We recently had the opportunity to interview the CIA CIO, Doug Wolfe.
Doug has been the CIA’s CIO since 2013. In this role he oversees the agency information technology vision and strategic direction. He is also an advisor to the intelligence community CIO and a collaborative leader in the federal technology world. His past tours including serving as deputy director for acquisition, technology and facilities at the office of the director of national intelligence, inventing new sources and methods in the CIA’s S&T directorate, supporting launch and operations of multiple satellite systems at the National Reconnaissance Office and serving as the deputy CIO of the agency.
Doug also spent time in industry. Prior to the CIA he worked at Rocketdyne on the space shuttle’s main engine program. He has a bachelor’s degree in mechanical engineering from the University of Southern California and a master’s degree in system engineering from Virginia Tech
Many of us in the technology community have been tracking the exciting news about the CIA’s ability to leverage commercial advances in cloud computing via their Commercial Cloud Services (C2S) project. Since the enabling capability for C2S is provided by Amazon, C2S provides what is essentially an Amazon Web Services “zone” for Intelligence Community use. However, this zone is protected and operates in ways that keep it physically separate from the open Internet and logically part of the IT infrastructure of the Intelligence Community.
CTOvision readers no doubt immediately grasp the potential benefits of this approach, which include an ability to rapidly scale up and down compute when needed, a new agility for mission support, more comprehensive designs for security and more efficient use of resources overall. Now that the agency has been working with C2S we wanted to ask Doug for technical insights that can put this into context for us.
The following is from our discussion with Doug:
Gourley: Now that the agency has had time to start leveraging your C2S capabilities can you give us a feel for some of what has been accomplished?
Wolfe: C2S is up and open for business and serving a wide range of users from across the community. Some of what has been accomplished is foundational, like establishing concepts of operation and building out policy and process. Other foundational capabilities include working issues like connectivity to enterprise governance solutions.
C2S accomplishments also include support to multiple IT projects and programs. Of all the capabilities we are providing now, one that is very transformational has been what is occurring in support of agency software developers. We have given our developers repeatable ways of building development and test environments and made it easy for them to orchestrate the many business processes good development projects require. This has simplified their administrative requirements, empowered them with more functional development and test environments, and enabled a move to a DevOps approach. After developers start using C2S they soon realize they are spending less time on non-productive functions and can spend more time building real functionality. The result: developers are more agile, more efficient and can better support missions.
Gourley: How will the IC benefit from commercial relationships you have developed with companies like Cloudera and Amazon via C2S? Do you expect other technologies to come over to C2S in the near term and what are the key capabilities on the horizon?
Wolfe: With Amazon we have what is essentially a private AWS availability zone, which is now available to the Intelligence Community. Capabilities that AWS roles out to their own availability zones are made available to the community shortly thereafter. This means several things. One is that programs that leverage C2S do not need to make up-front investment in infrastructure to develop, configure, test and then host their capability. It also means that the many quality control and service management capabilities required to ensure consistently functioning applications is immediately available to programs. The same is true of our relationship with Cloudera via C2S. We wanted to provide developers with an easy way to access all the Apache Hadoop data framework, governance and security capabilities they will need, in one place, integrated into the way they work.
On the topic of data, we have found new approaches to data management have been very helpful in addressing our needs. Our needs center around working securely with a wide variety of data types. Developers need a framework that is knowable and repeatable for them to do this. Users need an infrastructure that is always on and available so they have the data they need for their mission. C2S now enables both those key functions.
Gourley: How do end users benefit from C2S?
Wolfe: C2S enables more reliable and functional delivery of services to end-users. One of the biggest benefits to date has been in delivering reliable and functional services to end users and doing it faster because developers have common and known and easy to work with environments. In most cases end users will not know C2S is delivering this capability. They just see more and better functionality. One category of functionality, for example, is in geospatial applications. Working with both our own and NGA’s technical teams we are leveraging C2S to deliver enhanced geospatial analysis tools and end users do not need to be troubled to know where the compute power for those come from.
Gourley: How soon will marketplace be made available to the community within C2S? High and low side?
Wolfe: We plan on continuing to enhance our ability to deliver apps and the use of a marketplace in C2S will help us do just that. We will have enhanced marketplace functionality for users throughout the community by late 2015 and have plans to continue the improvement from there. Users will be able to access and interact with a high-side version of the marketplace that lets them select the apps to run in service to their mission needs and work requirements. The technology teams that keep apps running will have benefits now expected in enterprise grade service delivery organizations.
Gourley: How do small technology firms introduce their capability to your team if they believe they have a capability to benefit the IC? How easy is it to port over now?
Wolfe: Any technical team that can build to the AWS model, which really means anyone from a single developer to a large systems integrator, can build to the integration guidelines of the AWS platform. If a solution is developed and tested on the AWS marketplace it will run in C2S. So porting over is easy. But the most critical question for any firm to consider when seeking to introduce a capability to C2S is to know what intelligence community challenge it addresses.
Gourley: Can you share any lessons learned with the community regarding data provenance in your C2S environment?
Wolfe: The ability to know the history of a given piece of data is important to our way of work, where analysts must know with confidence where data came from and who may have touched it. Data provenance is also important to ensuring compliance with oversight requirements. We have developed an expertise in architecting solutions with advanced data provenance leveraging C2S and the Apache Hadoop framework and are happy to share this expertise with others in the community.
Which raises another point: As we develop lessons in areas of data provenance and other advances in cloud computing we are continually looking to share those lessons, both inside the intelligence community and back into the technology ecosystem that has provided us so many great capabilities in service to our mission. You can expect lessons from us in data provenance and many other advanced cloud computing constructs to be made available for the benefit of others.
Gourley: CIA Director Brennan recently announced a major reorganization of the agency and a shift to execution of many key duties through mission centers. Has your work in C2S provided you with new capabilities relevant to this new organization?
Wolfe: Technology is here to serve the critically important missions of the agency and it is my job to ensure it is ready to serve no matter what the missions, functions and organization are. The organizational changes introduced by Director Brennan on 6 March 2015 are the result of lots of hard work and strategic thought by officers across the agency, and I’m proud to say the announced changes were informed by a knowledge that IT will support these critical changes. C2S is one of the ways we will execute on our requirements to support. It has become a foundation for accelerating the integration of digital capabilities across many agency organizations and that is a key goal of the announced reorganization.
