GEOAxIS Secures Intelligence & Efficiency for the NGA
The National Geospatial-Intelligence Agency (NGA) is the United States’ primary source of geospatial intelligence, also called GEOINT. NGA’s GEOINT data supports U.S. national security and defense, as well as disaster relief efforts worldwide. With 14,500 government civilians, military members and contractors working in multiple locations worldwide, it is essential that access to the numerous information technology (IT) tools that capture and analyze GEOINT data is simple, secure, and fast.
NGA employees leverage hundreds of GEOINT applications through differing environments in order to collect, analyze, store, and share GEOINT data or relevant intelligence findings. Additionally, GEOINT data can be in multiple formats, and have varying classification levels –from unclassified information shared with the public, to the most secure types of information shared with intelligence officials and the President, for example.In 2016, NGA director Robert Cardillo re-emphasized his desire for the agency to become an integrated and interoperable enterprise, capable of swiftly responding to the complex and interconnected security threats facing the country. NGA needed to enhance workflow efficiencies and information sharing, while preserving two-factor authentication and other federally mandated security requirements.
Secure and efficient access to GEOINT data is a top priority for NGA, as well as for the entire intelligence community and U.S. military members who rely on this information for decision-making support. In addition to the varying nature and classification levels of the data, different people or roles often require specific types of access to information, and use multiple applications to carry out their given tasks. For example, an NGA analyst using a GEOINT application might be allowed to access a map for a particular section of a country, but not be permitted to zoom in to see detailed notes that require higher-level permissions, or that are housed in another application.
To gain access to NGA applications staff had to enter usernames, passwords and other information to verify their identities and confirm their data authorization levels – and they had to re-enter credentials each time they accessed a different application. Repeatedly verifying identities inhibits the interoperable environment NGA aims to achieve, and fails to provide a single-sign on user experience. Frequent log-ins to multiple applications per day, or even simultaneously, is not only time-consuming, but also disruptive to employees’ workflow, particularly for deadline-intensive projects. In addition cyber-security awareness and protecting the data and only disseminating data to known trusted individuals, and subsequently having an audit trail, was of paramount importance to accomplishing the NGA mission. Thus NGA sought to resolve this dilemma through the Geospatial Intelligence Access and Information Sharing (GEOAxIS) program, which began in March, 2011.
As a major step toward enabling an interoperable environment, NGA is transitioning from site-based data centers to secure cloud-based centers for application hosting and other aspects of its IT infrastructure. This change in platforms allows for easier integration of two-factor identity authentication and single sign-on capabilities, thus creating a more efficient workflow.
NGA partnered with Leidos to manage the GEOAxIS program, providing end-to-end engineering, design, development and sustainment support. Through GEOAxIS, Leidos protects enterprise applications and GEOINT data from cyber-related vulnerabilities with a two-step identification verification process while improving workflow with single sign-on capabilities to revolutionize user experience for NGA user community.
Now, with GEOAxIS, NGA employees and end users accessing NGA data first authenticate their identity with some form of manually entered data (such as a strong password), and leverage a secondary piece of information using an item they possess, such as a smart badge or token. The two-factor authentication provides for multiple layers of security, ensuring validated users only gain access to NGA applications and GEOINT data.
After securely performing this login sequence only once, the “single sign on” capability enables employees and GEOINT consumers to access to all their missioncritical applications without performing any additional log-ins unless they actively exit the system - even when employees simultaneously log in to applications hosted in different environments (cloud or data-center). In addition, once an employee logs in, the customized GEOAxIS program and technology managed by Leidos supports exposing data to end users and employees so long as they meet the designated security level requirements of GEOAxIS-protected applications as defined by the security/access policies.
Prior to GEOAxIS, data access privileges were less flexible, resulting in information silos between stakeholders, and individual systems required to build their own identity stores. The robust architecture of GEOAxIS enhances collaboration among employees and NGA user community while adhering and maintaining optimal cyber-security practices to protect the NGA enterprise.
To date, the Leidos team supports over 160 mission-critical applications for NGA in 17 data center and cloud environments. The seamless and secure workflow created through GEOAxIS helps NGA achieve its interoperability and integration goals in three key ways:
- Empowering employees with common tools and standards
- Automating and orchestrating access enterprise-wide
- Making more geospatial content available to authorized users through an open, dynamically updated multi-domain architecture
In the coming years, Leidos will continue to secure intelligence information while further integrating GEOAxIS capabilities across multiple security levels and workflows. This comprehensive information exchange allows intelligence professionals, first responders, warfighters and policymakers to access and share the information they need to support global security priorities.