RSS
Home
CIA's computers stumble over security obsession
Print
Email
RSS
Subscribe
US Enigma machine replica at US National Cryptologic Museum
The last time I turned on a CIA computer, which was about ten years ago, it took a half hour or so for it to boot up, prompt me for a bunch of passwords, and finally become usable.
That’s at least six percent of the Federal work day, by the way, for those who are interested in fraud and waste and abuse.
There was even a lame animation of a boat rowing or a dog chasing a car or an old steam train going by--slowly and jerkily--supposedly to let impatient users know that ‘something’ was happening under the hoods of the computers in their cubicles.
A couple of headlines in the past couple week are reminders that little has changed in the past decade for how America’s spies do their computing.
A few weeks ago, Marc Ambinder of The Atlantic reported that senior information technology managers in the intelligence community closed uGov and Bridge, both well-used and apparently beloved interagency systems that allowed intelligence workers to collaborate and send classified emails back and forth between the various spy agencies. These classified interagency systems were attempts at remediating what the 9/11 commission and numerous other blue ribbon panels had identified as poor information sharing between Federal agencies.
And Jill Tummler Singer, a senior CIA IT official, told a meeting of top IT industry leaders that intelligence agencies will embrace new cloud computing technology, which promises to save money by storing data and applications in central server locations out in ‘clouds’ somewhere in cyberspace, instead of on a zillion individual users’ computers.
Except, said Singer, that the intelligence community will use its own private, hermetically sealed clouds.
Which is kind of like saying, “I'm too cheap to buy books, so I check them out of the public library for free. But I don’t like all those other people in the library touching books I read. So I’ll just buy my own public library that no one else can use.”
It’s worth noting at this point that most of the information already on US intelligence computer networks isn’t even classified, and that when it is classified, there’s a good chance that it shouldn’t be. Even Director of National Intelligence Dennis Blair admitted during his confirmation testimony, "There is a great deal of over-classification." The Federation of American Scientists, the Government Accountability Office, and more of those aforementioned blue ribbon panels that have been decrying gratuitous over-classification of documents for decades.
What’s at work with these common sense-defying IT policies are two eternal verities of dysfunctional intelligence culture.
One is that phenomenon, explored regularly by FAS and countless critiques of the culture of secrecy, of over-classifying all intelligence-related information, whether or not it really needs to be. The corollary to this principle is that sharing access to sensitive information with other US government agencies, which have their own cultures and processes of secrecy, is just as harmful as sending the information directly to major media outlets or to the headquarters of an adversary nation’s intelligence service.
The other is the intelligence community’s resistance to IT innovation, whose roots are complex.
Partly, paranoia and fear, related to the aforementioned over-classification reflex, rule the day in classified IT.
Other factors: the government’s inability to attract and retain top-notch IT professionals (not just an intelligence community problem, by the way), and the consequent reliance on a few metastasized Federal contractors who are masters at navigating the process of Federal sales and contracting, but abysmal when it comes to actual IT innovation.
Microsoft, Oracle, Apple, Amazon, Twitter, Cisco, RIM--have nothing to fear from the creative brain trusts in the Federal business development units of SAIC, Northrop Grumman, Booz Allen or others whose names are emblazoned on shiny office towers up and down the Dulles Corridor here in Washington, who lead the IT industry in three-ring binder-bound Federal proposal production, and little else.
Closure of that classified interagency email system? Chances are that it was shut down as the result of one or a handful of security ‘incidents’--likely highly sensitive compartmented information that got distributed a little too broadly, but within the confines of a highly controlled, classified system. Add to that the tendency for intelligence IT professionals to see the world in terms of ‘damage control,’ rather than ‘risk management,’ and it’s easy to imagine an overblown reaction to a relatively minor incident resulting in the uGov’s shutdown.
A Federal criminal case that emerged in the past couple months centered on just such an incident. When National Geo-Spatial Intelligence Agency employee and classified email user Brian Keith Montgomery received a link to a sensitive, compartmented, classified database at another intelligence agency via classified email, he clicked through, ignored a warning against unauthorized access, but was allowed access to the database anyway. Montgomery was brought up on charges in Federal court for the unauthorized access incident. Wired.com's Kevin Poulsen reported that the charges against Montgomery have since been dropped in a plea deal.
However, there is no indication that the sender of the classified email containing the link to the compartmented database, or the administrator whose lax access controls allowed Montgomery to access the database, were ever brought up on Federal charges for their role in facilitating unauthorized access to sensitive information.
Nonetheless, there was probably not a careful, holistic study of how damage from one or a few incidents stacked up against the larger benefits of a collaborative, interagency email system, such as gains in productivity and increased information sharing between intelligence, law enforcement, and homeland security agencies.
Unfortunately, there seems to be little progress since the days of those half-hour computer boot-ups. With a budget of $75 billion--and the vital mission of protecting the nation--it sure seems like the Intelligence Community could do a better job with its information technology.
Related Articles:
Comments
.jpg)
