The case for a national security cloud, it’s no secret

The case for a national security cloud is no secret. 

Over the last 12 months, advances in cloud computing have driven more excitement from vendors, system integrators as well as government officials and intelligence professionals. 

But where there are leaders there are laggards, and according to a recent Australian Strategic Policy Institute report the Australian Intelligence Community (AIC) is one of them. 

The AIC has been debating the merits of an overarching secure cloud for the last decade. Despite the benefits increasingly resonating with the C-Suite and operational intelligence teams, there continue to be challenges in the AIC achieving its cloud aspirations. 

In this piece I'll address the technology challenges the AIC needs to overcome, as well as the benefits that the AIC stands to gain by prioritising cloud capabilities.

What are the technology challenges faced by the AIC?

Intelligence capabilities are critical to supporting decision-making and defending our national interests. But the scope of emerging threats means that our intelligence apparatus now needs to exponentially increase collection, integration and coordination activities.

To achieve its mission the AIC needs to evolve and adapt, faster. 

Cloud technologies can help agencies to process, evaluate, and analyse enormous volumes of data quicker to provide relevant insight to customers. Regardless of the intelligence type and source (HUMINT, SIGINT, GEOINT or OSINT), the ability to make smarter decisions, faster, will provide a competitive edge that can lead to better targeted outcomes.

However, the AIC faces significant technology challenges across its operating model. This is impacting the way it delivers value, and lowered the ceiling on the value that it can provide.

Some of these challenges will have obvious solutions. Yet, the technology challenges faced are no different to organisations which have evolved over time, and they include:

• Inherent legacy systems, that are inept for large-scale inter-connectivity
• A patchwork of applications, that are outdated, unsupported and not ft for purpose
• Inconsistent protocols, inhibiting the ability to quickly share classified information
• Siloed data and systems, which do not adequately support big data analysis
• Outdated infrastructure, creating inefficiencies, higher costs and preventing scale
• Unable to connect the dots, and provide real-time connected situational awareness
• Unstable foundations, unable to host next-gen technologies for decision-support

It's likely that achieving change has been constrained by the ability to call out the issues, recognising that there's a better way, and making real progress towards innovation. Cloud is now integral to the new intelligence operating model, and the way it delivers value – and the AIC can no longer focus on tech which only 'keep the lights on'.

How are our coalition partners using cloud now?

The AIC will need to adapt and benefit from advancements in the private sector.

In many cases, the technology already exists, and this will be the fastest track to become mission ready. Across the Five Eyes partners, this has been recognised years ago. 

The United States is a clear leader and it has changed the way that national security agencies fulfill their mission. In 2013 the Central Intelligence Agency made the decision to engage a cloud vendor to host an assortment of classified and sensitive data for intelligence agencies. 

The Pentagon also followed suit by announcing its own cloud strategy as part of the Joint Enterprise Defense Infrastructure (JEDI) program. This was driven by the need for speed in adopting cloud, and support from multiple cloud providers. Next-generation projects such as MAVEN would simply not be possible without an interconnected fabric to allow AI to run.  

The UK Ministry of Defense has also made inroads by switching to the cloud and utilising local data centres for its storage, servers and computing for protected workloads. Both the New Zealand and Canadian governments are also exploring options to follow suit and develop capabilities that provide more complex national security functions.

These trends will continue with the modern mission.

Recognising this, why is the AIC so far behind? 

Likely a range of reasons relating to politics, internal organisation, experience, focus, the closed nature of the business, and a lack of technical leadership in digital transformation. The other reason likely stems from general unfamiliarity regarding the art of the possible, and how the benefits of the cloud in other sectors can be drawn upon and employed.

ASPI kindly understated the US lead over the AIC. The reality is that we currently risk falling further behind our allies. This will impact our value, interoperability, and only hand a competitive advantage to our adversaries at a time we’re increasingly being targeted. 

How could cloud benefit the AIC? 

The 2017 Independent Intelligence Review outlined that reducing the technical barriers to collaboration was one of the highest current priorities for our government. The benefits of driving cloud as part of a broader technology uplift across the AIC includes:

• More data, faster. Computing at the ‘edge’ of the mission requires agencies to collect, store and manage more data faster, needing a trusted and secure solution
• Inter and intra-agency connectivity. The diverse AIC Use Cases all depend on an ability to process, fuse and share data to achieve a decision-making advantage
• Foundation for next generation technology. Analytics, AI, IoT, mobility, upgrades to remote sensing and 6G require higher capacity, lower latency and better support
• State of the art services. Enables agencies to access modern services that support their mission, and as well new tooling, innovation and emerging technologies
• More cost effective. The cloud infrastructure can be managed by proven and trusted providers, at a fraction of current costs, and enable the benefit of moving to OPEX  

If the point isn’t clear enough, data is the new wealth. The ability to collect and correlate patterns of life for tactical, operational and strategic use cases will be an advantage.

Compliance, security and the right protections do need to be in place irrespective of the architecture and deployment model – and I am not suggesting otherwise. But regardless, the cloud presents the opportunity for the AIC to deliver greater value, and close the gap.

To wrap it all up

The AIC needs to get moving because it’s not the only game in town (literally).

Our adversaries are looming, and unlike the AIC, many of them have strategically invested into technologies that can be used to increase their collection efforts against us.

Unless we address the problem, Australia will be at a significant disadvantage against adversaries who use this technology to advance their own efforts. Unfortunately, the AIC is already years behind in cloud capabilities, and this makes the urgency even greater.

It’s time we addressed this capability gap – and treat it like one – and encourage the AIC to move away from its legacy technological foundations to realise the full benefits of the cloud.

Rest assured, Australian partners are standing by ready to help.

Adam Misiewicz is an experienced cyber security consultant and the General Manager of Cyber Security at Vectiq - a Canberra-based services company.

For other recent and relevant articles on security, check out:

• The Essential Eight, turning crisis into opportunity
• Avoiding the temptation to compromise security for business continuity during COVID-19
• A Titanic Lesson – Changing the Fate of Government Through The Essential 8