Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How the NSA uses behavior analytics to detect threats

Clint Boulton | Dec. 8, 2015
The CIO of the National Security Agency says analytics protect the U.S. intelligence community’s private cloud system from internal and external threats.

These measures protect a meticulously constructed private cloud that, Smithberger says, deploys technologies similar to what you would expect from public cloud services such as Amazon Web Services, including virtualized servers and applications. However, there are key differences, as the technology is arranged to grants access to a variety of analysts and operatives with varying levels of classification, ranging from low level to top secret. The access is tightly controlled down to each data element layer. Two analysts conducting identical information queries on this system may see different results, based on the security clearances, Smithberger says.

"There's multiple layers inside the network, outside of the network to separate us from the outside world ... very much a layered security model with combinations of government-developed, custom developed for government and commercial products," Smithberger says. “That paranoid, layered defense is really the best answer and, frankly, if you get that right then if there are inside problems they become visible as well.”

Private cloud, done public cloud style

The private cloud itself could be considered a triumph. Cultivated under the Intelligence Community Information Technology Enterprise (ICITE) program, which in 2011 proposed a cloud environment that allows the intelligence community to securely access and share information. Defense Intelligence Agency Director David Shedd said in March that “cultural resistance,” not technology, was the greatest impediment to building the private cloud.

Smithberger says the NSA private cloud is fully operational today, thanks to the help of several government contractors and his internal IT staff, who replaced a number of aging commercial and custom-built servers, database software and applications, many of which isolated data. By upgrading these technologies in the construct of an integrated resource pool, the NSA says it will be better positioned to analyze its information assets, thus better serving analysts, operatives and other constituents.

Smithberger says this private cloud has much finer grained security than anything that's commercially available. But he stopped short of proclaiming the NSA's private cloud is impenetrable.

"It's arrogant for anyone to say that it is impossible to get to the network,” he says. “I would say that there are lots of mechanisms in place with lots of scrutiny to protect our classified world from the outside world and we continue to develop new ideas all the time to shore that up and layer additional pieces -- let's say we are a very hard target."


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.