Slashdot Mirror

← Back to Stories (view on slashdot.org)

IT at the CIA

Posted by michael on from the homesec dept.

neocon writes "The current issue of the CIA's Studies in Intelligence (unclassified edition, natch) has an article on the state of IT within the CIA, titled 'Failing to Keep Up With the Information Revolution', which looks at how the agency has fared in staying up to date both with information security needs and with promising new technologies."

22 of 314 comments (clear)

  1. What the CIA needs: by Anonymous Coward · · Score: 4, Insightful

    less technical assets, more people in the field.

    1. Re:What the CIA needs: by Skyshadow · · Score: 4, Insightful
      I agree that there has been way too much dependance on electronic survailance in the past couple of decades. This has left us in a uniquely bad position to deal with threats from decentralized terrorist-type outfits. That's hard to argue.

      On the other hand, there's a lot more to technical assets than just spy satellites and evesdropping on phone calls. Specifically, the intelligence community needs to concentrate on technologies that will let them "know what they know", especially in the face of an exponential amount of available data.

      Example: Knowing that a terrorist is about to strike and knowing who and where they are is useless if one person knows about the threat, one person knows who the terrorist is and the location is in some obscure database (which is pretty much what happened on 9-11). It's only when that information is brought together that it becomes useful.

      Again, however, the CIA has dropped the ball on human assets in recent years, mostly because they (and the people who fund them) lacked the imagination to envision the new threats in the post-Soviet era. Hopefully, this is something that's being corrected as we speak.

      --
      Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
    2. Re:What the CIA needs: by tha_mink · · Score: 5, Insightful

      less technical assets, more people in the field.

      And you're qualified to make that assessment how exactly?

      --
      You'll have that sometimes...
    3. Re:What the CIA needs: by Dr.+Scott · · Score: 3, Insightful
      NATO wanted to know the bore of the gun of a Soviet tank. There was one in East Germany. The US used satellites at a cost of millions of dollars. The British used someone to break into the facility to measure the bore. The cost was to replace the lock but the person who did it risked his life. The French took a Russian officer out to dinner, after having plied him with good food and lots of alcohol and just asked the him what the bore was.

      Not an anecdote, but an old joke, I think. And there's some truth to it. But that truth cuts both ways. Americans and Brits expend great effort to find out what the bore dimension is. The French are satisfied to learn what a drunken Russian officer says it is. That's not the same thing at all.

  2. Sounds like your typical govt agency by esconsult1 · · Score: 4, Insightful
    In my experience, it seems that politics and top down systems design without allowing for filtering up of ideas -- as it typical in most large orgs -- is responsible for this state of affairs.

    What makes an org nimble is when they listen to the people who actually dig the trenches. There is no difference in this case, between the CIA, and say, GM.

    --

    Newsfollow.com

    1. Re:Sounds like your typical govt agency by ianscot · · Score: 4, Insightful
      What makes an org nimble is when they listen to the people who actually dig the trenches. There is no difference in this case, between the CIA, and say, GM.

      Working in a big corporate organization, I couldn't agree more wholeheartedly. You can see a million little bureaucratic failings in something like the CIA or the FBI, and they'll remind you of stuff the senior director at your company once did. Colleen Rowley's memo read like my dang diary -- the way they wouldn't even try for a warrant except under the circumstances they were accustomed to was sooo very typical, and the subsequent promotion of the higher-up who wouldn't pursue Moussaui was dead-on corporate America.

      (Makes me wonder why we talk so much about electing people who have business experience leading these enormous companies to public office... The CEO of United Airlines is as out-of-touch with the world of cause and effect as anyone out there.)

      --
      "Fundamentalism" isn't about divine morality. It's about human authority.
  3. They are lying by bstadil · · Score: 3, Insightful
    They are lying.

    This is just a plug for more resources. Do you really believe they would publish this if it was true.

    Today Sig at /.

    What upsets me is not that you lied to me, but that from now on I can no longer believe you. -- Nietzsche

    is uncanny prescient.

    --
    Help fight continental drift.
  4. Way off base by mental_telepathy · · Score: 5, Insightful

    As far as I can tell, the author's main concern is that the CIA is not keeping up with the private sector due to security constraints. All I can say is, thank God. Any recent security poll will tell you that corporations have multiple security incidents per year, even if they take an active interest in security. Do we really want the CIA to publish a statement saying some script kiddie is publishing the names of suspected terrorists?

  5. Not Exactly... by DesScorp · · Score: 4, Insightful

    "Again, however, the CIA has dropped the ball on human assets in recent years, mostly because they (and the people who fund them) lacked the imagination to envision the new threats in the post-Soviet era".

    While the intelligence community did indeed have a lack of vision with post-Soviet threats, the biggest reason for the dropoff in human assets was a combonation of over-reliance on gee-whiz technologies, like satellite surveilance, and just plain El-Cheapo budgeting on the part of Congress. Basically, after 1991, the attitude was "what do we need spies for? We've got satellites now". After September 11th, when the media was ravaging the CIA for not preventing the attacks, Tom Clancy was interviewed, and his comments were right on the ball. He basically said "Look, we castrated the CIA, and now you're surprised that the agency is ineffective?". That barb was aimed especially at media members and Congressmen that were in such a hurry to save money by cutting personnel.

    --
    Life is hard, and the world is cruel
  6. Presentation by CSIS dude by Anonymous Coward · · Score: 1, Insightful

    As a matter of fack this is a rather interesting subject . I recently heard a presentation from the organaztion conserned for the whole IT security of canada (including CSIS) . They only recently implemented an IDS system on one DOD network , which logged an amazing 56,000 "attack attempts" (people port scanning) . 1,000 were serious (is there any windows shares?) and 56 had obtained access to the DoD network . Now this network was not a honeypot (actual production network) , so its kinda of scary . They do actually have some firewalls implace but they arent very effective (more than 1/2 of those 56 access obtained occured on "protected" networks) . Now it is highly probably that all these numbers were exegerated (or not) as they want more money .

  7. Re:firewall? we don't need no stinkin' firewall! by JohnnyCannuk · · Score: 4, Insightful

    Otherwise known as "sneaker net"...

    Seems better than a firewall to me. They can't hack you if you're not on the network. Isolated networks are always more secure than public ones, as long as the location they are at is physically secure and trust me, places like CSIS, CSE (our NSA) and the Mounties are VERY secure.

    Besides, your "friend" could lose his job if he told you what firewall they use on their public facing networks....

    --
    Never by hatred has hatred been appeased, only by kindness - the Buddha
  8. "Military Intelligence" is an oxymoron by djeaux · · Score: 3, Insightful
    I know it's a cliché, but it's true.

    I agree with the poster down the page who opined that what the CIA needs is more people in the field. Look around the typical IT department & ask yourself, "Are these geeks the kind of folks I want providing vital information to the guys who have their fingers on the nuclear button?"

    It's pretty obvious -- regardless of your position on operation Iraqi "Freedom" -- that electronic surveillance is not very reliable without plenty of dirty on-the-ground spying. Another way to put it is "Where are all those WMDs?" We saw the "pictures"...

    --
    "Obviously, I'm not an IBM computer any more than I'm an ashtray" (Bob Dylan)
  9. not clear on the concept by gclef · · Score: 4, Insightful

    The first part of his analysis reads very clearly like someone who didn't bother to understand the business he was advising before spouting off. (This is a common problem with consultants.)

    He dismisses the security concerns that prevent a lot of technology deployment as risk elimination rather than risk management, and says that this attitude hurts IT deployment within the CIA. The thing is, he says this without understanding that the CIA's risk profile is *totally* different from a business risk profile. The CIA can not take risks that a business can, as lives, not dollars, are at stake in the work they do. Any actual security consultant who made that mistake would (should) be fired on the spot.

    Granted, it sounds like his other recommendations (streamlining procurement, merging different IT groups within the CIA) are reasonable, but as a security person, that first paragraph just set me off.

    1. Re:not clear on the concept by gclef · · Score: 2, Insightful
      I disagree. Look at one of his recommendations:
      The most critical upgrade for the DI is deploying a fully integrated workstation that allows DI analysts to move easily among programs, databases, and security levels. In addition, the DI should put a high priority on introducing SIPRNET-- DoD's SECRET-level network--into each workstation. SIPRNET may become the nucleus of a secure communications system for homeland security (that will include law enforcement and emergency response personnel, in addition to a broad set of military users). Use of SIPRNET would also give DI analysts an IT platform that is less restricted than their current, highly classified network. This would allow them to communicate and publish products in a large, but reasonably secure environment.
      There's a good idea buried in there: get SIPRNET onto analyst's desktops. Unfortunately, it's buried in bad ideas....and don't even start me on the phrase "reasonably secure environment."
  10. Re:CIA Humint - Sigint - Remote Sensing by fussman · · Score: 5, Insightful
    1983 Hezbollah attacks on France/US missed
    1983 Marxist revolt in Granada missed
    1989 Czech border reforms missed
    1989 E. Germany fall missed
    1990 Iraqi invasion of Kuwait missed
    1991 Coup attempt in USSR missed
    1992-94 Islamists in Somalia missed
    1993 Bombing of WTC missed
    1998 African Embassy bombings missed
    1999 Attempt on DDG Sullivans missed
    2000 Bombing of Cole missed
    2001 WTC/Pentagon missed

    Of course, it it always easier to look at the flaws of something rather that the strengths in the same area. How many things did they not 'miss' and actually have an unskilled civilian populace know about it?

    --
    Support Israeli punk bands. Man Alive.
  11. Not a fair accounting.... by DesScorp · · Score: 5, Insightful

    Like any govermnet agency, CIA is going to screw up from time to time. But even if they had everything they wanted, they STILL couldn't be omniscient.

    Part of the problem is that CIA can't publicly talk about their successes much, for fear of jeapordizing personnel or methods. And even when they DO publicly make accurate predictions, often they're ignored.

    The perfect example of this happened in 1983. The CIA released a report called "Terminal Giants". It was either ignored or written off as "Reagan-esque right wing propoganda" by the media and leftist politicians. The prediction of the report? That the USSR's economy was dying because of excessive military spending, and that the Soviet Union could collapse within ten years.

    Nobody believed them. And to this day, CIA still doesn't get credit for that prediction.

    --
    Life is hard, and the world is cruel
  12. Re:CIA Humint - Sigint - Remote Sensing by stratjakt · · Score: 5, Insightful

    And what happened this memorial day weekend?

    What happened at the millenium celebrations?

    You can only compile a list of the misses, not hits. You have absolutely no idea what they've prevented.

    --
    I don't need no instructions to know how to rock!!!!
  13. Re:CIA Humint - Sigint - Remote Sensing by banzai51 · · Score: 4, Insightful

    1989 Czech border reforms missed

    1989 E. Germany fall missed

    1991 Coup attempt in USSR missed

    I don't know about the rest of the list, but those listed above were not 'missed'. The CIA was dead on in thier prediction of these events. Wether or not the leaders in charge heeded these assessments is another story.

    Plus, you'll never hear of the successes. CIA foils a bomb plot, bombing never happens, thus news never covers the event. So how sure are you that the CIA is ineffective?

  14. Re:CIA Humint - Sigint - Remote Sensing by f97tosc · · Score: 3, Insightful

    I read the Hunt for Bin Laden which is about the Green Berets in Afghanistan which doesn't have anything nice to say about CIA either.

    The conflict in Afghanistan was revolutionary because of CIA. They were there before any of the armed forces and they basically won the war by bribing/ persuading different fraction to join up against the Taliban.

    Also, has it occured to you that in the set of failed and successful CIA activities there is an extreme bias in which ones you ever hear about?

    Tor

  15. Re:CIA Humint - Sigint - Remote Sensing by Anonymous Coward · · Score: 1, Insightful

    Without knowing about all the successes that you will, by definition, never know about, you have no way of evaluating whether they outweigh the failures. The only people qualified to judge the effectiveness of the CIA are those with way more security clearance than you.

  16. Re:CIA Humint - Sigint - Remote Sensing by EverDense · · Score: 3, Insightful

    The conflict in Afghanistan was revolutionary because of CIA. They were there before any of
    the armed forces and they basically won the war by bribing/ persuading different fraction to
    join up against the Taliban.

    At the end of the day, they were just cleaning up the mess they created in the first place.

    --
    http://jesus.everdense.com/
  17. Risk management still applies by Goonie · · Score: 2, Insightful
    If the CIA makes a bad call because their IT systems made it impossible or too hard to retrieve important information people can die just as easily as a security breach.

    Risk management is still the right way to do this - it's just that the risks on both sides of the ledger can sometimes be much higher.

    --

    Any sufficiently advanced technology is indistinguishable from a rigged demo
    --Andy Finkel (J. Klass?)