks, wanted to join. The military in May expanded the program to all defense contractors and their Internet service providers partly because the department was able to develop “a dedicated threat-sharing and collaboration system, and validated online application procedures in order to support participation by a large number of companies,” preliminary regulations noted.

Alexander, who runs the Pentagon’s National Security Agency, which produces the intelligence disseminated through the program, has repeatedly told lawmakers that the military’s 15,000 networks eventually will move to the cloud. And the Pentagon is attempting to save $680 million annually by consolidating information services through clouds run by the Defense Information Systems Agency.

“As Gen. Alexander said at last year’s [Geospatial Intelligence Foundation] conference, secure cloud computing offers both DoD and the [intelligence community] many advantages and efficiencies that could enhance information sharing and collaboration,” NSA spokeswoman Marci Green Miller said in a statement. The GEOINT symposium is an annual conference that the nonprofit group organizes for intelligence, defense and homeland security professionals.

Under the cyber program, NSA culls the “signatures” or unique characteristics of identified malicious coding for vendors so they can feed those danger signs into antivirus software. The quid pro quo is that what goes into the information sharing system, including Secret intelligence and companies’ confessions of breaches, stays in the system. The cloud -- a remote computer hub that transfers data through the Internet or a classified network -- could facilitate that reciprocity, experts say.

Former DISA director Gen. Harry D. Raduege explained that the cloud’s flexibility should accommodate the program’s expected high demand. A cloud environment can be compartmentalized based on a user’s authorization level so that, for example, only a defense contractor could read the classified intelligence, while perhaps unclassified threat information would be accessible to nondefense sectors, such as state governments.

“It’s become very, very popular,” Raduege, now chairman of the Deloitte Center for Cyber Innovation, said of the defense contractor program. “It’s become one of those free services, where . . . if they have the proper security clearance, they can get into a secure cloud so that they can get insights to protect their own enterprise.”

Alexander has strongly endorsed the use of the cloud for military operations for more than a year.

“The idea is to reduce vulnerabilities inherent in the current architecture and to exploit the advantages of cloud computing and thin-client networks, moving the programs and the data that users need away from the thousands of desktops we now use -- each of which has to be individually secured for just one of our three major architectures -- up to a centralized configuration that will give us wider availability of applications and data combined with tighter control over accesses and vulnerabilities and more timely mitigation of the latter,” he testified before a House subcommittee in March 2011.

On March 27, he told the Senate Armed Services committee: “Our DoD cyber enterprise, with the department’s chief information officers, DISA and Cyber Command helping to lead the way, will build a common cloud infrastructure across the department and the services that will not only be more secure but more efficient -- and ultimately less costly in this time of diminishing resources -- than what we have today.”

Other computer specialists say they also have faith in the cloud to securely transmit information.

“Everybody who is in security these days is into the cloud, partially because you want to start from scratch” in launching new information services, said Dave Aitel, president of cybersecurity firm Immunity Inc. and a former NSA computer scientist. Eventually, the program might encapsulate multiple clouds, he said, because participants may want to interface with the feds through their own clouds. “Getting two clouds to talk to each other will be a very big deal,” Aitel added.

Due to budget cuts and the drawdown of U.S. troops, the Pentagon’s spending priorities have changed. According to the new defense strategy released in January, two areas will receive additional resources: the Asia-Pacific region and cyber operations. To conserve funding and expand the defense contractor cyber program, “DoD is going to need to learn to use the technology called cloud in a more expansive space,” said Dale Meyerrose, the intelligence community’s former chief information officer.

But some cybersecurity specialists and government agencies remain wary of the technology, partly because of its major attribute -- the shared space.

“If you’re moving information into the cloud, it just seems to me that all kinds of nasty activity could go on in there,” said. Gen. John P. Casciano, a former director of intelligence, surveillance and reconnaissance for the Air Force. “I would take a Missouri approach and say, ‘prove it to me, show it to me,’ how it’s more secure.”

Alexander has acknowledged there are reliability and trust issues with the cloud. “This architecture would seem at first glance to be vulnerable to insider threats. Indeed, no system that human beings use can be made immune to abuse. But we are convinced the controls and tools that will be built into the cloud will ensure that people cannot see any data beyond what they need for their jobs and will be swiftly identified if they make unauthorized attempts to access data,” he told the lawmakers in 2011.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.