Slashdot Mirror
US Navy Abandons Cloud and Data Center Plans In Favor of New Strategy
An anonymous reader writes: The U.S. Navy is not pleased with the progress it has made on data center consolidation and plans to change strategies. "Later this year, we will make an organizational change to our approach to data center consolidation. The Data Center and Application Optimization (DCAO) program office will move from under Space and Naval Warfare Systems Command (SPAWAR) headquarters to under Program Executive Office-Enterprise Information Systems (PEO-EIS) as a separate entity or program office," said John Zangardi, the Navy's deputy assistant secretary for command, control, computers, intelligence, information operations and space and acting chief information officer. The secretary added that over the past three years, the U.S. Department of the Navy had consolidated 290 IT systems and applications at 45 national sites.
Are they insane? that BYOD better not be any where near any nuke launcher systems or nuke cooling / control systems / also the same thing for any war ship control systems.
Also open internet is a risk / apples app store / phoning home that can't be turned off may not work in that setting.
I guess it must be, let the Wookie win.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The U.S. Navy is not pleased with the progress it has made on data center consolidation and plans to change strategies.
I'm sure changing strategies will allow them to make up for the slow progress since the last change of strategy.
lucm, indeed.
... in awhile.
First law of computer security is physical security.
If the DoD loses physical control over their system then they cannot secure them. This looks like folly to me.
I think DoD consolidated data centers is entirely reasonable and I don't know why they're shifting from that. Being able to hug the server is enormously valuable. If something goes wrong with it, then someone has to hug it. And if it isn't one of your people then that means you're giving access to a third party.
Considering how interested foreign governments are to gain access to these systems, it would be a mistake to think the cloud system is going to protect anything. We've seen repeated examples of the cloud system failing in security.
The cloud system is generally more economical. But that is its only virtue.
As to this notion that the navy has to democratize its tech... the military is not a democracy. What is more BYOD schemes are inherently less secure. If the military doesn't take information security seriously, they are going to get their clocks cleaned.
Putin for example has shifted the FSB to use typewriters that print on PAPER to secure top secret documents because they don't trust their information security. For the DoD to think they can get away with BYOD schemes, commercial datacenters, and "Democratizing" their information security means they have NO clue the sort of resources being put into breaching their systems. This is madness. Ask the NSA if they'd do any of these things.
1. The NSA runs their OWN datacenter. They do not sublet.
2. The NSA doesn't democratize their information security. They dictate it. Within their organization, you comply or else.
3. The NSA would outright laugh at a BYOD scheme since they don't even let cell phones or mobile computers or thumb drives within many of their facilities much less let their staff run around with god knows what kind of machine that has access to their most critical systems for no reason.
This is dumb.
Look, different agencies should be responsible for whatever they understand. If I wanted to run a naval battle engagement, I'd put the Navy in charge of that. If I am trying to secure government computer systems, then I would put experts in that field in charge... give this to the NSA. They know how to breach a system so they know how to secure it.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
It makes me sad every time I read articles such as this. I feel the Navy has been adrift since morse code and torn tape relay were retired. Perhaps it is time for you to reconsider SPAWAR? I often wonder how they help defend the constitution against all enemies foreign and domestic. My last COTAR was obviously a spy for some foreign agency. Anyway... there are many examples of how to make big systems work and none of them are at SPAWAR. COTS can do this, other organizations do this. Why not you?
Program Executive Office-ENterprise Information Systems (PEO-ENIS). You know, for those Southern folks.
I thought the military mindset was to stay the course no matter how obviously flawed the strategy is. It's good to see flexibility is no longer a dirty word.
It's not just you -- the article had a quote that makes it seems like there's an unknown sysadmin care bear:
I don't know about you, but we don't have our racks just standing their on their own ... they're in rows, so you'd need rather long arms to try to give anything a hug. Maybe the one on the end of the row, but that's still a four or five foot deep rack ... so no hugging if you're short without unracking the gear first.
Oh ... and I've learned to ignore the 'number of data centers consolidated', after it was declared that every wiring closet was a 'data center' in our agency (not DoD), and those were going to count against the 'must close (x%) of data centers'. We 'consolidated' by having two rooms next to each other, so that electrically and AC wise, they're the same room ... but for physical security and access control, it's two separate spaces.
Build it, and they will come^Hplain.
Because of limited bandwidth to the cloud from undersea, MOOC students will still face the traditional question of "What am I gonna do in a submarine?"
The US Navy are the most intelligent people in all of the United States armed forces. If they tried to accomplish an important national goal, and didn't fully succeed, then they very well should be listened to.
These people are not slackers. They are the real deal. If they're having trouble, the "cloud" industry needs to listen to them.
Kriston
For those who couldn't make it in the marines
Space and Naval Warfare Systems Command (SPAWAR, in other words "Space War") had a problem fulfilling The Next Generation Enterprise Network (NGEN) contract? I think the Navy Trekkies are in control of the acronym office!
A smart person in one field does not always or even often carry that intelligence and understanding to another field.
For instance, scientists are some of the most intelligent people in all of the United States. But I wouldn't trust the great majority of them to configure a home router securely let alone run off on a tax burning mission to consolidate IT infrastructure and chase down the gold medal in 'How To Do IT Wrong And Blame It On The Technology Instead Of Admit Perfectly Reasonable Ineptitude'.
I know quite a few people in the Navy, much respect to all of them, but to attribute their ability to take on a task of this magnitude (pop pop) based on their intelligence ranking among the armed forces in its entirety isn't exactly a high bar to begin with.
In the past, the government used private companies for data centers in the past. However, said companies were held up to a level of standards.
However, these days, very few cloud providers are FISMA compliant, much less compliant with more stringent security protocols. There is also responsibility. Worst comes to worse, a private cloud just goes bankrupt and all that Federal data winds up being handed over to the next buyers of physical servers (yes, there is support to be DAR protection, but not many places actually bother to have security at the SAN level.)
The US Navy needs to either run their own data center, or go on a venture with a private firm, where the Navy has the controlling interest. This way, some muckety-muck who decides that it is cheaper to spec the DS8000 with regular drives and not self-encrypting drives gets spanked before they can put their plan of "cost savings" into action.
FISMA is a help. NIST knows what they are doing and they have great pubs and checklists for almost all mainstream operating systems to ensure decent security. Even things one may not consider, like trustchk in AIX.
Rep aside, the parent has it right. Get the NSA to plan the architecture. The Navy's enemies don't dance around by department boundaries, and they work together, and they are chomping at the bit to completely compromise any cloud effort that comes from this.
"The US Navy are the most intelligent people in all of the United States armed forces."
Lol you can't be serious bro
The Navy's efforts to consolidate job titles and office names has been a huge success.
Area51 - We are watching...
1. The NSA runs their OWN datacenter. They do not sublet.
2. The NSA doesn't democratize their information security. They dictate it. Within their organization, you comply or else.
3. The NSA would outright laugh at a BYOD scheme since they don't even let cell phones or mobile computers or thumb drives within many of their facilities
And yet, a crummy contractor like Snowden got all that he did. Do you know what that smell is? It's the false sense of security in that China and Russia can assuredly get much more than Snowden via state sponsored spies infiltrating the NSA. What's the best form of encryption? The one with the algorithm that must remain secret, or the one where the algorithm is open source and yet remains secure? Do you see what I'm getting at? If not, you never will.
shouldn't the Navy be focused on The Wave? The Cloud is outside their jurisdiction
1. Whether he was a contractor or not is actually controversial. According to Snowden, he was an agent and his contractor status was cover. So we don't know if he was a contractor or whether he was a full blown analyst and operative.
2. He didn't do it alone. It is quite obvious that he had a lot of help from other like minded people inside the agency.
3. This "crummy" comment is just a baseless insult without meaning.
4. As to China and Russia getting access to the NSA, it is quite clear that much of what Snowden made public was news to the Chinese and Russians so they did not have access prior to that.
5. As whether your statement that I must either agree with your vague and baseless position or there is something wrong with me... I could reverse that upon you as well mr AC. I think rather you either understand your manifest logical errors in your post or really you're probably too ignorant to have this discussion. :)
Did you enjoy being condescended to?... Because if you want to play that game, you'll lose... I'm better at it.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
The Navy along with all the other defence forces form the core of major emergency services not just in war but also in national emergency. The Navy along with all the other defence forces need to be able to function upon a manual pencil and paper basis, so that when all else fails in the face of a major catastrophe, they can still function. That means distributed data systems with full manual backup of all essential command and communications structures.
Consolidating all command and communications data and system at one locations means the complete abandonment of manual structures, of pen and paper command and communications. This means that catastrophic failure becomes truly catastrophic and something that the country will not be able to recover from.
Chaos - everything, everywhere, everywhen
Completely agree.
It should be noted that the US strategic air command is moving BACK to cheyenne mountain.
The military does need to have multiple redundant fail safes.
As to consolidation... it depends on what you're consolidating.
Logistics and procurement for example don't need distributed databases. You can centralize that. YES have a backup where someone can just pick up a phone and call an order in manually or by fucking carrier pigeon. But the primary workhorse of day to day procurement and inventory should be computerized and centralized.
Certain defense secrets should also be centralized in that they should be in the minimum number of places possible. Ideally ONE place that will be very heavily guarded.
But if you need it spread around a little bit and you need that info to be accessible in an emergency... then so be it.
One thing which I think is very important is for the military to maintain its own redundant communications system. Not just military communications sats but encrypted hardwired point to point communications.
If the president orders the nukes launched, then that signal needs to go out without a hitch.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
"Secondly, three of the most poorly performing data centres have been selected and are required to devise a consolidation plan"
Sounds like leadership doesn't know what to do and wants the organization to come up with a solution to hang themselves.
The NSA was the first agency I thought of as well, but I thought I might be modded +Funny for even suggesting it. They know security, and they obviously know how to build massive datacenters. Why aren't they building centers for the Navy and Marines that remain under government control? For top military secrets, that seems to make a lot more sense than using commercial datacenters.
More of those "inter-agency walls" that were supposed to have been torn down under the reorganization of the Department of Homeland Defense, I'd guess? Or perhaps the DoD is more comfortable siphoning billions off to private contractors rather than a competing government agency? Who knows...
Irony: Agile development has too much intertia to be abandoned now.
...because adding middlemen always makes things so much cheaper.
4. As to China and Russia getting access to the NSA, it is quite clear that much of what Snowden made public was news to the Chinese and Russians so they did not have access prior to that.
That would be the expected reaction from any competent intellegence agency. Or did you expect them to release an itemized list of what they had and had not managed to penetrate? Their post-Snowden public reaction tells you exactly nothing about their pre-Snowden activities.
they are standing inside a Somebody Else's Problem field
What a golden phrase that is, brief yet descriptive. Thank you!
A Somebody Else's Problem field is no simple menace or obstacle, it is a projection of ill-tempered or incompetent energy. It can be intricate, beautiful or funny when viewed from a distance, like one of those biohazard crop circles. But you must make your way through them every day. You must be wary of strange invisible energies converging at sharp edges and central lobes. And often many overlap which compounds complexity.
It's better than up to your ass in alligators when your original objective was to drain the swamp, which is colorful but has become over-used. The swamp suggests one's foray into uncharted territory, the alligators are nameless, unpredictable and numerous entities like the (boring) onslaught of evil-minded adversaries in a video game. Life is not that simple anymore.
This is the 21st Century. We have aerials and DEM and LIDAR of the swamp, the alligators show a unique IR/pattern signatures on the terrain of endeavor, and all of them are fitted with radio collars (cell phones) anyway. You KNOW these alligators, you signed contracts with them. You hired them. And yet your navigation through the predictable messes and petty drama is not so much an obstacle as a dance -- as if one must tip-toe through a forest stepping only on the shifting shadows of leaves so as to avoid upsetting the sunlight.
Everyone's Problem fields surround us all. Now that talk is cheap and global the economy and the lobotomy and the deficit and the crisis, the ecotastrophe and the asteroid interception problem and the toilet paper shortage in Venezuela, these things affect us all.
It's overwhelming.But now armed with the simple phrase, standing in Someone Else's Problem field I can imagine these problems are projected onto me like the epic dinosaur battle projected onto Professor Falken's face as he describes the futility of it all and how useless it is to try. Perhaps I can just step aside from the projector beam without some alligator biting me on the ass.
<blink>down the rabbit hole</blink>
mistaken belief that all our data has to be near us and somewhere where I can do and hug the server
He wants to "do" the server. So you may be right.
Organizational walls are a good thing. Keep an open mind. You need tight organizations that can operate independently. The walls are bad when they don't talk to each other but they should be able to operate independently of each other. When you jam everything together you tend to get a one size fits all system which is ultimately shitty for everyone. You can't run the Marines on the same system the NSA runs on... its incompatible. So the idea is to let each department work like its own little kingdom of specialists. Their job is to master a given skill or ability. And then collectively when all the specialists are used together you get a well oiled professional machine.
However, they need to not half ass things they're not good at on their own. The Navy is quite clearly shit at computer security. Very well... Kindly consult with the NSA and get their two cents. The Navy can still run their system but just get some input from people that actually know what they're doing. Maybe send some of the Navy techs to an NSA crash course just so they're appropriately paranoid.
That said, they should ask each other for help.
If I were the NSA and I needed someone to slip a bug into some place I might ask the CIA for help. And if I were the CIA, and I needed to train some locals to start an insurgency somewhere then I'd at least consult the green berets. Etc.
I'm not saying they should be slaved to each other but for the love of god at least talk to them about it. Get their input in the report somewhere. If the report is all roses and then suddenly you hit the opinion from the NSA and they basically say "this plan is stupid and you're stupid for thinking it is a good idea."... that might make the consulting agency question the wisdom of the plan because they know in that case the NSA knows what they're talking about.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
1. The NSA runs their OWN datacenter. They do not sublet.
You are very much mistaken. Amazon Web Services runs a cloud for the Intelligence Community including NSA, CIA and 15 other orgs.
*rolls eyes*
Except for their behavior changed and their security policies were hugely upgraded.
I believe the Russian FSB moved to type writers as a result of Snowden.
So no. Your theory was amusing but wrong.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
It really depends on the system.
For instance things like logistics aka buying food, cleaning supplies, tools, and so on. could all be done on COTs systems and using public data centers.
Things like how many SM-2s are down for repair is a different issue.
And then keeping things separated is yet another issue.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
I disagree because you can infer things from what you think are meaningless bits of information.
Imagine if you were Sherlock Holmes... someone very intelligent, very rational, very knowledgable... and you were handed a long list of seemingly meaningless statistics from the Navy's various requisitions including time stamps, locations, etc. Do you honestly think that someone couldn't infer something you'd rather keep secret from all that?
Of course they could.
Which is why the bias should be to keep things secret whenever practical.
I don't need to put that database on a corporate server so why should I do it? Are you really going to claim that you're going to save a relevant amount of money by shifting those systems to a commercial data center? If so, I'd ask why your private systems are so fucking expensive?
I've set up a lot of corporate databases and the costs of self hosting are trivial.
The only cost savings of putting it in a data center is that you can shed some of your IT department. The equipment costs are meaningless. As to the IT department... it depends entirely on the business. I've seen a lot of businesses that kill most of their IT department thinking they're so fucking clever and then realize "oh shit we need these people to do other things"... and thus they rehire either the same fucking people they fired or they hire a new group or they have to hire a consulting group to do what the IT department used to do at basically the same fucking price.
Look at a Navy ship and you'll see a lot of things are done manually on the ship that could be automated.
Why is that? Because in a crisis automated stuff tends to break. And people... especially if they're cross trained in different departments are more reliable. They're more expensive... but if you're in a battle reliability is what you need. That is why Navy ships have many redundancies built into them. They almost never for example have only one engine. Two engines is standard and sometimes they have four. If an engine dies the ship goes slower but it does not stop.
Take that philosophy and apply it to the computers. You have PEOPLE manning those systems. Yes, a corporation will be cheaper... but its priorities are the cost profit bottom line. For the Navy that isn't their priority. The Navy doesn't make money. The Navy costs money. There is no way for the Navy to EVER be in the black. It is literally impossible.
Whether or not they are considered to be well run is not judged by the same metrics that you judge a business. What you judge a military force on is its ability to win battles. A military force that wins battles is a superior military force.
Does that mean the military can just spend infinite amounts of money? Nope. Their budget should be relative to the resources of the host nation and the perceived threats. Whether or not that money is being spent efficiently is judged by whether the money invested translates into a proportionally effective military force.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
they obviously know how to build massive datacenters
I wouldn't be so sure about that.
Apples and Oranges. You assume that the Navy does not have trained IT personnel. I believe that was the point. If the Navy can't do it, because they employ the trained personnel to do it, then you should take notice.
FYI you argument is inane, because you do not know the great majority of scientists. Thus your judgement is meaningless.
Actually they are.
They figured out a long time ago that it was more efficient and gave better quality results to have one Government Printing Office than ten thousand printing offices - the same logic applies to IT. IT can be both commoditized and customized by qualified individuals - if the Navy needs something special, then the Government IT Office should have to acquire skills to meet the Navy's needs. Intelligence already has specialized IT systems, to handle classification transitions - hire those guys away to the GITO. The Navy should be building ships, not data centers - more Waste, Fraud, and Abuse.
One of the challenges we face is, in fact, internal IT systems and the power silos' automatic turn towards secrecy whenever oversight is required. See: IRS backups, State Dept. emails, SEC authentication, NSA everything, etc. The GAO could have their statutory power if the IT were centralized, which is why it isn't. Where's Rand Paul on this? Filibustering must be good for popularity, but it's not striking at the root.
MAYBE this is the best use of re-tasking the NSA's existing bureaucracy, if killing it outright isn't feasible. Though why would the Navy trust them after how they've behaved? But we don't need a General in charge of the Printing Office, so the IT Office may become trustworthy if it devolves to civilian with strong oversight.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I don't have a clue as to all the use cases the navy needs a data center for. I really don't.
But I'm pretty sure a lot of it can be sent into *the cloud* with vendors with decent credentials. I would hope the navy ensures the cloud location and physical security. Maybe they reach an agreement to post their own navy security for particular labs? This is not an usual agreement to have a dedicated physical location for big clients. This happens with corporations. I'm sure the military could get such an agreement.
Not everything is "Top secret plans to invade Russia.docx"
I'm sure there's a lot of boring logistical, hr, mundane reports, recruitment tools, videos... that you don't need that anything beyond good cloud security.
Not to mention, there are various kinds of technologies that allow you to encrypt data going into the cloud so nothing in stored raw.
It has to be done intelligently of course, but I don't see why the government should not use the vast array of cloud solutions available from a lot of vendors.
Cheyenne mountain is EPM hardened and they have the gate as well.
Give it to the NSA, so they have even more power to abuse? Great idea, Sherlock.
Don't fight for your country, if your country does not fight for you.
They're using it for a lot of things. And if I breach that system, I can monitor the Navy's activities at the very least. Having lax security is not acceptable.
And really, I don't think people are appreciating that the level of security required to keep shithead hackers out is not the same level required to keep out state sponsored cyber warfare divisions.
its like comparing a bank robber with an army battalion.
You are not giving enemy action even remotely enough respect.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
The NSA let Edward Snowden have unlimited and unmonitored access to their secrets, and bad things happened. If you care about security you don't let your secrets out of your control.
Ed wasn't working alone... it is quite obvious that he had quite a bit of help from inside the agency from other like minded people.
Furthermore, he claims he wasn't as low down the totem pole as the NSA claims. It is quite possible he was a senior analyst/agent/operative.
Regardless, you can't stop someone that has access to your critical systems having access to your critical systems.
They either have it or they don't.
You think it will be better with corporate private sector datacenters? Come on now.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Well, that reduces the targets for an enemy by 245.
Just another day in Paradise
... this is so mindlessly kneejerk that it doesn't qualify as human thought.
We're talking about who should design secure government computer systems.
One would think you would admit that the NSA is competent at cracking computer systems. As such, they know how to secure them as well. Which means they're qualified.
I expect you're an "abolish the nsa" type person? Well, get over it... major countries need electronic intelligence divisions.
Does the NSA need to be reformed? Obviously. should nothing like the NSA exist? It obviously has to exist.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
For manual systems to work, you have to practice them. Make sure the courier rider is still there, make sure the forms are still there and make sure the boxes of pencils are still there. Basically the military needs to keep manual systems going because when all else fails, part of their function is to remain functioning. Military transport vehicles at their very core should be very reliable, very fuel efficient and be capable of running without electronics. They have the bodies and keeping them busy with paperwork and manual systems makes sense. A highly automated civil society requires a very manual defence structure to ensure when that highly automated civil society fails for what ever reason it can be readily rebuilt with manual system. Rebuilding automation when you are totally reliant on automation to achieve it, will take a very long painful time. The major solar flare, the meteorite impact, that series of major seismic events, all need to be taken into account when organised how you military systems are managed, they are not just for blowing stuff up and killing people, in a modern world their primary roles should be building stuff and saving people otherwise you are just wasting resources to waste resources.
Chaos - everything, everywhere, everywhen
As to combat backups, I entirely agree. However, peace time systems don't need to be that robust.
That is to say, a system that handles accounting and inventory don't need to be as robust as the system that fires the nukes when you hit defcon 1.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.