Bestand wählen
Merken

DevOps in the Intelligence Community

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
I will thank you get in everyone and I think you for joining me today maybe you Scheffer and here there is a little bit of the effects of this so problem I'm really excited to share historical you in my name is Michael Crichton and the topic like the here is that I don't want need all of me words frequently known as the ICE others presentation would be possible without all the rest of the team and I do my own knowledge all those on the red line and I apologize if if I forgot what it was so a little bit
about myself I been a software systems engineer at a corporations here for about 9 years later for those that are familiar is a not-for-profit company about the charter 1958 work solely in the public interest of irony only operates was known as federally funded research development set of nodes that are in use of a set of them and they include things like the National Security Engineering Center sponsored by the US Department of Defense and the National Cybersecurity Centre of Excellence sponsored by the US Commerce or its nationals to decide on standards technologies frequently on this sitting the common characteristics of my where did these services 1 the spirit of innovation intuitive understanding of the principles of systems engineering we do work for other of parts of the government including the parents of there is always unity foliation administration and others to so what about who is
energy and what they did and GA stands for the National Geospatial-Intelligence Agency so no is a little higher than between Geospatial-Intelligence of that utterance of others and yeah that other member of the US intelligence community and the part that's and GA delivers world-class Geospatial-Intelligence frequently noticed unit that provides the size advantage policymakers warfighters intelligence professionals 1st responders and yet there's a lot of things like this is the humanitarian disaster relief efforts by working directly with the lead federal agencies respond fires floods earthquakes landslides hurricanes and other natural or man made disasters are so during the spot for example for the Polish radio it 1st responders locate areas that some of the various season or in some of the challenges that they encountered while trying to navigate the country do I mentioned that they have to have encountered there also have large social media presence so all 1 example they were talking about just before was that they did this because yesterday all geocaching poking marker solely to the to keep up with the trends the well so you want to learn more visited the properties of they also have a website and you have no so I that it so I might as well as in policy was that they trusted advisor at systems this year data for energy and rest for government sponsors the Over the past few years we parted ways of responses to tackle some of those challenges and topics that emerged technical set we are asserting that don't cost cloud for our internal work programs we want to light about states will start using shuffle core and flooded the structure violence I myself using Scheffer 3 reuse remember a couple of data that the structure so those companies are very proud of this on the back stage you will read think so all this is starting to come together and best practices that we want to apply to enhance human solutions for an age we also saw the value making these best practices abstract scale so they become reusable as an right service as a part see goal is to share and discover the largest community including us here chef so agencies in the government
started to share a lot of the traditional were close to the class a lot of this momentum was sparked by the White House in the US Digital Services Playbook as dimensions things like taking a class of 1st approached IT always that exactly meaning out that will result from the era of means taking those workloads ingredients of a fire so might as well as be pathfinder we had an existing program that was called the Integrated Analytic Environment it's something that's in production is very small project right now will use is bonus I using think that smaller limitations as trailblazers for determining the effort needed to move in architecture from traditional conference environment to cloud-based model and what we did is we didn't want us to lift shit we want to use all of the great benefits that cloud instance those things like the green the points of view architectures also get and what we didn't really architecture is the 1 that we want to work so hard processes test security and doing the pathfinder allows us to figure out what some those challenges are so that you don't work back and home on projects that they were on a journey to clarify so the transition to the cloud people the opportunity to work in a green field work as well so related to some of the best of deployment development practices evolving right up there with the let's start from scratch we also have an opportunity here to include things like continuous iteration continues literary and your previous work which naturally trajectories configuration management tool choices we started half at the same time we start looking leveraging the wisdom of the open source community so for example in August 2015 and you want something called it you can find a project of agencies light energy and the competitive world commercialize Geospatial-Intelligence operating in at half open often tell were friendly environment the project is aimed at answering research questions using only tools data information technology and services available in commercial and open-source world in 20 16 to the current projects where the stock market outside included the social media explorer which is machine based learning to cluster similar images and that's just 2 examples of that you that we were so that's all well and good right while rocks
it's not going to do great things well that's a much yet around working with the federal government here and there's a lot of many challenges so generally speaking in order to get softening point to the production environment there are a number of kernels and each of the so 1st of the service of the user due to laws and regulations so that things like here then so other regulations on the strength of contraction so for example every time you want to avoid a software system or change a major component we need to go over an apposition accreditation process a lot of by various requirements we also have challenges with things like close disconnected highly viable virus and working with those is an ongoing challenge all of this and more our various things that we have to work in the space of 101 of the areas that security plays a huge role in this and ensure that we satisfy controls that business special politician even at the grave ovary were so once we have approval to operate is not just that that's not and the story changes the environment sometimes require restarting the whole processes so cases so you something that's that that's a very challenging requirement is that the world trade center another 1 is something very different from industry some government programs have quality spending money on certain things and have applications in context and say for example if a research-and-development all another line item killing him for operations that means so the bottom merge these 2 cultures and but just get at 1 forget messages something that we're still working the this the so here's our methodology that we started off what you lecture for deployment provisioning hardening losses and the verdict was this idea built low income learning by that it was started in an open environment was starting in testing the there and removing to staging area where are we have a disconnect is similar system so you want to various parts of the have something to say that the see that to user in allow the internet access so our target environment are in our was 1 those close hundreds viral networks so we start by testing those open environments that they follow was much possible but the benefit of doing this and open science that he has access to additional personnel and tools so for example you forgot 1 region this remarkable and determine its major break information repackaged about and the working on something that would be a 1 close network if our mind little there 1 of the other things that we did in our methodology was very quickly so as soon as new features are and became a old chart promote them into our as possible while while we working on this we will try also works something like people work and security accreditation parallel we're trying to find ways of solving security assessed and all doing this we want to engage with test assessment fees is possible so they can be on the work of our process culture the so here's the higher the constructors the structure of a constant you're not following and the best practices of rapid codebooks we separated out some of the most common components to roughly the same thing over and over again for will be deemed to be what's but we have a lot of projects this entation in this case this is where the like that in the long so so the principles and things like catching hardening the base operating systems all over the system requires that we some very common suffer so they hatch time that minus SQL pose some of those applications have additional guidance according to insecurity program of of those based on what we saw was a symbol that every all those common components into roles and all those 1st 3 boxes top those are all reusable components the enterprise wide solution manager and universal that we can get the authority to sign off on the components of the project only has to look at the last possible on the land and buildings Accreditation package for the program so we want to know that this
claim and maintain trust over time so working hand-in-hand with the wine and variation than the process of getting lot experience a lot of what you see in the security minus the validation of various controls so with that in mind we can validate our axioms unstressed such codebooks recipes they generate reports the security staff can assume Martin environment for compliance and environment changes from say a newly discovered probability we can update those script so that the validation checks the test security toolchain configuration management systems allow for direct and real-time analysis an hour of your and no threats so that like inspected known as a pair with configuration management systems obvious full provide 2 way to enable continuous recording remediation and validation of assistant vise on everything and build up the the content of the diffusion and this system instead libraries also allow for active mediation rest systems being built for those already deployed production a lot of processes and procedures ensuring tendering consistent execution allowing for single in the building and then were each so our approach was to machine image managers lecture and have monitored by inspectors surveillance security configuration profiles line out of both classes and it was also the security profile so these models for while searching and a keynote or maybe something else that we wrote it past this captures all the required security controls the profile and the application profile together the next step is then to link those controls to co so the
security environment and viruses getting into share and associated files for what they cover so we can maximize share of a relief for specific troll this allows us to get a full accounting of the active mediation and also allows us to do quickly and easily build new profiles looking at this diagram on the right you start to see that the based on the bottom layer on well-defined profiles queries these for there you deploy your application stack and then perform a full steganalysis possibly with additional annotations specific profiles so from securing respect this analysis looks very similar to that you're approaching have also has the success of our working at the lens instead so we've
been actively working which developing that inspection just like to writing a number of control such as the example that we see here on screen so this example right we have defined control that maps to a number of different published guidelines in this case we have an essay stating that period we'll it has for control in this example we're looking at this last these last year 2001 policy extended as listed and what the work which is about the notion of texts so we intend to control that other products for example is an instance dessaline so we can execute all of these validation checks and when we do this we get our work that has a system that public criteria security assessors are more familiar furthermore the inspector control allows us to reduce the control of specific school and severity score and so depend on agencies criteria this allows for the weekly quantifiers curiosity and all these things in the world and share price and visualize all these things also providing all the necessary information for security assessors looking at this was the leading to a future about varies constant so things like 10 share many query reporting enhance your recording studio surely index support coverage and concepts profile attributes or sigh profile and test results are all things looking further down the horizon is based on the price per so the automated security compliance is well on its way change using the revisit the issue of closed disconnected networks the idea is to develop an implementation of continuous integration Continuous delivery pipeline that spans multiple security domains supports frequent error durations and higher velocity allow sharing a common components economies develop they can be done other security domains includes a man were used as an automated security assessments and the end goal of improving overall software quality bearing talking released from work in the disconnected and you get worse and know inspired by 60 challenge that we know the story so it is hard to bring all those things into our ecosystem our resolution is to get the accreditation process to a point where we can operate these private clouds in high viral networks is still taking components from the community is shown on the left are in our automated security inspection coupled with other research tools such as test kitchens food credit plays a huge part of making this yet robust but that doesn't mean shift everything's that we saw after manage version and special changes modifications that in other than other features that on societies that so which leads me to the partial synchronization problems sometimes changes have distance I have done I say that is all I got was done about 20 % those changes because there's something very specific that happens that in that domain and report customization and the other universities well developers in general easy so this creates problems when you have a partially synchronous repository 1st off huge assumption that was that there is 1 common language that would have been otherwise it that you have lost but even so isolated and we resolve our conflicts sometimes fully understand and I have prompted version of coaxed so for example suppose any change to codebook it is connected so that public version of to end on the version I run alongside or directors were 2 different versions of codebooks now for something had really figured out what the practices so so that the so right now as managing multiple clouds the different tools in different support systems for that pretty much we actually very to to shut servers to get last year records of the ideas so we know we have all these development environments and support tools we encourage people to contribute to the open set of open source I must absolutely necessary otherwise the open source development will feel that out also working with our share recipes for making heavy use of actually suggested virus don't have to modify those recipes whenever possible the producer for an argument prosperous these codebooks getting standard proof and weight and then after all that dealing with emerging branches and pull request even so doing all that manual of mental status change so that we need to accomplish the worst case so we need to make sure that we have all of our dependencies and make sure that all that who works before we move up nothing is more frustrating getting a package that encoded on a syntax error and the process all over the so looking at the major principles of the Passover exhibit given about half them so far as the next step is to refine the business processes and the chance of the rest those boxes we'll never manuals that I mentioned so the 1st the 1st items turned in a lot of animals that tournament autonomous test but leaving provisions in place laughter station and peer-review were approvals and say Automated Test have your money instrumentation to each step the process the what we want to establish quantity baseline using current metal methodology so that we can measure the improvements of business process for leveraging things like the Western tells of the development of a set of the service they have was acting up and he said you try troubleshooting actually gave up is e-mail to me he said yeah I I get to the top half an hour and status for the new instance in in my services of various from listening right as only by a few this is a great success story we need to work this trying changes in place is something that will also work so what we learned from requirements from changes so as we have required for a feature component we could work was because the sovereignty and trace back to requirements we need to adhere to things like the Federal Acquisition power-relations listening for larger cultural shift you still have contractors in contracts there were just research development we have noticed that the working operations in some cases just because the contract or parts were were holding to change of this so it is little standardization process but we still have a ways to go so do I do cooperate Gabriel down Federal Acquisition you just start to see the surface and it really quite so it's so process that requires a lot of thought and exercise and bring things like cannot into this class the so the political events as well so sponsor or sponsors and reduced security groups have to follow more traditional security British model and is still significant manual tasks are really want yeah security teams comfortable with a friend the process rather than the end product and getting a little bit of lines from the top isn't designed for the predation those who works with the internal challenges and things like automated phone numbers to close the source code which is invariant under the rituals such as Jane survey and whole repositories and executes tests so agency ICT stuff and making a lot tools available close environs following debugging and no 1 here unless has resources challenges that we learned in the quantum way so that the user what is this summit doing it's very small so very very small in the work of oriented water technical these people get really excited about some of these challenges of writing out as a lack of understanding of the concept about cloud chess retraction that value in the better that also become more popular in the organizations more widely accepted so at the end of my story so far and the doubts archery encourage you to join the we do have a presence on get out and so far we have you books only there and working on putting up a few more this summer at perjury judgments by e-mail or accusing others of their and so that's going to thank you for your time and attention and we happen to have this on your questions and also in some of the older words so your questions of point so once again but they do have no further questions and also the choice of words that you get the time from the rest of the few
Soundverarbeitung
Bit
Wort <Informatik>
Kombinatorische Gruppentheorie
Gerade
Web Site
Betragsfläche
Natürliche Zahl
Dienst <Informatik>
Eins
Unternehmensarchitektur
Open Source
Knotenmenge
Einheit <Mathematik>
Software
Endogene Variable
Vererbungshierarchie
Optimierung
Datenstruktur
Softwareentwickler
Metropolitan area network
DoS-Attacke
Zentrische Streckung
Softwareentwickler
Kategorie <Mathematik>
Abstraktionsebene
Systemtechnik
Systemverwaltung
Programmierumgebung
Physikalisches System
Energiedichte
Dienst <Informatik>
Menge
Twitter <Softwareplattform>
Flächeninhalt
Mereologie
Hypermedia
Speicherabzug
Cloud Computing
Charakteristisches Polynom
Streuungsdiagramm
Aggregatzustand
Standardabweichung
Einfügungsdämpfung
Nebenbedingung
Iteration
Datenmanagement
Gesetz <Physik>
Raum-Zeit
Dämpfung
Abgeschlossene Menge
Computersicherheit
Speicherabzug
Kontrollstruktur
Analytische Fortsetzung
Auswahlaxiom
Gerade
Regulator <Mathematik>
Softwaretest
Addition
Sichtenkonzept
Datennetz
Computersicherheit
Gebäude <Mathematik>
Biprodukt
Kontextbezogenes System
Dienst <Informatik>
Translation <Mathematik>
Ordnung <Mathematik>
Cloud Computing
Programmierumgebung
Instantiierung
Klasse <Mathematik>
Abgeschlossene Menge
Analytische Menge
Dienst <Informatik>
Unternehmensarchitektur
Virtuelle Maschine
Open Source
Informationsmodellierung
Iteration
Datennetz
Inklusion <Mathematik>
Datenstruktur
Parallele Schnittstelle
Green-Funktion
Open Source
Raum-Zeit
Symboltabelle
Office-Paket
Gamecontroller
Streuungsdiagramm
Impuls
Prozess <Physik>
Punkt
Informationsmanager
Kartesische Koordinaten
Kernel <Informatik>
Internetworking
Datenmanagement
Parallele Schnittstelle
Nichtlinearer Operator
Konstruktor <Informatik>
Prozess <Informatik>
Ähnlichkeitsgeometrie
Programmierumgebung
Arithmetisches Mittel
Konfigurationsverwaltung
Hierarchische Struktur
Datenfeld
Projektive Ebene
Information
Message-Passing
Codebuch
Computervirus
Quader
Hausdorff-Dimension
Gruppenoperation
Zahlenbereich
Systemprogrammierung
Software
Inverser Limes
Zusammenhängender Graph
Optimierung
Softwareentwickler
Grundraum
Bildgebendes Verfahren
Implementierung
NP-hartes Problem
Autorisierung
Streuungsdiagramm
Konfigurationsraum
Physikalisches System
Integral
Design by Contract
Beanspruchung
Flächeninhalt
Hypermedia
Mereologie
Computerarchitektur
Unternehmensarchitektur
TVD-Verfahren
Prozess <Physik>
Gemeinsamer Speicher
Programmverifikation
Datenmanagement
Kartesische Koordinaten
Textur-Mapping
Code
Minimum
Computersicherheit
Notepad-Computer
Analytische Fortsetzung
Gerade
Softwaretest
Umwandlungsenthalpie
Addition
Prozess <Informatik>
Computersicherheit
Gebäude <Mathematik>
Profil <Aerodynamik>
Übergang
Programmierumgebung
Biprodukt
Algorithmische Programmiersprache
Softwarewartung
Konfigurationsverwaltung
Ebene
Bilddatenbank
Rechter Winkel
Reelle Zahl
Cloud Computing
Programmierumgebung
Prozessautomation
Codebuch
Computervirus
Explosion <Stochastik>
Kontrollstruktur
Betragsfläche
Stab
Klasse <Mathematik>
Mathematisierung
Keller <Informatik>
Gebäude <Mathematik>
Dienst <Informatik>
Virtuelle Maschine
Physikalisches System
Datensatz
Widget
Programmbibliothek
Inhalt <Mathematik>
Konfigurationsraum
Analysis
Konfigurationsraum
Validität
Physikalisches System
Elektronische Publikation
Keller <Informatik>
Benutzerprofil
Diagramm
Gamecontroller
Axiom
Verkehrsinformation
Textur-Mapping
Computersicherheit
Offene Abbildung
E-Mail
Analytische Fortsetzung
Gerade
Auswahlaxiom
Verschiebungsoperator
Metropolitan area network
Softwaretest
Datennetz
Elektronischer Programmführer
Computersicherheit
Profil <Aerodynamik>
Strömungsrichtung
Partielle Differentiation
Biprodukt
Ereignishorizont
Gruppenoperation
Dienst <Informatik>
Computerschach
Garbentheorie
Menge
Wurzel <Mathematik>
Rechter Winkel
Zahlenbereich
Login
Beweistheorie
Ablöseblase
Server
Cloud Computing
Programmierumgebung
Instantiierung
Fehlermeldung
Geschwindigkeit
Orientierung <Mathematik>
Subtraktion
Kontrollstruktur
Selbst organisierendes System
Wasserdampftafel
Klasse <Mathematik>
Mathematisierung
Abgeschlossene Menge
Unternehmensarchitektur
Domain-Name
Informationsmodellierung
Flächentheorie
Abstand
Attributierte Grammatik
Open Source
Verzweigendes Programm
Gamecontroller
Attributierte Grammatik
Wort <Informatik>
Horizontale
Streuungsdiagramm
Resultante
Turnier <Mathematik>
Bit
Prozess <Physik>
Punkt
Gemeinsamer Speicher
Dokumentenserver
Formale Sprache
Versionsverwaltung
Gruppenkeim
Sondierung
Synchronisierung
Datenmanagement
Serielle Schnittstelle
Wärmeübergang
Bildauflösung
Umwandlungsenthalpie
Nichtlinearer Operator
Parametersystem
Prozess <Informatik>
Synchronisierung
Dokumentenserver
Abfrage
Quantifizierung
Prozessautomation
Programmierumgebung
Quellcode
Frequenz
Arithmetisches Mittel
Automatische Indexierung
Autonomic Computing
Information
Versionsverwaltung
Standardabweichung
Codebuch
Computervirus
Gewicht <Mathematik>
Quader
Zahlenbereich
Implementierung
Nonstandard-Analysis
Task
Datensatz
Multiplikation
Task
Software
Arbeitsplatzcomputer
Quantisierung <Physik>
Zusammenhängender Graph
Softwareentwickler
Grundraum
Implementierung
Touchscreen
Streuungsdiagramm
Konfigurationsraum
Validität
Kontinuierliche Integration
Einfach zusammenhängender Raum
Physikalisches System
Cloud Computing
Ordnungsreduktion
Design by Contract
Mapping <Computergraphik>
Modallogik
Ganze Funktion
Mereologie
Verkehrsinformation

Metadaten

Formale Metadaten

Titel DevOps in the Intelligence Community
Serientitel ChefConf 2016
Autor Kristan, Michael
Lizenz CC-Namensnennung - Weitergabe unter gleichen Bedingungen 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen und nicht-kommerziellen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen und das Werk bzw. diesen Inhalt auch in veränderter Form nur unter den Bedingungen dieser Lizenz weitergeben.
DOI 10.5446/34629
Herausgeber Confreaks, LLC
Erscheinungsjahr 2016
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract The National Geospatial-Intelligence Agency has adopted open source software development and cloud computing as technology initiatives that are very important to furthering its strategic objectives. This represents a huge cultural shift from the way its software development is currently done. Part of this effort involves an adoption of DevOps and automated provisioning of infrastructure. MITRE participated in a pathfinder effort to migrate legacy applications to a cloud architecture provisioned by Chef. I'll discuss the challenges of regularly merging that open source code back into various closed, disconnected networks.

Ähnliche Filme

Loading...
Feedback