Army Gen. Keith Alexander, head of the National Security Agency (NSA), discussed the cloud and how to defend against increasingly sophisticated cyber-threats at a recent Information Systems Security Association conference in Baltimore and in a follow-up interview with eWEEK. As commander of U.S. Cyber Command, he also discussed rules of engagement for the military in cyberspace.
The cloud is a key part of the intelligence community's IT strategy, Alexander said, because cloud computing gives defense and intelligence agencies more visibility over hackers who are trying to breach government networks.
Within the NSA and Department of Defense (DoD), there are more than 7 million pieces of IT infrastructure and systems and 15,000 different network enclaves, according to numbers provided by the general. With each enclave protected by its own firewall, network administrators have little to no insight into what is happening in isolated and segmented networks, he said.
"Collapsing the enclaves" would provide administrators with a better end-to-end view of their networks and situational awareness, said Alexander. He added that it's not a perfect solution, but "it is more defensible."
In a pilot program, the NSA has reduced the number of applications it is running from 5,000 to 250 cloud applications and slashed the number of help desks from 900 to 450, according to Alexander. The agency plans to keep shrinking the infrastructure to just two help desks and 20 data centers, as well as adopt more open-source software, he said, noting that the military is already using Apache Hadoop and OpenStack.
These initiatives are expected to provide savings of 30 to 50 percent in the NSA's IT budget. They will also free up professionals to focus on cyber-defense instead of operations, according to Alexander.
"When you think about the cloud, look at what Google and Amazon are doing with the technology-it's absolutely superb," the general said. "We need to go from our legacy databases to the cloud." The NSA expects to move all of its databases to a cloud environment by the end of the year.
When asked about the possibility that consolidation would make it easier to steal more assets than if they were spread across networks, Alexander said that instead of weakening network defenses, collapsing the enclaves "increases the probability of seeing an intrusion."
The probability of having all 15,000 enclaves protected and patched is low-near zero. And if administrators can't see within each enclave, then once the attackers get inside, they are "free to roam" without being detected, he said.