wfedstaff | April 17, 2015 5:30 pm
A few thousand intelligence community employees are seeing what their future technology tools and infrastructure look like.
The Office of the Director of National Intelligence recently implemented a set of baseline capabilities under its Intelligence Community IT Enterprise (ICITE) program. Al Tarasiuk, the assistant DNI and intelligence community chief information officer, said Monday during a briefing with reporters in McLean, Va., the IC launched three capabilities under ICITE in mid-August.
“We declared the milestone, which we called the initial baseline, which involves the deployment of the first substantiation of the IC desktop to a few thousand Defense Intelligence Agency and National Geospatial-Intelligence Agency users,” he said. “They are the providers of the desktop. They are developing the single desktop to the community. They determined earlier on they would be first ones to deploy the new desktop tool. We also stood up the first substantiation of the IC cloud with both storage, data hosting and virtual hosting capabilities. The applications mall went online as well with a number of applications registered in the mall that folks across the community could use.”
Tarasiuk said while the standardized desktop, which includes email and collaboration software, is available to only those few thousand users, the cloud infrastructure and the apps store are available to all IC employees with a top secret, sensitive compartmented information (TS-SCI) clearance.
Insight by Carahsoft: Learn from IT experts as they outline the significant impacts cloud and 5G have on implementing zero trust architecture in this exclusive executive briefing.
Series of small projects
ICITE is not a big project, but actually several small ones with the goal of standardizing the IT infrastructure for all 17 intelligence agencies at the TS-SCI level.
ODNI launched this effort about 18 months ago by taking what some of the IC agencies already were doing in small pockets and expanding those initiatives across the entire intelligence community.
In addition to the three initial capabilities, Tarasiuk said the IC also implemented enterprise management services and a cybersecurity architecture.
He said the security policies and standards are key to making ICITE successful.
“What we will do in our IC cloud infrastructure, which will be provided by both CIA and NSA, is to implement those standards and then make sure those datasets have the right kind of tagging in there. So, in fact, data can be better protected than it might be today for all IC users to use,” Tarasiuk said. “We plan to use some level of encryption depending on the sensitivity of the data. That’s still being worked. So, administrators, which are a very important element here, will be properly segmented so they only have access to the information they need in order to do their jobs. There will be auditing and monitoring like we have today, but enterprisewide, and not agency specific.”
Tarasiuk didn’t mention the problems caused by the Edward Snowden leak directly, but the oversight, and enforcement of roles and responsibilities of systems administrators are a direct aftereffect.
At the same time, however, having agreed upon ICwide security standards will create trust among the agencies and ease concerns about information sharing and information protection just as well.
Long term, short term plans
ICITE is a long-term consolidation effort. Tarasiuk said the goal is to have the majority of the IC workers using all the assorted capabilities by 2018. Then, there will be a constant refresh and upgrade cycle like anything else.
In the meantime, Tarasiuk said there are short term goals for 2014 and beyond.
“In the coming year, one thing we will do is ensure the resilience of the current infrastructure substantiations to make sure we can move more production capabilities into it. Then we will scale beyond what we have right now. We will scale the number of desktops, the amount of data that’s in the cloud,” he said. “We will bring in new services as well. Enterprise management will begin to grow. Security monitoring, we intend to establish a central service to monitor end-to- end the security of ICITE. And at the same time, agencies are planning for their transitions to ICITE. We’ve had several iterations of their plans and now that we have real capabilities in place, we will begin to execute these transition plans.”
DIA and NGA are taking a 60-day strategic pause with the standardized desktop implementation. Tarasiuk said the goal is to make sure they are heading in the right direction, capabilities are working and not messing with legacy systems and to figure out how best to expand the number of users.
That’s part of how ODNI has become the systems integrator of the program instead of letting each of the lead IC agencies handle both the developer and system integrator roles. Tarasiuk said the decision to have his office, with the help of some contractors, run the integration of services, while the lead agencies handle the development side was one of the lessons learned after ICITE capabilities were delayed.
Funding plan undecided
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
Tarasiuk also said there are several policy and governance issues, including figuring out how to fund these services, that will need to be addressed in 2014.
“The services will either be centrally funded, or what we call base funded and appropriated directly to that organization, or through a cost-recovery model. We’re still going through the planning for that, which ones are which,” he said. “We believe the ones that we need to manage user demand of, think about cloud utilization, where we want to control the demand, those would probably be more on the cost-recovery model. Those that would be enabling services for the infrastructure, think of security and possibly enterprise management, those might be more of the kind we would put under centrally funded. But that’s still to be determined.”
The funding decisions are part of a broader effort to address the business model of these services.
Tarasiuk said they may do some mock billing in 2014 so the customer agencies can see how it would work and the prices they would be paying.
And of course that’s part of the never-ending challenge of change management — getting users to change habits and trust each other.
Tarasiuk said reaching baseline capabilities took a bit longer than they had hoped in part because of the challenge of integrating the technologies. He also said moving an institution like the IC just takes time so employees can get used to the new services.
But once the IC agencies do move, Tarasiuk said the benefits will be obvious.
Advantages are clear
He said ICITE will improve two main areas, including the promotion of more secure information sharing.
Tarasiuk said that’s already happening in the few short weeks since ODNI launched the cloud infrastructure.
“The beauty of what we are doing is enforcing an IC standard for all data objects that go in the cloud. Where today, agencies comply with security standards, but they implement them in different ways,” he said. “This is where we believe we can improve information sharing over time because when data is structured from a tagging perspective the same way, we will then will be able to implement this concept we talk about tagging data, tagging users. We have automated systems them that will determine if the user can have access to that data. Today if you sit in another agency and you try to get access to certain data sets that may be in a different agencies, in many cases that data is locked down based on the way it was implemented. What we are trying to do from an infrastructure perspective is remove those technical roadblocks that prevent those kinds of sharing from going on.”
Tarasiuk says each individual agency or data steward will continue to decide who should have or could have access to its data. But the cloud infrastructure will help enforce the control of roles and responsibilities when it comes to data and system access.
The second big benefit is a better connection to others in the intelligence community.
The standard desktop means everyone will have the same tools and can more easily video chat or email, or even find someone in an IC directory.
Tarasiuk said the intelligence community is improving how it accepts others security clearances, known as reciprocity, and ICITE is helping to make that acceptance happen more quickly.
And of course there are cost savings. Tarasiuk said last October that he expects the IC community could reduce its IT spending by as much as 25 percent over the next six years because of this consolidation effort.
“Over the last 18 months, we’ve begun to achieve the visions laid out for ICITE,” he said. “The vision is to improve intelligence community’s integration, information sharing and safeguarding, and have a more efficient IT model.”