Sunday, November 01, 2009

CSE 2015

Thanks to information published by Peter Kovessy in the Ottawa Business Journal ("Feds begin P3 procurement to build massive east-end spy HQ," Ottawa Business Journal, 24 September 2009), we're starting to get a clearer picture of what CSE could look like once its new headquarters complex is finished in 2015.

Two construction projects are underway or soon to be underway at the new site. The Mid-Term Accommodation Project, announced in 2008, involves construction of a $70-million, 6000-square-metre building (see blog posts here and here). The second, the Long-Term Accommodation Project, announced earlier this year, will be a much larger, $880-million building that will host the remainder of CSE's Ottawa-based staff.

Staff build-up continues

According to Kovessy's report, recently released solicitation documents indicate that approximately 2000 employees and contractors will occupy the LTAP building. Together, the two buildings will hold a total CSE employee/contractor workforce of some 2250. That's more than 500 more than CSE's current 1717 FTEs and more than 400 more than the 1817 FTEs projected for fiscal year 2011-12 (the latest date for which public projections are available)!

A certain amount of uncertainty is introduced into these calculations by the fact that contractors are included in the 2000 figure. But I'm guessing that the contractors in question will consist mainly, if not entirely, of the 130-200 maintenance and support positions that CSE is planning to privatize as part of the public-private partnership arrangement that will build the building. If that's the case, then in functional terms the increase in CSE's workforce will indeed be more than 500.

This previously unacknowledged expansion will leave the agency two and a half times as large as it was at the end of the Cold War.

An enormous and expensive new HQ

The solicitation documents also show that the gross size of the LTAP building will be 82,700 square metres (890,000 square feet). Previous news releases had acknowledged only that the building would have 72,000 sm of "rentable space" (see my earlier blog posting here).

This is a huge amount of space by normal standards. As I noted in that earlier posting, CSE has typically allotted around 25 square metres gross space per employee. The MTAP building comes in at about 24 sm. GCHQ's relatively new headquarters also provides around 24 sm per employee. The LTAP building works out to 41 sm per person!

It's also an extraordinarily expensive building. The high-security annex to CSE's Sir Leonard Tilley building, constructed in the 1989-1992 period, was built for about $400 per square foot in today's dollars. The new addition to the CSIS building that's about to be built is also projected to cost about $400 per square foot. At a projected cost of $880 million, the LTAP will work out to nearly $1000 per square foot!

Thus, by "normal" standards we might expect the 2000 people in the LTAP to be accommodated in a building of about 48,000 sm (510,000 sf) costing a total of about $200 million.

What could possibly explain a nearly empty, $680-million, 35,000 sm (380,000 sf) addition to the LTAP?

The Charles N. Hellyer Computer Centre

The most plausible explanation, I think, is a gigantic computer centre. I will call this hypothetical facility the Charles N. Hellyer Computer Centre, not because I have any evidence that CSE is planning to call it that but because I think they should call it that. (Chuck Hellyer headed Canada's SIGINT computer operations from the founding of the Joint Machine Unit in 1943 until his retirement from CBNRC in December 1974.)

A 380,000-square-foot computer centre is one huge computer centre, but it is not beyond the realm of possibility. At one-million square feet, the data centre that NSA is planning to build at Camp Williams, Utah will be more than two and a half times as large. The Camp Williams facility is budgeted to cost US$1.6 billion, or about $1725 per square foot in Canadian dollars. My crude calculations put the cost of the Hellyer Computer Centre at an essentially identical $1790 per square foot, so this cost figure also appears to be plausible.

A whole lotta computers

There may be other explanations for some or all of the "excess" space in the new CSE headquarters. But if the Hellyer Computer Centre hypothesis is anywhere near correct, we're talking about a whole lotta computers. Presumably it would contain a mix of very high performance supercomputers, for such tasks as cryptanalysis and data mining, and vast data storage capabilities. (The Utah data center, by contrast, will be mainly data storage.)

By 2015, when the building is scheduled to open, we could looking at supercomputers capable of 100 to 250 petaflops (the fastest in the world is currently about 1.7 petaflops) and storage capabilities of 5 or more exabytes. These are outrageously large numbers, I know. But with internet traffic projected to hit 1 zettabyte (I swear I'm not making these terms up!) by 2015, they may be small compared to what the SIGINT agencies would like to have.

More power!

The other thing worth noting about the Hellyer Computer Centre hypothesis is that if it's anywhere near correct, they're going to need a whole lot of electrical power at the new CSE campus. Current petaflop computers use multi-megawatts of power. The NSA is projecting that the Utah Data Center will consume 65 megawatts. If the Hellyer Center used a proportionate amount of power, it would consume about 25 megawatts, or about 3.5% of Ottawa's entire electrical power consumption.

Big numbers all. But if your ambition is to "master the internet", as CSE Chief Adams put it a few years ago, you have to think big.

Image: Billion Dollar Brain, Keystone/Getty Images


Blogger Milan said...

Would all this computing power mostly be for combing through huge amounts of plaintext, or do you think some (or most) of it would be devoted to breaking into ciphertext.

I am quite curious about how capable organizations like the CSE and NSA are, when it comes to breaking the sort of symmetric and public key systems now widely available in commercial products.

November 02, 2009 3:22 pm  
Anonymous Anonymous said...

Thanks Bill. As always, you leave us thinking. What are we to make of the facts that, 1. CSE-HQ is going in right next to CSIS-HQ, 2. that the Federal Court decision you wrote about last month would seem to open the door to far more joint operations on the collection side, and, 3. the new CSIS head just gave a lengthy public speech (at CASIS conference) on the fact the Service now is retaining all its intercept material on a permanent basis?

November 03, 2009 12:38 pm  
Blogger Bill Robinson said...

@ Milan:
Plaintext I think they can handle pretty easily regardless of volume. The high-end computing is more likely for cryptanalysis, and maybe for advanced data mining. The effectiveness of CSE's cryptanalytic capabilities is probably one of the deepest secrets the agency has. They're certainly not giving me any clues! My guess, however, is that unless they have made mathematical advances that the open world has not or have access to secret backdoors (possible, but probably not too likely), CSE probably would have difficulty doing a straight cryptanalytic break into most commercial encryption products. But mathematical security is only one aspect of cryptosecurity. It all goes out the window if you choose a crappy password or a keystroke logger captures your password or a tempest attack picks up your plaintext or a trojan horse cripples your encryption system, etc., etc. I wouldn't put much stock in encryption if the three-letter agencies know who and where you are and they really want to know what you're encrypting.

@ Anonymous:
I don't know what to make of the proximity to CSIS. The main issue was probably finding a suitably sized site, not too far out of the city, with room for a large complex set well back from the road for security. I'm not sure that being next door to CSIS will make much practical difference to the level of cooperation between the two agencies. Something to watch though.

November 05, 2009 5:25 pm  
Blogger Milan said...

But mathematical security is only one aspect of cryptosecurity.

Absolutely. A huge chunk of those using encryption probably have the key stored in plaintext in some temporary file, document, email, etc. In cases where that isn't true, a lot of keys are vulnerable to dictionary attacks.

The algorithm itself is usually the toughest thing to crack.

November 16, 2009 5:18 pm  
Blogger Milan said...

I see the usefulness of cryptography more in the vein 'if somebody steals my computer, they shouldn't be able to access these files.' Not in the vein 'if the NSA decides to start probing my OS for vulnerabilities, they won't be able to access these files.'

November 16, 2009 5:19 pm  

Post a Comment

Links to this post:

Create a Link

<< Home