The US military believes that cloud computing is a shared computing resource pool that can meet the rapidly changing needs of users at any time. By building a cloud environment, military data processing advantages can be ensured, thereby ensuring military advantages in the digital and physical worlds. The US military believes that its cloud technology for joint operations needs to achieve technical security standardization, adopt the Department of Defense hybrid cloud model, actively adopt the most cost-effective commercial cloud solutions, solve existing cloud migration problems, plan for future cloud capability generation, and ultimately achieve Cloud capabilities serving joint operations.
A review of the basic concepts of the US military’s cloud capabilities
Cloud shared pool.The concept of cloud shared pool fundamentally explains the advantages and development trends of cloud technology. According to the National Institute of Standards and Technology, “Cloud computing is a pattern for enabling a ubiquitous shared pool of configurable computing resources (such as networks, servers, storage, applications, and services) for use Users access the network on demand, and these resources can be quickly provisioned and released with minimal management effort or service provider interaction." The complex definition of cloud computing fails to highlight a key benefit of cloud computing as well as a key security risk: the shared pool. From a user's perspective, the cloud shared resource pool is an unknown "cloud". Because of the existence of the shared pool, the security risks brought by multiple users, multiple interfaces, and multiple interconnections are more prominent than in closed systems, but it also makes the advantages of cloud technology more prominent. The advantage of cloud computing is to release hardware potential through "economy of scale", reduce system costs, and deeply explore the benefits of computing power, algorithms and all-source data.
Cloud service method.Generally speaking, cloud services can be divided into facility services, platform services or software services based on system models and service methods. These three complement each other to provide users with more services, the ability to operate, maintain and protect their data and services. Facility services are usually targeted at the user's perspective, that is, the cloud platform integrates and reconstructs service processes on the server to provide cloud users with services in the form of cloud facilities. This service method can reduce hardware costs, realize hardware hosting, reduce the number of facility operation and maintenance personnel, and improve server usage efficiency. Platform services are another model of cloud services that enable operators to assume more technical functional roles and further reduce users' tasks in configuring, managing and protecting information technology services and data. Under this model, operators provide users with hardware facilities such as operating systems, databases, and cloud servers. Finally, the software service model is a comprehensive outsourcing cloud service model. In this model, the supplier provides hardware, virtual machine software, operating systems, management and control systems and applications, and users only need to control the applications to obtain the required cloud services.
Cloud service method
Cloud deployment model.National Institute of Standards and Technology Special Publication (SP) 800-145 "Definition of Cloud Computing" identifies four deployment models of cloud computing: private cloud, community cloud, public cloud and hybrid cloud. The difference between the four cloud deployment models is mainly the difference between ownership, deployment and management. The US military's cloud deployment model generally adopts a hybrid cloud model.
According to the U.S. Department of Defense Cloud Strategy and the Department of Defense Cloud Computing Security Requirements Guide, the U.S. military’s cloud deployment model can be divided into “on-site cloud” and “off-site cloud” based on permissions and usage environment. Among them, on-site cloud mainly uses dedicated facilities to process confidential information, while off-site cloud focuses on sharing and utilizing common infrastructure. The U.S. Department of Defense Information Systems Agency divides cloud security model applications into four levels based on the level of information impact, namely "IL2", "IL4", "IL5" and "IL6". The higher the level of the cloud security model, the more inward the usage scenarios are.
Cloud Security Model Information Impact Level
The background of the US military’s development of joint operations cloud capabilities
Due to its huge size and mission pressure, the U.S. Department of Defense faces significant opportunities and security challenges when implementing a cloud computing environment. As technology matures, the development of information technology of the U.S. Department of Defense is uneven. Applying cloud-based digital infrastructure can provide the Department of Defense with significant cost savings.
The U.S. Department of Defense Instruction 8500.2 points out that the current U.S. military information system architecture cannot achieve complete trust in information technology, information users, and control interconnections. This has resulted in the Department of Defense having to pay attention to the security of information technology, the credibility of interconnected systems, security threats, and concerns about the risk of vulnerabilities. At the same time, data shows that the U.S. Department of Defense and its affiliated units have more than 2,500 data centers. The decentralization of data for joint operations data support and utilization has huge drawbacks. Therefore, the biggest problem in developing military cloud technology is to achieve operational support while controlling security risks. The purpose of the U.S. Department of Defense's technology development is to provide a Department of Defense-specific cloud computing environment that can provide core information technology services and data storage for all its units to achieve its cloud computing strategic goals.
Previously, due to the failure of the U.S. Department of Defense to implement a unified cloud strategy, service isolation was an important realistic background for the U.S. military to develop cloud capabilities. In 2008, the US Navy released the next generation enterprise network and began to integrate the Navy/Marine Corps intranet. In 2008, the US Defense Information Systems Agency developed the "Quick Access Computing Environment" to provide services to the Department of Defense and its affiliated agencies, which is also considered the beginning of cloud facility services. The Air Force's goal in developing cloud technology is to integrate more than 400 internal networks within the Air Force to form an Air Force internal enterprise network. In 2014, the U.S. Army released the "U.S. Army Enterprise Cloud Computing Reference Framework" to improve cloud computing methods and efficiency and integrate the joint information environment and ground warning network. In August 2014, the U.S. Department of Defense announced a partnership with Amazon Web Services to allow it to process and store unclassified data. In 2015, the U.S. Army released the Army Cloud Computing Strategy to integrate data systems, platforms and applications. In 2018, in order to get rid of the "siloed" situation of cloud development for each military service, the US Department of Defense issued the "DoD Cloud Strategy" to coordinate the development of military cloud capabilities.
U.S. Department of Defense Enterprise Cloud Strategy
The current status and goals of cloud technology application in the US military
The U.S. Department of Defense believes that it has numerous distributed and chimney-shaped information systems, which is not conducive to its understanding and response to new security threats. It also has an important negative impact on joint operational command and control, information support, decision-making assistance, and firepower coordination. In 2018, the US Department of Defense released the "Department of Defense Cloud Computing Strategy", which summarized the experience since 2013 and proposed seven strategic goals and guiding principles.
The dilemma of cloud capability development.The U.S. Department of Defense believes that the current development status of the U.S. military’s cloud capabilities has the following important issues. First, the development efficiency of the US military’s cloud capabilities. The US military believes that the current procurement of information technology physical facilities is based on maximum demand, resulting in most information infrastructure being idle; secondly, the security of US military cloud facilities is insufficient because most of the software and hardware of cloud facilities are produced and operated by external contractors. This will transfer security risks to contractors, and overly strict procurement policies and procedures will directly affect the development speed of cloud capabilities; thirdly, there are difficulties in the generation and integration of cloud capabilities. The U.S. Department of Defense believes that it currently does not have clear guidance on cloud data, cloud systems, cloud development, cloud migration, and cloud adoption. This has resulted in the development of the U.S. military's cloud capabilities being fragmented and there is a disconnect in the implementation process; then, the application of cloud technology requiresData Security, system security, emergency response and other "cloud-ready" capabilities, the current US military's ability to demonstrate "cloud readiness" and rationalization of cloud systems urgently needs to be strengthened; finally, the development of the US military's cloud capabilities needs to be closely related to artificial intelligence strategy, data strategy, cyberspace The strategy must be consistent so that cloud capability development can be targeted and forward-looking.
Cloud capability development goals.The strategic goals of the U.S. military in developing cloud capabilities include: significantly improving cloud capabilities, setting some phased cloud tasks for national defense, actively responding to network challenges, achieving information and data transparency, providing tactical command for edge combat groups, and leveraging the elasticity of cloud technology to promote the Department of Defense The realization of information technology reform.
In order to achieve the above-mentioned cloud capability development goals and build elastic, scalable, safe and reliable cloud capabilities, the US military released the "DoDcyber securityGuidelines", the U.S. Department of Defense Information Network deployed cloud access points from the Defense Information Systems Agency and the Navy, and introduced commercial cloud enterprise services military cloud technology. Specifically, the US military has successively launched projects such as "Military Cloud", "Military Cloud 2.0", "Jedi Cloud" and "Joint Enterprise Infrastructure Cloud" to achieve breakthroughs in cloud capabilities. The U.S. Department of Defense believes that the U.S. military is currently developing towards a hybrid model of general cloud and proprietary cloud, and U.S. military data and applications will continue to migrate to the cloud to better support operations and other military tasks.
Divide cloud tiers based on cloud capabilities.The US military has always attached great importance to the hierarchical construction of cloud capabilities and strives to achieve global networking and information coverage by strengthening the advantages of tactical edge clouds to support its global operations, rapid response, and flexible combat capabilities. In order to extend the advantages of cloud to the tactical edge, the US military's cloud computing capabilities are divided into fixed cloud, mobile cloud and tactical cloud according to scale and level. Among them, fixed clouds mostly rely on large operational centers or large data centers. Mobile clouds are mostly built using large-scale combat platforms. The tactical cloud mostly adopts a flat structure to ensure the establishment of network, command and control and communication systems in harsh battlefield communication environments.
Cloud level division
Dividing cloud levels based on cloud capabilities can achieve cross-domain collaboration, high degree of integration, and natural gathering and dispersion in various domains such as land, sea, air, space, network, and cognition. At the same time, the division of cloud levels can take into account the mission requirements of various combat elements such as command and control, situational awareness, decision-making and deployment, fire strikes, etc., and can also meet the cloud capability needs of combat edge units. Thirdly, hierarchical deployment of cloud systems can not only ensure the scale effect advantages of cloud computing, but also ensure the high elasticity, modularity, and decentralization capabilities of the cloud platform. Finally, hierarchical cloud systems can effectively support the development trend of data-driven intelligent operations.
The trend of the US military developing joint combat cloud capabilities
In future military struggles with major power competition as the main scenario, cloud capabilities will play a supporting role in shaping the advantages in the three major links of "perception", "understanding" and "action" in the joint operations decision-making cycle. At the same time, joint operations cloud capabilities can accelerate data-driven command and control processes.
first,Joint operations cloud capabilities based on cloud computing can utilize the intelligence sensors and information sharing network of the joint data architecture to sense and integrate battlefield data from all time and all domains, supporting commanders and mission forces to gain situational awareness and decision-making advantages. The cloud platform provides integrated information technology solutions from high-level decision-making to comprehensive situational awareness, and from the core of the battlefield to the edge of operations, to create a superior joint force. Another advantage of joint operations cloud capabilities is that artificial intelligence and machine learning technologies can be used to directly extract, merge, and process massive amounts of all-source data from digital infrastructure. In the specific operational aspects of joint operations, the advantages of cloud capabilities can ensure the realization of a safe, reliable, flexible, and decentralized command, control, and communication system, ensure the rapid and accurate communication of decision-making and deployment, and can also enable key data from the edge of the battlefield to be transmitted back to cloud.
Secondly,Another trend in developing joint operations cloud capabilities is the use of artificial intelligence/machine learning technologies to improve data-driven military decision-making processes. Data-driven military decision-making processes can revolutionize command and control processes such as "pre-authorization" and "conditional authorization." The command and control system based on cloud capabilities is good at handling massive battlefield situations with simple logic and clear conditions. Joint combat cloud capabilities are expected to supplement commanders' shortcomings in experience and education capabilities and supplement the massive knowledge required for combat command. In addition, joint operations cloud capabilities can unleash the potential of all-source data, tap into real battlefield conditions, and promote command decision-making that takes both subjective concept-driven and objective data-driven collaborative development into consideration.
at last,The development process of the US military's joint combat cloud capabilities was hindered after the cancellation of the Jedi Cloud project. But in 2022, the US military is seeking to promote an enterprise cloud project called "Joint Operations Cloud Capability." The project was bid by four companies: Oracle, Microsoft, Amazon and Google. The project strives to improve the security, data flexibility, scalability, interoperability, integration and compatibility of the US military cloud system.
Original article by Chief Security Officer, if reproduced, please credit https://cncso.com/en/cloud-based-joint-operations-planning-in-military-intelligence-automation-html