For decades, the U.S. intelligence community has been known for its highly classified work, secrecy and insularity. In recent years, the increasing need for information sharing, interoperability with mission partners and industry collaboration have prompted IC leaders to adapt and take a closer look at where classification is needed — and where it’s not.
Mark Andress, CIO of the National Geospatial-Intelligence Agency, revealed that NGA is undergoing a meaningful shift toward unclassified work. For an organization that has historically dealt primarily with classified information, this marks a major change for the agency.
“As you look at our contracts, you’re going to see a lot of work that may require cleared people, may require working in SCIFs, but you’ll still see most of it is unclassified development that you can move up,” Andress told a GovCon industry audience during a panel discussion at the Potomac Officers Club’s 8th Annual Intel Summit.
“You’re also going to see a new emphasis on purely unclassified — unclassified contracts with unclassified development and production in a completely unclassified environment — in accordance with our pivot,” he added.
Andress highlighted NGA’s Moonshot Labs initiative as an important effort aimed at “establishing a cycle of innovation in unclassified development.” The 1,200 square-foot workspace allows academia, research partners and NGA employees to collaborate more easily on unclassified work. Andress said Moonshot Labs is “charting the path for how we want to do things in the future.”
The move toward unclassified work was catalyzed by COVID-19, as government agencies had to move quickly to figure out how to accommodate thousands more users on their unclassified networks. The Defense Intelligence Agency’s CIO, Doug Cossa, said that this rapid migration to unclassified networks sparked a “dramatic shift to the development of software” as well.
“It’s no surprise to many that not only do a lot of our IT efforts start in the unclassified side, but so does intel. Intel really starts as unclass, and then we form it into intelligence on the high side. That has evolved a lot over the past decade, but even more so over the past two years to where we really had never thought about doing the bulk of our software development on the low side before,” Cossa explained.
As the DIA began adapting to software development on the low side, Cossa said the need for validating users and understanding who was touching the agency’s networks increased, and so did the need for making cybersecurity easier to use for employees.
Cossa said, “When we think about this new environment a lot of it comes down to just making it an easy process. Where do we remove that friction to make sure individuals follow it? If we have too much friction in the process, if it’s too difficult to follow, our users will find another way and ultimately make our environment less secure. And that’s really the challenge. But when we think about software development in particular, it’s how do we build cyber security at the front end rather than the traditional way of thinking about it.”
Kathy Talman, senior director of Defense/IC Systems Engineering for Splunk, gave her fellow panelists and the in-person audience some recommendations for how industry can better support IC agencies during their shift from classified to unclassified work and vice versa.
“One of the things that industry can do is we can take our tools that are available on the low side and get them certified to operate on the high side. That comes with a little friction and some challenges, but it can be really meaningful so that you can even do that development on the high side,” shared Talman.
“Another thing we can do is we can really monitor and characterize our applications. We can apply the observability tools to them and understand how should this application that I’ve developed on the low side operate? If I can monitor how it can act using tools on the low side, then I have a baseline for how it should operate on the high side,” Talman continued.
To learn more about intelligence and how it intersects with defense, join our sister platform, GovCon Wire, for its Second Annual Defense and Intelligence: IT Modernization Forum on Oct. 26. CIA CIO La’Naia Jones is slated to keynote. Register here.