The Defense Department is in the early stages of a project that it hopes will make good on a major technology aspiration across government: harnessing the vast, unstructured volumes of information generated by IT systems known as “big data” to drive decisions and improve day-to-day operations.
The program, an analytical cloud dubbed Acropolis and developed by the Defense Information Systems Agency, has been up and running for about six months and is now absorbing data from disparate systems across the Defense Department. About 1,300 users are currently making use of the system via a newly-designed common presentation layer based on the open-source OZONE Widget Framework.
DISA is developing Acropolis as a service to be used by all DoD components and members of the intelligence community. For now, the agency is focused on using it for data dealing with cybersecurity and day-to-day network operations, said Bill Keely, the deputy chief technology officer for mission assurance at DISA.
“As far as the size of data, every single time an email gets sent off, there are like 100 different devices that get involved that are all logging records, so as far as the amount of data, it’s definitely in those two,” Keely said in an interview.
But in later stages of the fielding, DISA wants Acropolis, which is built in part on the public domain Accumulo platform first developed by the National Security Agency, to begin handling many other categories of big data within DoD, including financial accounting information and acquisition data.
“We’re trying to get good performance metrics to track every project developed in DISA, the progress of fielding and meeting the goals of a program. Tying that in with financial information, all that’s a really rich resource to allow us to do better as we go forward.” Keely said.
DISA says the target user community for Acropolis includes system administrators on military bases, the newly-created cyber mission teams based at U.S. Cyber Command and staff at DoD’s forthcoming enterprise operation centers (EOCs).
“Also, I’d like to have a program manager be able to log in and see how healthy the system he’s fielding is, so he doesn’t have to wait and use his customers as his quality assurance checkers,” Keely said. “Instead, he can use data that he’s designed into his system to feed into our cloud.”
Also in the early stages of the program’s fielding, DISA is designing in capabilities to proactively screen DoD networks for insider threats and cyber espionage.
During the first increment of the effort, Acropolis will scan email, Web and system log traffic based on 15 different classified analytic criteria.
“What we don’t want to do is to be in a posture where we find out about insiders after the fact,” Keeley said. “We want to find them as they start doing bad things, and if you look back at all the espionage cases, they’ve typically been plying their trade for quite a while, and it causes too much damage. We have to get them early in the lifecycle of things going bad, because often they’ll try a few things first, they start building their confidence and then start doing more. We want to get that early on so we can turn it over to the proper authorities.”