NSA CIO Lonny Anderson

The CIO of the National Security Agency is focusing on IT architecture and using what he calls a "cloud-centric" approach in the agency's effort to improve its information sharing with other intelligence agencies.

"Some people say we've just got to get better tools. Well, tools come and tools go," says NSA CIO Lonny Anderson, in an interview with InformationWeek at NSA's National Cryptologic Museum in Fort Meade, Md. "The key is architecture. You build an architecture, then it doesn't matter that tools come and go. There's no doubt in my mind that when we connect architectures, we'll never look back."

NSA, like other organizations within the 17-member U.S. Intelligence Community (IC), redoubled its efforts at intelligence sharing following the attempted bombing of a Northwest Airlines flight on Dec. 25, 2009. One such project, called "the Quad," is a joint initiative between NSA, the National Reconnaissance Office, the National Geospatial-Intelligence Agency, and the Defense Intelligence Agency to establish a common tech infrastructure. A first step, under way now, is the development of a role-based identity access management framework to ensure that intelligence experts are able to access the information they need, even when that information resides in another agency's database. Developers are also being trained on how to work with the new framework.

Another cross-agency effort is the Integrated Intelligence Pilot, which involves deploying new servers on the IC's classified network, the Joint Worldwide Intelligence Communications System, so developers can write apps that get shared and can run database queries across agencies. "So, instead of taking data from CIA-specific repositories, NSA-specific repositories, FBI, or DIA, you'll be able to query via the cloud into those organizations and say, 'Do you have information that meets this question?' and they'll be able to say yes or no," Anderson says.

Open Source Potential

Anderson is contemplating making some of the code developed for an intelligence cloud available as open source, similar to what NASA did with its Nebula software. "I want to take advantage of developers not just across the IC, but developers everywhere," he says. A "security wrapper" would be used to protect sensitive code.

The agency is replacing cryptologic centers in Texas, Georgia, and Hawaii that house a mish-mash of IT and communications platforms that date as far back as the 1980s. Anderson sees it as a "once in a lifetime" opportunity for IT overhaul. Beginning next year, three new cryptologic centers will house thousands of employees. The centers' new IT infrastructure will include thin clients, wireless networking, and private clouds.

"What we don't want to do is just lift and shift that legacy infrastructure and those legacy processes and ancient servers over to these brand-new facilities," Anderson says. "We're using this as a forcing function."