NSA goes live with ‘Hybrid Compute Initiative’

A top NSA official says the goal of the initiative is about finding "the right compute solution for each mission, the right option for every distinct problem."

After years of development, the National Security Agency’s top-secret hybrid cloud environment is now operational.

The NSA has been pursuing the “Hybrid Compute Initiative” since at least 2020. The agency’s goal is to evolve the NSA’s on-premise GovCloud environment into a mix of commercial cloud capabilities and hardware-as-a-service offerings.

Jennifer Kron, chief financial manager at the NSA, said the Hybrid Compute Initiative and its updated “Intelligence Community GovCloud” went live earlier this year. Kron previously helped lead the NSA’s IT initiatives as the agency’s deputy chief information officer.

“This year it went live, and we are deploying mission with our partner,” Kron said Oct. 29 during the DoD Intelligence Information System (DoDIIS) conference in Omaha, Neb. “That’s our core mission services, our IC GovCloud, which provides hundreds of programs and systems that are used not only by NSA, but across the IC and [the Defense Department].”

The NSA awarded Amazon Web Services a potential $10 billion contract as part of the Hybrid Compute Initiative. AWS was re-awarded the contract after a 15-month acquisition saga, including a successful Microsoft protest that forced the NSA to re-evaluate its initial award.

The Hybrid Compute Initiative is complementary to the CIA’s Commercial Cloud Enterprise (C2E) contract, which offers the services of five major cloud vendors. Kron said the NSA’s initiative is “all about finding the right compute solution for each mission, the right option for every distinct problem and for every distinct purpose.

“That might be commercial cloud, it could be C2E, it could be an NSA instance of a [top secret] cloud,” Kron said. “It could be hardware-as-a-service for things that don’t quite work on commercial cloud. It could be on-prem. There’s a whole range of options. And so we’ve kind of evolved from saying, ‘No, we can’t do cloud that’s too open’ to ‘everything on the cloud,’ to really having a discernment as to what missions and what purposes should go into what which platform.”

The NSA’s move to embrace more commercial cloud options is driven by a major increase in data, leading to a massive increase in demand for processing and analytics.

“The long term reasons why we made this shift is the increased reliability, increased performance, ultimate scalability and modularity, the efficiency,” Kron said. “So there was no way we could get where we needed to go in [signals intelligence] and cyber without those partnerships.”

Meanwhile, Ryon Klotz, deputy CIO of the CIA, said the C2E contract is bringing the broader intelligence community into a multi-cloud environment and its array of digital services, including artificial intelligence.

“Our imperative is to deliver the multi-cloud foundation to allow the community to take advantage of those higher order services, whether they’re AI services natively provided by those vendors or third party or open source, to have the compute capacity to run those models, to do inference on cybersecurity data, but a variety of other mission imperatives,” Klotz said at DoDIIS.

The C2E contract is also intended to give the intelligence community access to “the broader ecosystems of technologies that have natively been grown in the cloud environment,” Klotz added.

“If you’re a startup, the last thing you’ll ever do is acquire a data center and buy some servers. You start in the cloud,” he said. “You natively built those capabilities in the cloud, you build a business model around consumption that is metered based on utilization. Those are the things that we think we can now gain access to by delivering this multi-cloud foundation.”

But as intelligence agencies deepen their reliance on cloud and hybrid models, leaders are also emphasizing the need to re-balance security risks.

“As we in the government are shifting more to cloud and to hardware and platform-as-a-service, the security profile and the security risk becomes even more of a shared responsibility between government and industry,” Kron said. “We need to think about exactly who has responsibility for which layers ensuring that we all are on the same page and that everything is meeting the same standards, and that requires a whole other level of trust and partnership, and that’s going to be really critical moving forward.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories