Doug Wiltsie, Program Executive Officer, US Army PEO Enterprise Information Systems: Concerns over cloud security are slowing down unified capabilities. (Rob Curtis/Staff)
The Army is moving forward with plans to issue a request for proposals to provide unified capabilities across the service, including everything-over-IP offerings, but officials first must work out details related to cloud that have slowed progress.
A request for information for the UC program went out in February, with responses from industry currently being reviewed and a report outlining an acquisition strategy being prepared, one Army official said. But it’s working out the security questions associated with cloud services that remains as a key sticking point.
“The idea here is, we’re working with [the National Security Agency, asking], how do you define where UC needs to sit…the real question is about commercial cloud use,” Doug Wiltsie, Army Program Executive Officer-Enterprise Information Systems, said May 5 at the C4ISR & Networks conference in Arlington, Va. “Can you use it, how do you use it, what can vendors do to meet requirements and still be a commercial cloud? For us the importance is money. And the more stringent the requirement, the higher the cost.”
Determining the requirements means hammering out the various levels of security impact, an exercise being carried out across the government as agencies look to cloud for savings and efficiencies.
Users of Google or Microsoft, for example, typically would have level 1- or level 2-security services for unclassified, public-facing information, whether they’re aware of it or not, Wiltsie said. But for the Army, non-classified or NIPRNet services need to be between level 3 and level 5, and classified SIPR uses need to be level 6 – a level that so far has not been fully defined at the federal level.
Usually, Army priorities are operational effectiveness, efficiency then security, in that order, “but in this world you flip it,” Wiltsie said. “It’s security, whether it’s operationally effective, then efficiency. So we’re working with NSA on how we implement that security structure.”