US Navy Abandons Cloud and Data Center Plans In Favor of New Strategy 68
An anonymous reader writes: The U.S. Navy is not pleased with the progress it has made on data center consolidation and plans to change strategies. "Later this year, we will make an organizational change to our approach to data center consolidation. The Data Center and Application Optimization (DCAO) program office will move from under Space and Naval Warfare Systems Command (SPAWAR) headquarters to under Program Executive Office-Enterprise Information Systems (PEO-EIS) as a separate entity or program office," said John Zangardi, the Navy's deputy assistant secretary for command, control, computers, intelligence, information operations and space and acting chief information officer. The secretary added that over the past three years, the U.S. Department of the Navy had consolidated 290 IT systems and applications at 45 national sites.
Re:BYOD in the NAVY??? (Score:5, Funny)
Are they insane? that BYOD better not be any where near any nuke launcher systems
No, I don't think Apple can sue.
The iTunes app store terms and conditions only says: [apple.com]
You also agree that you will not use these products for any purposes prohibited by United States law, including, without limitation, the development, design, manufacture or production of nuclear, missiles, or chemical or biological weapons.
No development, no design, no manufacture, no production.
But no where does it say "launching". Launching should be fine.
leave the cloud to the AirForce (Score:5, Funny)
shouldn't the Navy be focused on The Wave? The Cloud is outside their jurisdiction
Re: (Score:1)
shouldn't the Navy be focused on The Wave? The Cloud is outside their jurisdiction
The Navy has more jets than the Air Force.
Re: (Score:2)
wow, that is a good point.
Re: (Score:3)
You also agree that you will not use these products for any purposes prohibited by United States law, including, without limitation, the development, design, manufacture or production of nuclear, missiles, or chemical or biological weapons.
But no where does it say "launching". Launching should be fine.
I'm not sure you understand what "without limitation" means.
Re: (Score:2)
But no where does it say "launching". Launching should be fine.
I'm not sure you understand what "without limitation" means.
Limitation means the Air Force. "without limitation" means "without the Air Force".
Certainly, the Navy knows these things.
Re: (Score:2)
So where is the EFF?
How dare Apple tell what I can and can use a device or program I own!
Re: (Score:1)
If they are not insane, they are standing inside a Somebody Else's Problem field and are unaware of the institutional inertia they will encounter. Not to mention the number of published security policy directives which would need to be rescinded.
Not only is BYOD already prohibited on systems such as you mention, but you usually can't bring your own device into offices doing planning for those systems.
BYOB in the NAVY (Score:2)
they are standing inside a Somebody Else's Problem field
What a golden phrase that is, brief yet descriptive. Thank you!
A Somebody Else's Problem field is no simple menace or obstacle, it is a projection of ill-tempered or incompetent energy. It can be intricate, beautiful or funny when viewed from a distance, like one of those biohazard crop circles [google.com]. But you must make your way through them every day. You must be wary of strange invisible energies converging at sharp edges and central lobes. And often many overlap which compounds complexity.
It's better than up to
Re: (Score:1)
Are they insane? that BYOD better not be any where near any nuke launcher systems or nuke cooling / control systems / also the same thing for any war ship control systems.
It's called BYOB in the Navy.
New Strategy (Score:3)
I guess it must be, let the Wookie win.
Steady as she goes (Score:5, Funny)
The U.S. Navy is not pleased with the progress it has made on data center consolidation and plans to change strategies.
I'm sure changing strategies will allow them to make up for the slow progress since the last change of strategy.
Re: (Score:3)
I'm sure changing strategies will allow them to make up for the slow progress since the last change of strategy.
As funny as that sounds, that may be part of the reason of the slow progress. All the way at the top, a reorganisation may look splendid, and should on paper improve efficiency and all that. But at the workfloor we all too often are then bogged down by slow decision taking at the intermediate management levels, or just very practical problems that were overlooked.
This is possibly the dumbest things I've seen... (Score:5, Insightful)
... in awhile.
First law of computer security is physical security.
If the DoD loses physical control over their system then they cannot secure them. This looks like folly to me.
I think DoD consolidated data centers is entirely reasonable and I don't know why they're shifting from that. Being able to hug the server is enormously valuable. If something goes wrong with it, then someone has to hug it. And if it isn't one of your people then that means you're giving access to a third party.
Considering how interested foreign governments are to gain access to these systems, it would be a mistake to think the cloud system is going to protect anything. We've seen repeated examples of the cloud system failing in security.
The cloud system is generally more economical. But that is its only virtue.
As to this notion that the navy has to democratize its tech... the military is not a democracy. What is more BYOD schemes are inherently less secure. If the military doesn't take information security seriously, they are going to get their clocks cleaned.
Putin for example has shifted the FSB to use typewriters that print on PAPER to secure top secret documents because they don't trust their information security. For the DoD to think they can get away with BYOD schemes, commercial datacenters, and "Democratizing" their information security means they have NO clue the sort of resources being put into breaching their systems. This is madness. Ask the NSA if they'd do any of these things.
1. The NSA runs their OWN datacenter. They do not sublet.
2. The NSA doesn't democratize their information security. They dictate it. Within their organization, you comply or else.
3. The NSA would outright laugh at a BYOD scheme since they don't even let cell phones or mobile computers or thumb drives within many of their facilities much less let their staff run around with god knows what kind of machine that has access to their most critical systems for no reason.
This is dumb.
Look, different agencies should be responsible for whatever they understand. If I wanted to run a naval battle engagement, I'd put the Navy in charge of that. If I am trying to secure government computer systems, then I would put experts in that field in charge... give this to the NSA. They know how to breach a system so they know how to secure it.
What is with the hugging? (Score:3)
It's not just you -- the article had a quote that makes it seems like there's an unknown sysadmin care bear:
I don't know about you, but we don't have our racks just standing their on their own ... they're in rows, so y
Re: (Score:2)
As to hugging, it is an expression. It means can you touch it. Not whether you can literally get your arms around the entire thing.
Point is that as a sys admin, if I can't touch a server or there isn't someone I trust that can touch the server... then we have a problem.
Cloud services are fine for non-mission critical low security work.
But if you're talking about something that is absolutely vital to your organization or contains really sensitive information... no.
The biggest sellers of data service services
Re: (Score:1)
In the past, the government used private companies for data centers in the past. However, said companies were held up to a level of standards.
However, these days, very few cloud providers are FISMA compliant, much less compliant with more stringent security protocols. There is also responsibility. Worst comes to worse, a private cloud just goes bankrupt and all that Federal data winds up being handed over to the next buyers of physical servers (yes, there is support to be DAR protection, but not many pla
Re: (Score:2)
1. Whether he was a contractor or not is actually controversial. According to Snowden, he was an agent and his contractor status was cover. So we don't know if he was a contractor or whether he was a full blown analyst and operative.
2. He didn't do it alone. It is quite obvious that he had a lot of help from other like minded people inside the agency.
3. This "crummy" comment is just a baseless insult without meaning.
4. As to China and Russia getting access to the NSA, it is quite clear that much of what Sno
Re: (Score:2)
4. As to China and Russia getting access to the NSA, it is quite clear that much of what Snowden made public was news to the Chinese and Russians so they did not have access prior to that.
That would be the expected reaction from any competent intellegence agency. Or did you expect them to release an itemized list of what they had and had not managed to penetrate? Their post-Snowden public reaction tells you exactly nothing about their pre-Snowden activities.
Re: (Score:2)
*rolls eyes*
Except for their behavior changed and their security policies were hugely upgraded.
I believe the Russian FSB moved to type writers as a result of Snowden.
So no. Your theory was amusing but wrong.
Re: (Score:3)
The Navy along with all the other defence forces form the core of major emergency services not just in war but also in national emergency. The Navy along with all the other defence forces need to be able to function upon a manual pencil and paper basis, so that when all else fails in the face of a major catastrophe, they can still function. That means distributed data systems with full manual backup of all essential command and communications structures.
Consolidating all command and communications data a
Re: (Score:2)
Completely agree.
It should be noted that the US strategic air command is moving BACK to cheyenne mountain.
The military does need to have multiple redundant fail safes.
As to consolidation... it depends on what you're consolidating.
Logistics and procurement for example don't need distributed databases. You can centralize that. YES have a backup where someone can just pick up a phone and call an order in manually or by fucking carrier pigeon. But the primary workhorse of day to day procurement and inventory sh
Re: (Score:2)
For manual systems to work, you have to practice them. Make sure the courier rider is still there, make sure the forms are still there and make sure the boxes of pencils are still there. Basically the military needs to keep manual systems going because when all else fails, part of their function is to remain functioning. Military transport vehicles at their very core should be very reliable, very fuel efficient and be capable of running without electronics. They have the bodies and keeping them busy with p
Re: (Score:2)
As to combat backups, I entirely agree. However, peace time systems don't need to be that robust.
That is to say, a system that handles accounting and inventory don't need to be as robust as the system that fires the nukes when you hit defcon 1.
Re: (Score:2)
The NSA was the first agency I thought of as well, but I thought I might be modded +Funny for even suggesting it. They know security, and they obviously know how to build massive datacenters. Why aren't they building centers for the Navy and Marines that remain under government control? For top military secrets, that seems to make a lot more sense than using commercial datacenters.
More of those "inter-agency walls" that were supposed to have been torn down under the reorganization of the Department of Ho
Re: (Score:2)
Organizational walls are a good thing. Keep an open mind. You need tight organizations that can operate independently. The walls are bad when they don't talk to each other but they should be able to operate independently of each other. When you jam everything together you tend to get a one size fits all system which is ultimately shitty for everyone. You can't run the Marines on the same system the NSA runs on... its incompatible. So the idea is to let each department work like its own little kingdom of spe
Re: (Score:2)
they obviously know how to build massive datacenters
I wouldn't be so sure about that [datacenterknowledge.com].
Re: (Score:2)
Then why is the NSA building that datacenter in Utah?
It would obviously be cheaper to run it all through Amazon's systems. No?
Re: (Score:2)
It really depends on the system.
For instance things like logistics aka buying food, cleaning supplies, tools, and so on. could all be done on COTs systems and using public data centers.
Things like how many SM-2s are down for repair is a different issue.
And then keeping things separated is yet another issue.
Re: (Score:2)
I disagree because you can infer things from what you think are meaningless bits of information.
Imagine if you were Sherlock Holmes... someone very intelligent, very rational, very knowledgable... and you were handed a long list of seemingly meaningless statistics from the Navy's various requisitions including time stamps, locations, etc. Do you honestly think that someone couldn't infer something you'd rather keep secret from all that?
Of course they could.
Which is why the bias should be to keep things secr
Government Printing Office (Score:2)
They figured out a long time ago that it was more efficient and gave better quality results to have one Government Printing Office than ten thousand printing offices - the same logic applies to IT. IT can be both commoditized and customized by qualified individuals - if the Navy needs something special, then the Government IT Office should have to acquire skills to meet the Navy's needs. Intelligence already has specialized IT systems, to handle classification transitions - hire those guys away to the GIT
Re: (Score:2)
I do agree that there should be a centralized archive of all information open to congressional audit. That said, I am okay it that is only an archive and the active databases are segmented.
I don't want to hamstring organizations by forcing their day to day operations to flow through a third party just to carry out basic operations.
I am okay with requiring them to DUMP all data from their system in real time into an archive. But the flow has to be one way. The data goes INTO the archive. The Navy systems wou
Re: (Score:2)
I don't have a clue as to all the use cases the navy needs a data center for. I really don't.
But I'm pretty sure a lot of it can be sent into *the cloud* with vendors with decent credentials. I would hope the navy ensures the cloud location and physical security. Maybe they reach an agreement to post their own navy security for particular labs? This is not an usual agreement to have a dedicated physical location for big clients. This happens with corporations. I'm sure the military could get such an agreeme
Re: (Score:2)
They're using it for a lot of things. And if I breach that system, I can monitor the Navy's activities at the very least. Having lax security is not acceptable.
And really, I don't think people are appreciating that the level of security required to keep shithead hackers out is not the same level required to keep out state sponsored cyber warfare divisions.
its like comparing a bank robber with an army battalion.
You are not giving enemy action even remotely enough respect.
Re: (Score:2)
Re: (Score:2)
... this is so mindlessly kneejerk that it doesn't qualify as human thought.
We're talking about who should design secure government computer systems.
One would think you would admit that the NSA is competent at cracking computer systems. As such, they know how to secure them as well. Which means they're qualified.
I expect you're an "abolish the nsa" type person? Well, get over it... major countries need electronic intelligence divisions.
Does the NSA need to be reformed? Obviously. should nothing like the NSA
Re: (Score:2)
Re: (Score:2)
Ed wasn't working alone... it is quite obvious that he had quite a bit of help from inside the agency from other like minded people.
Furthermore, he claims he wasn't as low down the totem pole as the NSA claims. It is quite possible he was a senior analyst/agent/operative.
Regardless, you can't stop someone that has access to your critical systems having access to your critical systems.
They either have it or they don't.
You think it will be better with corporate private sector datacenters? Come on now.
Dear Mother Navy (Score:4, Informative)
It makes me sad every time I read articles such as this. I feel the Navy has been adrift since morse code and torn tape relay were retired. Perhaps it is time for you to reconsider SPAWAR? I often wonder how they help defend the constitution against all enemies foreign and domestic. My last COTAR was obviously a spy for some foreign agency. Anyway... there are many examples of how to make big systems work and none of them are at SPAWAR. COTS can do this, other organizations do this. Why not you?
Shouldn't that be PEO-ENIS? (Score:4, Funny)
Program Executive Office-ENterprise Information Systems (PEO-ENIS). You know, for those Southern folks.
Re: (Score:2)
we had a time management system called "P.M.I.S."
colloquially, it was referred to by a few engineers as "P-MIS". "Put your time into P-MIS." "Make sure you've kept up your P-MIS project."
This quickly caught on and became common vocabulary. The new female VP even used it once in a meeting without thinking about what it sounded like.
At the same company, we had a policy of naming the PC's inappropriate scatalogical terms.
During a client training session we were watching an active Wireshark capture without a po
Re: (Score:2)
*whoosh*
You showed an unfiltered live capture of your network to clients? Not one person there was security conscious, let alone competent? It is that sort of behavior that gets many organizations in trouble eventually.
Perhaps (Score:2)
mistaken belief that all our data has to be near us and somewhere where I can do and hug the server
He wants to "do" the server. So you may be right.
Stay the Course! (Score:2, Insightful)
new recruits studying oceanography will use a MOOC (Score:2)
The US Navy are the most intelligent forces in USA (Score:3)
The US Navy are the most intelligent people in all of the United States armed forces. If they tried to accomplish an important national goal, and didn't fully succeed, then they very well should be listened to.
These people are not slackers. They are the real deal. If they're having trouble, the "cloud" industry needs to listen to them.
Re:The US Navy are the most intelligent forces in (Score:4, Interesting)
A smart person in one field does not always or even often carry that intelligence and understanding to another field.
For instance, scientists are some of the most intelligent people in all of the United States. But I wouldn't trust the great majority of them to configure a home router securely let alone run off on a tax burning mission to consolidate IT infrastructure and chase down the gold medal in 'How To Do IT Wrong And Blame It On The Technology Instead Of Admit Perfectly Reasonable Ineptitude'.
I know quite a few people in the Navy, much respect to all of them, but to attribute their ability to take on a task of this magnitude (pop pop) based on their intelligence ranking among the armed forces in its entirety isn't exactly a high bar to begin with.
Re: (Score:2)
FYI you argument is inane, because you do not know the great majority of scientists. Thus your judgement is meaningless.
Re: (Score:2)
Navy Trekkies (Score:3)
Space and Naval Warfare Systems Command (SPAWAR, in other words "Space War") had a problem fulfilling The Next Generation Enterprise Network (NGEN) contract? I think the Navy Trekkies are in control of the acronym office!
In other news... (Score:2)
Re: (Score:2)
That's 245 Fewer (Score:2)
Well, that reduces the targets for an enemy by 245.