Goal number two of the State Department’s Bureau of Intelligence and Research strategic plan is to transform their digital enterprise.
The underlying initiatives are what you’d expect, like using DevSecOps for software development or creating a technology governance board.
Jimmy Hall Jr., the State INR Bureau’s chief information officer and director of the Technology and Innovation Office, said the initiative to move its top secret network to the cloud will fuel the other eight to have a larger impact on the agency’s employees around the world.
Hall, who came to INR in January from the Defense Counterintelligence and Security Agency where he was acting CIO after spending 30 years in the Army rising to the rank of colonel, said he found that the State Department’s locations overseas, embassies and consulates didn’t always have the same consistent communications fabric and environments as those he found in the Defense Department.
“I released the first ever top-secret cloud strategy. That strategy outlined the vision, the roadmap for modernizing our IT infrastructure, improving our efficiency, agility and security with cloud computing, and achieving strategic objectives at the same time,” Hall said on Ask the CIO. “We’re operating the AWS top secret cloud today and we’re in the process of refining our implementation plan. What I’ll do going forward is communicate that strategy and communicate our implementation plan to all the stakeholders.”
The idea is INR will take more advantage of cloud to help them address technical debt, particularly around legacy applications and outdated hardware, and open the door for improved cybersecurity and more tools using artificial intelligence, machine learning and other technologies.
Hall said the top secret cloud strategy will not be publicly released, but he said INR isn’t starting from scratch.
“If I were to put a percentage on it today, I would say that we’re 30% in the cloud. As we move more applications and services to the cloud, our approach is a multi-cloud approach via hybrid approach,” he said. “We are working on an implementation plan that will lay out the details of how we will proceed forward. At some point, though, we will expand to a multi-cloud environment. At the end of the day, what we’re looking for is a secure environment. One that’s coupled with a data strategy, and one that allows and enables our analysts and diplomats to enjoy the benefits of either open source intelligence or some of the more classified sources of intelligence that they have a need to know.”
Hall said a major piece of the classified cloud environment is expanding the Joint Worldwide Intelligence Communications System (JWICS) environment.
“We’ve adopted the international language for the JWICS as part of our fabric inside of the State Department. We call it the information network resource and information management system. One of the things that have been charged to do since coming on board is create a modernize network and infrastructure for the classified environment,” he said. “In addition to the top secret cloud strategy, we are also working to modernize our network infrastructure for the classified environment in terms of creating a more secure, agile and efficient network that we can deploy not just the bureau’s mission critical operations, but some of the key goals inside of the State Department. That includes upgrading network hardware and software right to improve our performance and security. That includes implementing a software-defined network architecture that can automatically adapt to changing traffic patterns, and part of changing traffic patterns, it will be established today with connectivity at our embassies, posts and outstations.”
Additionally, INR is moving toward network segmentation as part of its security upgrades to reduce the ability of bad actors hopping across networks.
“I want to implement advanced security features such as increased encryption, intrusion detection and prevention and also advanced threat analytics,” Hall said. “I’m charged completely with running the top secret fabric for the department. And in a sense, I’m the intelligence CIO, so our focus would be becoming the premier JWICS provided for the department.”
Hall said he’s still analyzing the bureau’s technical debt and will come up with a plan to reduce the reliance on the older technology.
Training for managing cloud services
Hall said the move to the top secret cloud also will be an adjustment for the workforce used to managing systems and application on-premise.
“We will need to ensure that our staff possess the necessary cloud computing skills and knowledge to successfully manage the cloud environment. This will include understanding how to configure provision and monitor cloud resources, as well as how to ensure security and compliance on the cloud,” he said. “We need to stay up to date on any of those changes to those [federal] mandates and ensure that our cloud environment remains compliant with all applicable regulations. In terms of software inventory, we need to maintain a comprehensive inventory of all software applications and services that we’re using inside of the cloud environment. This will help ensure that we are aware of any potential security vulnerabilities or compliance issues that can also help with cost management and avoid vendor lock-in. We need to carefully consider which cloud providers use that we use and ensure that we develop an exit strategy in the case we need to switch providers in the future.”
Outside of the move to the top secret cloud instances, Hall said improving connectivity around the global, cybersecurity and the users’ experience are among his other top short term priorities.
Over the long term, he’d like to improve INR’s IT governance policies.
“The governance framework is going to ensure a successful execution of the projects, as well as it is going to share the due diligence that’s needed when it comes to project and project management, and it’s going to ensure that we invest in the proper places,” Hall said. “Our governance framework will be a phase framework as most organizations have, and so there’s a configuration board that will meet weekly coupled with an IT review board that will meet bimonthly, and then the board is chaired by me. We bring in the stakeholders inside of the bureau and the governance board is focused on budgeting and resourcing those IT priorities.”