The CIA's biggest tech challenge: secure mobility

Credit: Jonathon Narvey via Flickr

The Central Intelligence Agency has a lot of technology challenges, but its biggest one is adapting to a wireless world.

The agency's chief technical officer, Gus Hunt, spoke at the AppNation conference yesterday in San Francisco -- a rare public appearance for members of the intelligence service. Hunt became the CTO about four years ago, and began by defining several key technology goals.

Number one: secure mobility. 

Today, Hunt said, the devices used by analysts at work are 99.9% wireline-connected computers, and only 0.1% mobile devices. (Mostly BlackBerries and older custom devices, according to another source who spoke on background.)

But Hunt knows the world is moving wireless. "We recognize it's a mobile world out there. It's the inevitable outcome of everything that’s happening. I believe [in a few years] you won't be able to buy an ethernet-connected device of any kind." He continued, "But I'll tell you, wireless is not secure."

Today, he said, analysts who use mobile devices for work have two devices: one for classified work, and another unclassified one for everything else. Eventually, Hunt said, the CIA would like to get rid of these dual devices, but it's a long way off. "We're trying very intently and very acutely and pushing this space very, very hard. But trying to address mobile security is just a tough one."

Another tech priority for the agency is creating micro-apps or applets that perform very specific functions, then allowing analysts to mash them up into larger apps based on their own needs. Then, analysts are encouraged to put these mash-ups back into the common repository. Here, the agency is encouraging "self composed outcomes by users, as opposed to us doing the hard thing, which is to figure out what user wants to do. That's always been a compromise."

Private-sector companies are starting to do similar things. For instance, Clif Triplett, the CIO of oilfield services company Baker-Hughes, recently spoke about the rise of micro-apps at a CIO Perspectives forum in Houston TX.

Hunt also listed four other tech priorities for the agency.

  • Data analytics: "we have an enormous amount of data coming in and out" of the CIA. A big challenge is deriving value from that data.
  • Security as a service: the CIA does not want vendors to build security into their products because "every time you do it, you do it differently. What we want is a set of security services, uniform and consistent across our entire boundary, with apps and services and widgets above them."
  • Data computation as a service: this is not about creating a single repository for data -- "it remains distributed. It's about us bringing to bear high power compute engines, [such as] MapReduce and Cassandra and hBase .... All analytics above want to consume a common compute down below."
  • Massive computational infrastructure. The agency is moving to a private cloud infrastructure, wants to spend as little time as possible managing it. "We're in the middle of an acquisition, we'll forklift into our boundary a complete instantiation of a commercial cloud instance ...  We'll pick up whole copy of it, put it behind our fenceline with guards and guns, and have somebody run it for us."

Hunt also talked a little bit about the war to recruit good technical talent -- a particular challenge for a government agency with tight budgets. "We don’t have the pay scale that some of you are willing to offer these really smart kids coming out of school. We're not really competitive there. But we're extraordinarily competitive in terms of doing challenging work."

Join the discussion
Be the first to comment on this article. Our Commenting Policies