Defense Intelligence Agency confronts data access challenges in complex move to the cloud

(Source: Getty Images)

The Defense Intelligence Agency is making progress in modernizing the military and intelligence community’s top-secret IT network — the Joint Worldwide Intelligence Communication System (JWICS) — but it’s currently taking some time to determine the proper and most secure data access points for the envisioned cloud infrastructure underpinning it, the agency’s CIO said on Tuesday.

As DIA’s chief information officer, Douglas Cossa is steering that notable revamp of JWICS, a more than three-decades-old system that will evolve to integrate across all U.S. intelligence-aligned components and enable the secure transmission of top secret data and information between them. 

“My role as the enterprise provider for JWICS is to look at where we need those cloud access points and work with vendors around the world to determine where those priorities need to be. Right now, that doesn’t exist. And so that, at least in the near-term, forces us into a hybrid environment where I’m still hosting a lot of that myself in my own data centers. But in the future, I think that will swing the other way, especially as we build that infrastructure with vendors,” Cossa explained during a virtual event Tuesday hosted by the Intelligence and National Security Alliance.

Cloud access points are essentially the security conduits via which the Defense Department connects to the commercial cloud. Sensors enable DOD components to monitor traffic passing through it.

Operating in a hybrid-cloud environment in the near term, DIA intends to maintain its own data centers and host its own infrastructure, Cossa said, “because, simply, we don’t have connectivity today where those cloud access points need to be put in place in the future,” or it’s so sensitive that officials need more visibility into what’s happening. 

But that’s not the case for all applications. So far, DIA has “certainly taken advantage of cloud services” for back office and business applications, according to Cossa. 

“Things like our contract management system and our HR management system, all of those front-end business services, I’ve essentially moved all of those to the cloud,” he said.

While the intelligence agency can assume some risks associated with modernizing those business functions, the CIO noted that more challenges around data access, identity management, coverage, capacity and security requirements exist with mission-related processes. In those cases, DIA officials need to be able to “see the full threat of security of what’s happening behind the firewall on the vendor side,” Cossa said.

“That’s where we’re going to need to see how that plays out,” he added. “When it comes down to mission data, it’s really going to come down to visibility in a security sense and the access to where those services, that data, that infrastructure, needs to be accessed from. Right now, it does not exist.”

In Cossa’s view, there are also many new opportunities for collaboration between DIA and the United States’ closest international partners — including the Five Eyes coalition nations that are also increasingly turning to cloud-based services. Australia, Canada, New Zealand, the United Kingdom, and the U.S. are members of that intelligence-sharing group, through which they jointly cooperate on signals intelligence.  

In that sense too, though, challenges around identity management and data access and integration policies remain. 

“And that’s going to be tough — not from a technology perspective, but from a cultural perspective of how we share intelligence given the sensitive nature of it. I mean, it makes sense, but where a lot of the vendor community is going to come in is helping with that integration across cloud services,” Cossa said. “And I really do think that industry is going to lead in data access and the identity management area for the federal government.”