CIA Chief Information Officer La’Naia Jones said that the intelligence agency is moving from “a kinetic to a cybersecurity" mission.
Jones was speaking at Oracle’s CloudWorld event in Vegas today in a rare public outing for the CIA’s CIO, who was appointed to the role in 2022.
She was on stage with Oracle CEO Safra Catz, who revealed that the CIA was Oracle’s “first customer” back in 1977* and said the agency was “our design point; you are our toughest customer and you teach us so much.”
CIA CIO La’Naia Jones, who started her career as a database administrator, said: “What keeps us together? I want to highlight security.
"This is a shared mission space. It is too big and too hard to do by ourselves. Security is just as important to Oracle as it is to the CIA.”
CIA CIO: “We want daily data-driven decisions”
Jones, previously at the NSA, is responsible for IT systems and global communications networks at the CIA.
She took over as CIA CIO from IBM veteran Juliane Gallina, who is now a deputy director at the spy agency.
The CIO, predictably, did not speak in great detail about the CIA’s technology challenges or infrastructure environment.
“It’s no secret that… the way that we want to use data to help to augment our intelligence decisions has evolved” she emphasised, however.
“The cyber landscape every day is evolving and getting worse and worse.
Join peers following The Stack on LinkedIn
“So we want to be able to have the daily data-driven decisions, whether for the enterprise, for larger landscapes all around the world, and even for locations that might be one or two people… we want to be leaders in AI as well. It can help to operate our missions… with supply chain, to cyber, to finance, community resources.
"We're no different than others" Jones added.
“We want the translation capabilities. We want to be able to do summarisation. We want to be able to look at vast amounts of raw data.”
CIOs warn on C2E contract issues
The CIA, like most IC agencies, has a heterogeneous IT landscape – and when it comes to the cloud it is not just an Oracle Cloud customer.
It started its “cloud journey” in 2013 when, after weighing bids from AWS, IBM and an unnamed third vendor, it awarded AWS a $600 million contract over a period of up to nine years. (The decision was challenged by IBM but later upheld.)
The CIA then brought AWS, Google, IBM, Microsoft, and Oracle into its expansive Commercial Cloud Enterprise or “C2E” contract back in 2020.
(Procurement documents issued by the CIA in 2019 suggested that this C2E contract would be “tens of billions” of dollars over the next 15 years.)
See also: UK’s spy agencies grapple with IT modernisation– as GCHQ ramps up hacking capabilities
The C2E procurement framework lets the five cloud providers compete for work across US Intelligence Community (IC)*’s sprawling set of agencies.
But IC CIOs warned in a joint May 2024 IT roadmap that the C2E’s five cloud providers were not pulling in the same direction. They are, it said, “competitors, not teaming partners” and this was becoming an issue.
“Significant mission and cost implications”
“Each of the C2E CSPs offers unique ‘best of breed’ capabilities,” the IC IT roadmap – introduced by Director of National Intelligence Avril Haines and Intelligence Community CIO Dr. Adele Merritt – highlighted. However:
“Enabling IC elements to optimize the respective strengths and unique capabilities available through a properly architected, multiple cloud infrastructure is essential. But these vendors are competitors, not teaming partners…. The cloud evolution is a delicate balancing act that will present technical, operational, and acquisition challenges as time goes on, that, if not addressed, may have significant mission and cost implications.”
The IC community needs to “rationalize the approach to an optimized multiple cloud environment” the IC report noted.
It said agencies like the CIA need to “shift from an organization- and system-centric paradigm to one that is data-centric; preserves organizational equities, authorities, and rights; implements legal/compliance frameworks; and enforces security.”
This is, of course, aspirational. The document is a “vision” and not an implementation plan.
But in highlighting risks around multi-cloud siloes and interoperability obstacles, as well as around the CIA and other IC agencies’ use of “unseen IT” it raises important (and familiar for many enterprise CIOs) questions.
Read this: AI is helping hyperscalers “burn” customer money: In the real world, CIOs, spies fret
The default and understandable approach to operate in high degrees of secrecy can, on the IT front, "lead to complacency," the roadmap noted.
"The IC must work together to address antiquated systems, processes, and policies; and overcome cultural barriers…” it added.
The biggest headache for the nation’s intelligence agencies, it concluded, was also familiar: data siloes.
“Today, too much of the IC’s data is stove-piped and not accessible, interoperable, or reusable across an individual organization, the IC, or with partners. It is often locked in secure networks and systems, taking on the classification of those systems and keeping intelligence-sharing a cumbersome challenge.
The volume of intelligence data, however, is growing exponentially, from terabytes to zettabytes. In addition, IC data is not systemically tagged, cataloged, and conditioned, which limits the use of modern methods and new technologies”
Notably, Safra Catz’s keynote with the CIA’s CIO was set to be followed by one that featured Oracle President Larry Ellison and long-time rival AWS’s new CEO Matt Garman on stage together, as Oracle builds on a series of hyperscaler partnerships that are bringing it database and Exadata offerings to the heart of AWS, Azure, and Google Cloud data centres.
Whether pulling Oracle databases (that have heavy dependency on Oracle for hardware deployment and maintenance) into AWS or any of the hyperscalers will help tackle the IC’s stove-pipe challenges is an open question; these are cultural and regulatory issues as well as tech ones.
But with its new Oracle Database@AWS as well as its @Azure and @Google Cloud alternatives, Oracle is signalling clearly that it is listening to some rather large, cash-rich and influential government customers.
*The firm's name reportedly came from a CIA project code-named Project Oracle; Oracle’s co-founders worked on that project at a consulting firm in 1977, before striking out on their own.
** Capital “I”, capital “C” and referring here to the 18 US intelligence agencies which have a combined budget of over $101 billion for FY2025.