Taking cloud to the very edges of the battlefield can be difficult, especially when the edges of the battlefield include air, sea and space.
Doing that while keeping the cloud secure from hackers makes the challenge even more difficult and the Navy is embarking on new exercises to make sure the hardware and software it uses for the cloud aren’t compromised.
Michael Kilcoyne, the command information assurance manager at Navy Facilities Engineering Commands, said the service is doing a set of experiments looking at supply chain management.
“We are going to be doing what we call cyber tabletop exercises,” Kilcoyne said during a July 11 speech at the Defense Systems Summit in Arlington, Virginia. “Those are kind of like an adversarial risk assessment, using threats, working with the Office of Naval Intelligence and other agencies to get what’s happening out in the wild with the supply chains to specific systems, how they would attack those systems and what impact they would have on the mission of our carrier strike force.”
Kilcoyne said that will be happening during fiscal 2019.
While cloud is not yet at the “tactical edge” in most cases, Kilcoyne said those exercises will help get the Navy there.
Some data challenges remain
“You have to look at the data. There’s some data that might be able to go into a public cloud. There’s other data that need to go in a more secure cloud.” Kilcoyne said. “Then you also have to have a good understanding of mission sets.”
He added the Navy is just now doing mission threat analysis where it decomposes various missions like nuclear command and control to find out what everything from software to infrastructure that is needed to complete the mission.
The analysis allows the Navy to prioritize what the service wants to move, how it wants to move it, where it wants to move it and then get things through the acquisition process to move to the cloud, Kilcoyne said.
The Navy isn’t the only service doing analysis to move to the cloud. Air Force Chief Technology Officer Frank Konieczny said his service is conducting similar planning.
“We’ve set up mission defense teams to actually look at issues with the mission thread and defend those mission threads. They are all key terrain and they involve not only computers and networks, they involve weapons systems,” Konieczny said.
Both men said the services need to be doing these analyses as the services simultaneously move into the cloud.
Of course, there are always challenges to doing analysis and moving to the cloud in new areas.
Both men said obviously the budget is the biggest obstacle to moving to the cloud in certain areas.
Other issues include legacy systems and getting them up to date and transferring data to cloud hosts.
“You have to system engineer these systems to work within the cloud. You have to look at the services,” Kilcoyne said. “I’ve seen everything from ‘You just bring your [web] application and we’ll supply the rest’ to ‘We’ll supply the hardware and the operating system and then you have to bring your database and all of that’.”
Culture is another issue, Konieczny said.
“As we talk about the PEOs, it’s a question of control over what they want to have and be in control of. You run into the issue of ‘I can’t move myself to the cloud because I don’t have a budget, because I haven’t allocated that and I won’t be able to do that until the next program objective memorandum comes through.’ The answer is move it. Get over it, you have to do this. That has been a problem space all along,” Konieczny said.
The Air Force has already set up a center to help PEOs move to the cloud to deal with those issues.