21 March 2018

Pentagon Cloud Migration Fights Cybersecurity Challenges

By Kris Osborn - Managing Editor - Warrior Maven

The Pentagon is working with industry to accelerate migration to cloud technology to enable faster decision making The Pentagon is working with industry to accelerate widespread migration to cloud technology to enable faster decision-making, AI implementation, rapid data organization and improved IT security, Pentagon leaders said. The multi-faceted initiative includes data consolidation, reducing the hardware footprint and efforts to connect satellite ground terminals more seamlessly with one another; the key concept, of course, is to increase access to otherwise disparate pools of information, share information quickly and give combat commanders more options on a faster time frame.

The current weaponization and attempted “hardening” of space systems, data networks and C4ISR technologies are key issues reletated to the ongoing effort to move quickly to cloud systems, at the direction of Deputy Secretary of Defense Patrick Shanahan.

At the same time, cloud migration is widely understood to involve a particular paradox; while cloud technology can enable more seamless or ubiquitous virtualized security systems, it can also bring the risk of exposing larger amounts of data to potential intruders should an attack be met with initial success.

One solution, which also implicitly brings some contradictions and challenges, is to rapidly harvest commercial technological solutions which, for instance, can allow networks to download the most advanced patches or fixes on a faster time frame. Commercial security solutions can bring advantages in other respects as well, DoD leaders say.

“Industry has taking some security practices with great encryption baked in. From day one the department will see significant security benefits which will improve our posture,” said Essy Miller, Acting Chief Information Officer, DoD.

The large-scale DoD move to integrate Window 10 is an example of this strategy.

Air Force officials tell Warrior that faster-decision making is a vital priority for service developers, who say the latest budget proposal incorporates a large increase in funding aimed at improving commander’s ability to respond quickly to emerging combat situations.

“The space budget focuses on building more jam-resistant GPS satellites, improving missile warning, improving space situational awareness and increasing the nation’s ability to defend its most vital assets on orbit. It adds additional resilience features and user protection to existing satellite communication systems,” Maj. William Russell, Air Force Space spokesman, told Warrior Maven.


An often-discussed phenomenon seems to inform Shanahan’s push for faster cloud migration, namely that multi-year government developmental programs are, in many instances, generating technical systems which are potentially obsolete by the time they are completed.

“I am directing aggressive steps to establish a culture of experimentation, adaptation and risk-taking,” Shanahan’s memo states.

Commercial innovation, therefore, coupled with an open architecture framework, is intended to allow faster, wide-sweeping upgrades more consistent with the most current and impactful innovations.

“DoD is using a tailored acquisition process to acquire a modern enterprise cloud services solution that can support Unclassified, Secret, and Top Secret requirements. Known as the Joint Enterprise Defense Infrastructure (JEDI) Cloud, the planned contracting action will be a full and open competition,” a Pentagon statement said.

Pentagon leaders of the JEDI program explain that cloud security will be approached in a measured way so as to ensure maximum data protections. They envision being able to generate secure secret networks in 6 months - and Top Secret cloud-based networks in 9 months.

“Let’s minimize the risk point while leveraging the significant security capabilities commercial has already brought to bear,” said Tim Van Name, Deputy Director, Digital Defense Service.

By facilitating improved satellite ground terminal interoperability and network data sharing, cloud-based systems can also speed up SATCOM connectivity and allow command and control technology to expedite directives to satellites, industry and Pentagon developers said

CACI is among a handful of industry developers, to include Hughes and ViaSat, who are currently exploring emerging technologies as a way to further protect and harden SATCOM connections and command and control. CACI uses a specific kind of new cloud-based battle management software engineered to integrate fast-emerging data from a wide range of “nodes” on a network.

“If there is a scenario in which there is a cyber attack that is ground based or space based which degrades assets, ultimately what happens is a sequence of decisions. Am I willing to take some risk?” Ryan Fairchild, Vice President and Division Manager, Space Operations, CACI, told Warrior Maven. .

For instance, Fairchild said emerging cloud systems could allow a combatant commander to quickly make an informed decision about whether to utilize a laser weapon or EW system.

“We want to provide a tool that enables decisions to be made,” he added.

Viasat has developed an Ethernet encryptor designed to improve security for cloud computing.

“Viasat KG-142 is a 100 Gbps Type 1 Ethernet encryptor delivering speeds ten-time faster than existing solutions. With the new encryptor, government users can better meet the bandwidth need for cloud-computing and real-time data transport across the battlespace,” a Viasat statement said.

ViaSat developers describe the KG-142 as a high-speed, low-latency encryptor with integrated security standards and software upgradeable designs aimed at minimize the need for hardware changes.

Also, Pentagon cloud developers say automation and increased applications of AI are making a difference when it comes to improving cloud-network security. DoD efforts emphasize the often discussed two-fold cloud strategy which seeks to maximize both decentralized nodes and centralized servers and data access.

“Our intent is to take advantage of automation from two perspectives. We want to assist with configuration to verify the appropriate protections in place. Also, we are building in some hierarchical controls into the way services are pushing access to ensure we are taking advantage of centralizations,” Miller said.

No comments: