Inside NSA’s data protection, cloud strategy

2013_06_patrickdowd Dr. Patrick Dowd, chief technology officer and chief architect, National Security Agency (Photo: FedScoop)

After recent leaks exposed the more clandestine side of the National Security Agency, the agency’s chief technology officer remained committed to open source, cloud-based software as the best way to consolidate NSA’s servers, save money and protect its systems from cyberthreats.

Speaking at FedTalks 2013 on June 12, NSA CTO and chief architect Dr. Patrick Dowd said the development of the government’s infrastructure has left everyone in a tough spot. Government organizations are highly diffuse, with siloed “enclaves” and numerous domains. Any patient hacker will eventually find a way in. And it might get worse before it gets better, he said.


But Dowd believes NSA is taking effective steps — using smart data, data tagging, public-key infrastructure and other security measures — that will save money, encourage collaboration and help protect critical systems.

“It’s really just a very difficult situation, very complex, and it’s expensive because of how many people have to manage it,” he said. “The fact that I manage one enclave and you manage another enclave, who’s to say that we actually synch up and that our policies are consistent?”

Indeed, policies are often not consistent, discouraging collaboration. The solution for NSA — and other agencies, in Dowd’s opinion — is server consolidation, which “breaks down barriers and facilitates collaboration,” Dowd said. “And it actually reduces operating expenses.”

NSA is encouraging server consolidation through privacy measures and migration to the cloud. At NSA, this begins with smart data — basically layering security measures onto data, so if any single point of the system is compromised, the whole will not fall.

Hackers are “not going to be able to penetrate it, and not be able to actually do anything,” Dowd said.


Those accessing NSA data receive a unique, personal encryption code they can use to encrypt data, a process called public-key infrastructure. That’s the “basic building block” for data security, Dowd said. Then, the agency adds on data tagging — where processes or data accessed “inherit your credentials.” It’s an electronic fingerprint of sorts.

“When that process runs against the data, the only data you’re actually able to see is the data that matches your criteria,” Dowd said. “Why is that a big deal for us? What it allows us to do is reduce the enclave environment.”

This leads to less overhead, more collaboration and more innovation, in Dowd’s opinion. “That is the thing you should take most care to optimize,” he said.

Securing data is only part of the battle, though. Migrating that data to the cloud is also essential for NSA. The agency has broken its cloud migration into three categories: a data cloud (similar to how Google collects data), a storage cloud (a geographically distributed content delivery network), and a utility cloud, built, in part, using OpenStack, an open source software. Numerous companies, such as Intel, Dell and Yahoo have contributed to building OpenStack.

“The goal is to raise the bar, so then when you supplement that with new emerging capabilities that are available commercially, they really do provide value because they don’t have to [protect] the entire landscape,” Dowd said.


And to assess your own organization, Dowd told the crowd, don’t ask the besuited higher-ups.

“Ask the people who report to you, then take them and ask the people that report to them. And go down until you find somebody who doesn’t wear a tie, but wears a t-shirt,” Down said, himself wearing a tie. They’ll tell you what’s really going on, he added.

Latest Podcasts